* [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20
@ 2023-12-12 12:17 Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 01/31] linux-user: xtensa: fix signal delivery in FDPIC Michael Tokarev
` (22 more replies)
0 siblings, 23 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-stable, Michael Tokarev
The following patches are queued for QEMU stable v8.1.4:
https://gitlab.com/qemu-project/qemu/-/commits/staging-8.1
Patch freeze is 2023-12-20, and the release is planned for 2023-12-22:
https://wiki.qemu.org/Planning/8.1
Please respond here or CC qemu-stable@nongnu.org on any additional patches
you think should (or shouldn't) be included in the release.
The changes which are staging for inclusion, with the original commit hash
from master branch, are given below the bottom line.
Thanks!
/mjt
--------------------------------------
01 1b173d06068c Max Filippov:
linux-user: xtensa: fix signal delivery in FDPIC
02 3efd8495735c Richard Henderson:
target/arm: Fix SME FMOPA (16-bit), BFMOPA
03 eabb92125066 Niklas Cassel:
hw/ide/ahci: fix legacy software reset
04 7d0fefdf81f5 Akihiko Odaki:
net: Provide MemReentrancyGuard * to qemu_new_nic()
05 9050f976e447 Akihiko Odaki:
net: Update MemReentrancyGuard for NIC
06 82d70a84c8ee Richard Henderson:
linux-user: Fix loaddr computation for some elf files
07 861f724d03e1 Thomas Huth:
tests/avocado: Replace assertEquals() for Python 3.12 compatibility
08 f0a663b4ced2 Philippe Mathieu-Daudé:
tests/avocado: Replace assertRegexpMatches() for Python 3.12 compatibility
09 301c65f49f96 Palmer Dabbelt:
linux-user/riscv: Add Zicboz block size to hwprobe
10 7a87ba8956e5 Daniel Henrique Barboza:
hw/riscv/virt.c: do create_fdt() earlier, add finalize_fdt()
11 a7472560ca5f Román Cárdenas:
riscv: Fix SiFive E CLINT clock frequency
12 82d53adfbb1a Ivan Klokov:
target/riscv/cpu_helper.c: Invalid exception on MMU translation stage
13 6bca4d7d1ff2 Ivan Klokov:
target/riscv/cpu_helper.c: Fix mxr bit behavior
14 9fb7b350ba98 Fam Zheng:
vmdk: Don't corrupt desc file in vmdk_write_cid
15 11a3c4a286d5 Peter Maydell:
target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes
16 8d37a1425b99 Peter Maydell:
target/arm: Handle overflow in calculation of next timer tick
17 c9a4aa06dfce Philippe Mathieu-Daudé:
hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize()
18 896dd6ff7b9f Philippe Mathieu-Daudé:
hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array on finalize()
19 49b3e28b7bdf Philippe Mathieu-Daudé:
hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] array on finalize()
20 4f10c66077e3 Philippe Mathieu-Daudé:
hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array
21 837053a7f491 Philippe Mathieu-Daudé:
hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field
22 235948bf5386 Gihun Nam:
hw/avr/atmega: Fix wrong initial value of stack pointer
23 74e8593e7e51 Volker Rümelin:
hw/audio/hda-codec: fix multiplication overflow
24 714a1415d7a6 Akihiko Odaki:
pcie_sriov: Remove g_new assertion
25 20bc50137f3a Philippe Mathieu-Daudé:
hw/acpi/erst: Do not ignore Error* in realize handler
26 2d37fe9e5e61 Robert Hoo:
msix: unset PCIDevice::msix_vector_poll_notifier in rollback
27 6f189a08c1b0 Antonio Caggiano:
ui/gtk-egl: Check EGLSurface before doing scanout
28 53a939f1bf8e Volker Rümelin:
ui/gtk-egl: move function calls back to regular code path
29 ebfbf3946711 Fiona Ebner:
ui/vnc-clipboard: fix inflate_buffer
30 f7767ca30179 Peter Maydell:
target/arm: Disable SME if SVE is disabled
31 2b8fe81b3c2e Patrick Venture:
system/memory: use ldn_he_p/stn_he_p
^ permalink raw reply [flat|nested] 24+ messages in thread
* [Stable-8.1.4 01/31] linux-user: xtensa: fix signal delivery in FDPIC
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 02/31] target/arm: Fix SME FMOPA (16-bit), BFMOPA Michael Tokarev
` (21 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-stable, Max Filippov, Richard Henderson, Michael Tokarev
From: Max Filippov <jcmvbkbc@gmail.com>
In FDPIC signal handlers are passed around as FD pointers. Actual code
address and GOT pointer must be fetched from memory by the QEMU code
that implements kernel signal delivery functionality. This change is
equivalent to the following kernel change:
9c2cc74fb31e ("xtensa: fix signal delivery to FDPIC process")
Cc: qemu-stable@nongnu.org
Fixes: d2796be69d7c ("linux-user: add support for xtensa FDPIC")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
(cherry picked from commit 1b173d06068c4a4e93fad88205399232925967a4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/linux-user/xtensa/signal.c b/linux-user/xtensa/signal.c
index f5fb8b5cbe..32dcfa5229 100644
--- a/linux-user/xtensa/signal.c
+++ b/linux-user/xtensa/signal.c
@@ -157,6 +157,9 @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
{
abi_ulong frame_addr;
struct target_rt_sigframe *frame;
+ int is_fdpic = info_is_fdpic(((TaskState *)thread_cpu->opaque)->info);
+ abi_ulong handler = 0;
+ abi_ulong handler_fdpic_GOT = 0;
uint32_t ra;
bool abi_call0;
unsigned base;
@@ -165,6 +168,17 @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
frame_addr = get_sigframe(ka, env, sizeof(*frame));
trace_user_setup_rt_frame(env, frame_addr);
+ if (is_fdpic) {
+ abi_ulong funcdesc_ptr = ka->_sa_handler;
+
+ if (get_user_ual(handler, funcdesc_ptr)
+ || get_user_ual(handler_fdpic_GOT, funcdesc_ptr + 4)) {
+ goto give_sigsegv;
+ }
+ } else {
+ handler = ka->_sa_handler;
+ }
+
if (!lock_user_struct(VERIFY_WRITE, frame, frame_addr, 0)) {
goto give_sigsegv;
}
@@ -185,14 +199,21 @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
}
if (ka->sa_flags & TARGET_SA_RESTORER) {
- ra = ka->sa_restorer;
+ if (is_fdpic) {
+ if (get_user_ual(ra, ka->sa_restorer)) {
+ unlock_user_struct(frame, frame_addr, 0);
+ goto give_sigsegv;
+ }
+ } else {
+ ra = ka->sa_restorer;
+ }
} else {
/* Not used, but retain for ABI compatibility. */
install_sigtramp(frame->retcode);
ra = default_rt_sigreturn;
}
memset(env->regs, 0, sizeof(env->regs));
- env->pc = ka->_sa_handler;
+ env->pc = handler;
env->regs[1] = frame_addr;
env->sregs[WINDOW_BASE] = 0;
env->sregs[WINDOW_START] = 1;
@@ -212,6 +233,9 @@ void setup_rt_frame(int sig, struct target_sigaction *ka,
env->regs[base + 3] = frame_addr + offsetof(struct target_rt_sigframe,
info);
env->regs[base + 4] = frame_addr + offsetof(struct target_rt_sigframe, uc);
+ if (is_fdpic) {
+ env->regs[base + 11] = handler_fdpic_GOT;
+ }
unlock_user_struct(frame, frame_addr, 1);
return;
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 02/31] target/arm: Fix SME FMOPA (16-bit), BFMOPA
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 01/31] linux-user: xtensa: fix signal delivery in FDPIC Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 03/31] hw/ide/ahci: fix legacy software reset Michael Tokarev
` (20 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Richard Henderson, Philippe Mathieu-Daudé,
Peter Maydell, Michael Tokarev
From: Richard Henderson <richard.henderson@linaro.org>
Perform the loop increment unconditionally, not nested
within the predication.
Cc: qemu-stable@nongnu.org
Fixes: 3916841ac75 ("target/arm: Implement FMOPA, FMOPS (widening)")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1985
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231117193135.1180657-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 3efd8495735c69b863476e9003e624877382a72d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/arm/tcg/sme_helper.c b/target/arm/tcg/sme_helper.c
index 296826ffe6..1ee2690ceb 100644
--- a/target/arm/tcg/sme_helper.c
+++ b/target/arm/tcg/sme_helper.c
@@ -1037,10 +1037,9 @@ void HELPER(sme_fmopa_h)(void *vza, void *vzn, void *vzm, void *vpn,
m = f16mop_adj_pair(m, pcol, 0);
*a = f16_dotadd(*a, n, m, &fpst_std, &fpst_odd);
-
- col += 4;
- pcol >>= 4;
}
+ col += 4;
+ pcol >>= 4;
} while (col & 15);
}
row += 4;
@@ -1073,10 +1072,9 @@ void HELPER(sme_bfmopa)(void *vza, void *vzn, void *vzm, void *vpn,
m = f16mop_adj_pair(m, pcol, 0);
*a = bfdotadd(*a, n, m);
-
- col += 4;
- pcol >>= 4;
}
+ col += 4;
+ pcol >>= 4;
} while (col & 15);
}
row += 4;
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 03/31] hw/ide/ahci: fix legacy software reset
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 01/31] linux-user: xtensa: fix signal delivery in FDPIC Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 02/31] target/arm: Fix SME FMOPA (16-bit), BFMOPA Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 04/31] net: Provide MemReentrancyGuard * to qemu_new_nic() Michael Tokarev
` (19 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Niklas Cassel, Marcin Juszkiewicz, Kevin Wolf,
Michael Tokarev
From: Niklas Cassel <niklas.cassel@wdc.com>
Legacy software contains a standard mechanism for generating a reset to a
Serial ATA device - setting the SRST (software reset) bit in the Device
Control register.
Serial ATA has a more robust mechanism called COMRESET, also referred to
as port reset. A port reset is the preferred mechanism for error
recovery and should be used in place of software reset.
Commit e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
(mjt: 16cc9594d23d in stable-8.1 series, v8.1.1)
improved the handling of PxCI, such that PxCI gets cleared after handling
a non-NCQ, or NCQ command (instead of incorrectly clearing PxCI after
receiving anything - even a FIS that failed to parse, which should NOT
clear PxCI, so that you can see which command slot that caused an error).
However, simply clearing PxCI after a non-NCQ, or NCQ command, is not
enough, we also need to clear PxCI when receiving a SRST in the Device
Control register.
A legacy software reset is performed by the host sending two H2D FISes,
the first H2D FIS asserts SRST, and the second H2D FIS deasserts SRST.
The first H2D FIS will not get a D2H reply, and requires the FIS to have
the C bit set to one, such that the HBA itself will clear the bit in PxCI.
The second H2D FIS will get a D2H reply once the diagnostic is completed.
The clearing of the bit in PxCI for this command should ideally be done
in ahci_init_d2h() (if it was a legacy software reset that caused the
reset (a COMRESET does not use a command slot)). However, since the reset
value for PxCI is 0, modify ahci_reset_port() to actually clear PxCI to 0,
that way we can avoid complex logic in ahci_init_d2h().
This fixes an issue for FreeBSD where the device would fail to reset.
The problem was not noticed in Linux, because Linux uses a COMRESET
instead of a legacy software reset by default.
Fixes: e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
Reported-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-ID: <20231108222657.117984-1-nks@flawful.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit eabb921250666501ae78714b60090200b639fcfe)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(mjt: mention 16cc9594d23d for stable-8.1)
diff --git a/hw/ide/ahci.c b/hw/ide/ahci.c
index d0a774bc17..1718b7e902 100644
--- a/hw/ide/ahci.c
+++ b/hw/ide/ahci.c
@@ -623,9 +623,13 @@ static void ahci_init_d2h(AHCIDevice *ad)
return;
}
+ /*
+ * For simplicity, do not call ahci_clear_cmd_issue() for this
+ * ahci_write_fis_d2h(). (The reset value for PxCI is 0.)
+ */
if (ahci_write_fis_d2h(ad, true)) {
ad->init_d2h_sent = true;
- /* We're emulating receiving the first Reg H2D Fis from the device;
+ /* We're emulating receiving the first Reg D2H FIS from the device;
* Update the SIG register, but otherwise proceed as normal. */
pr->sig = ((uint32_t)ide_state->hcyl << 24) |
(ide_state->lcyl << 16) |
@@ -663,6 +667,7 @@ static void ahci_reset_port(AHCIState *s, int port)
pr->scr_act = 0;
pr->tfdata = 0x7F;
pr->sig = 0xFFFFFFFF;
+ pr->cmd_issue = 0;
d->busy_slot = -1;
d->init_d2h_sent = false;
@@ -1243,10 +1248,30 @@ static void handle_reg_h2d_fis(AHCIState *s, int port,
case STATE_RUN:
if (cmd_fis[15] & ATA_SRST) {
s->dev[port].port_state = STATE_RESET;
+ /*
+ * When setting SRST in the first H2D FIS in the reset sequence,
+ * the device does not send a D2H FIS. Host software thus has to
+ * set the "Clear Busy upon R_OK" bit such that PxCI (and BUSY)
+ * gets cleared. See AHCI 1.3.1, section 10.4.1 Software Reset.
+ */
+ if (opts & AHCI_CMD_CLR_BUSY) {
+ ahci_clear_cmd_issue(ad, slot);
+ }
}
break;
case STATE_RESET:
if (!(cmd_fis[15] & ATA_SRST)) {
+ /*
+ * When clearing SRST in the second H2D FIS in the reset
+ * sequence, the device will execute diagnostics. When this is
+ * done, the device will send a D2H FIS with the good status.
+ * See SATA 3.5a Gold, section 11.4 Software reset protocol.
+ *
+ * This D2H FIS is the first D2H FIS received from the device,
+ * and is received regardless if the reset was performed by a
+ * COMRESET or by setting and clearing the SRST bit. Therefore,
+ * the logic for this is found in ahci_init_d2h() and not here.
+ */
ahci_reset_port(s, port);
}
break;
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 04/31] net: Provide MemReentrancyGuard * to qemu_new_nic()
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (2 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 03/31] hw/ide/ahci: fix legacy software reset Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 05/31] net: Update MemReentrancyGuard for NIC Michael Tokarev
` (18 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Akihiko Odaki, Alexander Bulekov, Jason Wang,
Michael Tokarev
From: Akihiko Odaki <akihiko.odaki@daynix.com>
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
In preparation for such a change, add MemReentrancyGuard * as a
parameter of qemu_new_nic().
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 7d0fefdf81f5973334c344f6b8e1896c309dff66)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup in hw/net/xen_nic.c due to lack of v8.1.0-2771-g25967ff69f
"hw/xen: update Xen PV NIC to XenDevice model")
diff --git a/hw/net/allwinner-sun8i-emac.c b/hw/net/allwinner-sun8i-emac.c
index fac4405f45..cc350d40e5 100644
--- a/hw/net/allwinner-sun8i-emac.c
+++ b/hw/net/allwinner-sun8i-emac.c
@@ -824,7 +824,8 @@ static void allwinner_sun8i_emac_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_allwinner_sun8i_emac_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/net/allwinner_emac.c b/hw/net/allwinner_emac.c
index 372e5b66da..e10965de14 100644
--- a/hw/net/allwinner_emac.c
+++ b/hw/net/allwinner_emac.c
@@ -453,7 +453,8 @@ static void aw_emac_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_aw_emac_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
fifo8_create(&s->rx_fifo, RX_FIFO_SIZE);
diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c
index 42ea2411a2..a7bce1c120 100644
--- a/hw/net/cadence_gem.c
+++ b/hw/net/cadence_gem.c
@@ -1633,7 +1633,8 @@ static void gem_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_gem_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
if (s->jumbo_max_len > MAX_FRAME_SIZE) {
error_setg(errp, "jumbo-max-len is greater than %d",
diff --git a/hw/net/dp8393x.c b/hw/net/dp8393x.c
index a596f7fbc6..1cb603e2c1 100644
--- a/hw/net/dp8393x.c
+++ b/hw/net/dp8393x.c
@@ -913,7 +913,8 @@ static void dp8393x_realize(DeviceState *dev, Error **errp)
"dp8393x-regs", SONIC_REG_COUNT << s->it_shift);
s->nic = qemu_new_nic(&net_dp83932_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
s->watchdog = timer_new_ns(QEMU_CLOCK_VIRTUAL, dp8393x_watchdog, s);
diff --git a/hw/net/e1000.c b/hw/net/e1000.c
index 093c2d4531..871a4e1451 100644
--- a/hw/net/e1000.c
+++ b/hw/net/e1000.c
@@ -1687,7 +1687,8 @@ static void pci_e1000_realize(PCIDevice *pci_dev, Error **errp)
macaddr);
d->nic = qemu_new_nic(&net_e1000_info, &d->conf,
- object_get_typename(OBJECT(d)), dev->id, d);
+ object_get_typename(OBJECT(d)), dev->id,
+ &dev->mem_reentrancy_guard, d);
qemu_format_nic_info_str(qemu_get_queue(d->nic), macaddr);
diff --git a/hw/net/e1000e.c b/hw/net/e1000e.c
index c3848797b8..e41a6c1038 100644
--- a/hw/net/e1000e.c
+++ b/hw/net/e1000e.c
@@ -320,7 +320,7 @@ e1000e_init_net_peer(E1000EState *s, PCIDevice *pci_dev, uint8_t *macaddr)
int i;
s->nic = qemu_new_nic(&net_e1000e_info, &s->conf,
- object_get_typename(OBJECT(s)), dev->id, s);
+ object_get_typename(OBJECT(s)), dev->id, &dev->mem_reentrancy_guard, s);
s->core.max_queue_num = s->conf.peers.queues ? s->conf.peers.queues - 1 : 0;
diff --git a/hw/net/eepro100.c b/hw/net/eepro100.c
index dc07984ae9..e2b03b787d 100644
--- a/hw/net/eepro100.c
+++ b/hw/net/eepro100.c
@@ -1874,7 +1874,9 @@ static void e100_nic_realize(PCIDevice *pci_dev, Error **errp)
nic_reset(s);
s->nic = qemu_new_nic(&net_eepro100_info, &s->conf,
- object_get_typename(OBJECT(pci_dev)), pci_dev->qdev.id, s);
+ object_get_typename(OBJECT(pci_dev)),
+ pci_dev->qdev.id,
+ &pci_dev->qdev.mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
TRACE(OTHER, logout("%s\n", qemu_get_queue(s->nic)->info_str));
diff --git a/hw/net/etraxfs_eth.c b/hw/net/etraxfs_eth.c
index 1b82aec794..ba57a978d1 100644
--- a/hw/net/etraxfs_eth.c
+++ b/hw/net/etraxfs_eth.c
@@ -618,7 +618,8 @@ static void etraxfs_eth_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_etraxfs_info, &s->conf,
- object_get_typename(OBJECT(s)), dev->id, s);
+ object_get_typename(OBJECT(s)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
s->phy.read = tdk_read;
diff --git a/hw/net/fsl_etsec/etsec.c b/hw/net/fsl_etsec/etsec.c
index 798ea33d08..00315f305d 100644
--- a/hw/net/fsl_etsec/etsec.c
+++ b/hw/net/fsl_etsec/etsec.c
@@ -391,7 +391,8 @@ static void etsec_realize(DeviceState *dev, Error **errp)
eTSEC *etsec = ETSEC_COMMON(dev);
etsec->nic = qemu_new_nic(&net_etsec_info, &etsec->conf,
- object_get_typename(OBJECT(dev)), dev->id, etsec);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, etsec);
qemu_format_nic_info_str(qemu_get_queue(etsec->nic), etsec->conf.macaddr.a);
etsec->ptimer = ptimer_init(etsec_timer_hit, etsec, PTIMER_POLICY_LEGACY);
diff --git a/hw/net/ftgmac100.c b/hw/net/ftgmac100.c
index 702b001be2..78e594afa4 100644
--- a/hw/net/ftgmac100.c
+++ b/hw/net/ftgmac100.c
@@ -1110,7 +1110,8 @@ static void ftgmac100_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_ftgmac100_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/net/i82596.c b/hw/net/i82596.c
index ab26f8bea1..baccde0a52 100644
--- a/hw/net/i82596.c
+++ b/hw/net/i82596.c
@@ -725,7 +725,7 @@ void i82596_common_init(DeviceState *dev, I82596State *s, NetClientInfo *info)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
}
s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)),
- dev->id, s);
+ dev->id, &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
if (USE_TIMER) {
diff --git a/hw/net/igb.c b/hw/net/igb.c
index 8ff832acfc..8b713843d9 100644
--- a/hw/net/igb.c
+++ b/hw/net/igb.c
@@ -315,7 +315,7 @@ igb_init_net_peer(IGBState *s, PCIDevice *pci_dev, uint8_t *macaddr)
int i;
s->nic = qemu_new_nic(&net_igb_info, &s->conf,
- object_get_typename(OBJECT(s)), dev->id, s);
+ object_get_typename(OBJECT(s)), dev->id, &dev->mem_reentrancy_guard, s);
s->core.max_queue_num = s->conf.peers.queues ? s->conf.peers.queues - 1 : 0;
diff --git a/hw/net/imx_fec.c b/hw/net/imx_fec.c
index 5d1f1f104c..6881e3e4f0 100644
--- a/hw/net/imx_fec.c
+++ b/hw/net/imx_fec.c
@@ -1334,7 +1334,7 @@ static void imx_eth_realize(DeviceState *dev, Error **errp)
s->nic = qemu_new_nic(&imx_eth_net_info, &s->conf,
object_get_typename(OBJECT(dev)),
- dev->id, s);
+ dev->id, &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
index e5c4af182d..cf7b8c897a 100644
--- a/hw/net/lan9118.c
+++ b/hw/net/lan9118.c
@@ -1361,7 +1361,8 @@ static void lan9118_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_lan9118_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
s->eeprom[0] = 0xa5;
for (i = 0; i < 6; i++) {
diff --git a/hw/net/mcf_fec.c b/hw/net/mcf_fec.c
index 8aa27bd322..57dd49abea 100644
--- a/hw/net/mcf_fec.c
+++ b/hw/net/mcf_fec.c
@@ -643,7 +643,8 @@ static void mcf_fec_realize(DeviceState *dev, Error **errp)
mcf_fec_state *s = MCF_FEC_NET(dev);
s->nic = qemu_new_nic(&net_mcf_fec_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/net/mipsnet.c b/hw/net/mipsnet.c
index 2ade72dea0..8e925de867 100644
--- a/hw/net/mipsnet.c
+++ b/hw/net/mipsnet.c
@@ -255,7 +255,8 @@ static void mipsnet_realize(DeviceState *dev, Error **errp)
sysbus_init_irq(sbd, &s->irq);
s->nic = qemu_new_nic(&net_mipsnet_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/net/msf2-emac.c b/hw/net/msf2-emac.c
index db3a04deb1..145a5e46ab 100644
--- a/hw/net/msf2-emac.c
+++ b/hw/net/msf2-emac.c
@@ -530,7 +530,8 @@ static void msf2_emac_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_msf2_emac_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/net/mv88w8618_eth.c b/hw/net/mv88w8618_eth.c
index ef30b0d4a6..2185f1131a 100644
--- a/hw/net/mv88w8618_eth.c
+++ b/hw/net/mv88w8618_eth.c
@@ -350,7 +350,8 @@ static void mv88w8618_eth_realize(DeviceState *dev, Error **errp)
address_space_init(&s->dma_as, s->dma_mr, "emac-dma");
s->nic = qemu_new_nic(&net_mv88w8618_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
}
static const VMStateDescription mv88w8618_eth_vmsd = {
diff --git a/hw/net/ne2000-isa.c b/hw/net/ne2000-isa.c
index 6ced6775ff..a79f7fad1f 100644
--- a/hw/net/ne2000-isa.c
+++ b/hw/net/ne2000-isa.c
@@ -74,7 +74,8 @@ static void isa_ne2000_realizefn(DeviceState *dev, Error **errp)
ne2000_reset(s);
s->nic = qemu_new_nic(&net_ne2000_isa_info, &s->c,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
}
diff --git a/hw/net/ne2000-pci.c b/hw/net/ne2000-pci.c
index edc6689d33..fee93c6ec0 100644
--- a/hw/net/ne2000-pci.c
+++ b/hw/net/ne2000-pci.c
@@ -71,7 +71,8 @@ static void pci_ne2000_realize(PCIDevice *pci_dev, Error **errp)
s->nic = qemu_new_nic(&net_ne2000_info, &s->c,
object_get_typename(OBJECT(pci_dev)),
- pci_dev->qdev.id, s);
+ pci_dev->qdev.id,
+ &pci_dev->qdev.mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
}
diff --git a/hw/net/npcm7xx_emc.c b/hw/net/npcm7xx_emc.c
index 8156f701b0..1d4e8f59f3 100644
--- a/hw/net/npcm7xx_emc.c
+++ b/hw/net/npcm7xx_emc.c
@@ -821,7 +821,8 @@ static void npcm7xx_emc_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&emc->conf.macaddr);
emc->nic = qemu_new_nic(&net_npcm7xx_emc_info, &emc->conf,
- object_get_typename(OBJECT(dev)), dev->id, emc);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, emc);
qemu_format_nic_info_str(qemu_get_queue(emc->nic), emc->conf.macaddr.a);
}
diff --git a/hw/net/opencores_eth.c b/hw/net/opencores_eth.c
index 0b3dc3146e..f96d6ea2cc 100644
--- a/hw/net/opencores_eth.c
+++ b/hw/net/opencores_eth.c
@@ -732,7 +732,8 @@ static void sysbus_open_eth_realize(DeviceState *dev, Error **errp)
sysbus_init_irq(sbd, &s->irq);
s->nic = qemu_new_nic(&net_open_eth_info, &s->conf,
- object_get_typename(OBJECT(s)), dev->id, s);
+ object_get_typename(OBJECT(s)), dev->id,
+ &dev->mem_reentrancy_guard, s);
}
static void qdev_open_eth_reset(DeviceState *dev)
diff --git a/hw/net/pcnet.c b/hw/net/pcnet.c
index 02828ae716..a7e123e60d 100644
--- a/hw/net/pcnet.c
+++ b/hw/net/pcnet.c
@@ -1709,7 +1709,8 @@ void pcnet_common_init(DeviceState *dev, PCNetState *s, NetClientInfo *info)
s->poll_timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, pcnet_poll_timer, s);
qemu_macaddr_default_if_unset(&s->conf.macaddr);
- s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)), dev->id, s);
+ s->nic = qemu_new_nic(info, &s->conf, object_get_typename(OBJECT(dev)),
+ dev->id, &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
/* Initialize the PROM */
diff --git a/hw/net/rocker/rocker_fp.c b/hw/net/rocker/rocker_fp.c
index cbeed65bd5..0d21948ada 100644
--- a/hw/net/rocker/rocker_fp.c
+++ b/hw/net/rocker/rocker_fp.c
@@ -241,8 +241,8 @@ FpPort *fp_port_alloc(Rocker *r, char *sw_name,
port->conf.bootindex = -1;
port->conf.peers = *peers;
- port->nic = qemu_new_nic(&fp_port_info, &port->conf,
- sw_name, NULL, port);
+ port->nic = qemu_new_nic(&fp_port_info, &port->conf, sw_name, NULL,
+ &DEVICE(r)->mem_reentrancy_guard, port);
qemu_format_nic_info_str(qemu_get_queue(port->nic),
port->conf.macaddr.a);
diff --git a/hw/net/rtl8139.c b/hw/net/rtl8139.c
index b4df75b2c9..6261d2260e 100644
--- a/hw/net/rtl8139.c
+++ b/hw/net/rtl8139.c
@@ -3388,7 +3388,8 @@ static void pci_rtl8139_realize(PCIDevice *dev, Error **errp)
s->eeprom.contents[9] = s->conf.macaddr.a[4] | s->conf.macaddr.a[5] << 8;
s->nic = qemu_new_nic(&net_rtl8139_info, &s->conf,
- object_get_typename(OBJECT(dev)), d->id, s);
+ object_get_typename(OBJECT(dev)), d->id,
+ &d->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
s->cplus_txbuffer = NULL;
diff --git a/hw/net/smc91c111.c b/hw/net/smc91c111.c
index ad778cd8fc..4eda971ef3 100644
--- a/hw/net/smc91c111.c
+++ b/hw/net/smc91c111.c
@@ -783,7 +783,8 @@ static void smc91c111_realize(DeviceState *dev, Error **errp)
sysbus_init_irq(sbd, &s->irq);
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_smc91c111_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
/* ??? Save/restore. */
}
diff --git a/hw/net/spapr_llan.c b/hw/net/spapr_llan.c
index a6876a936d..475d5f3a34 100644
--- a/hw/net/spapr_llan.c
+++ b/hw/net/spapr_llan.c
@@ -325,7 +325,8 @@ static void spapr_vlan_realize(SpaprVioDevice *sdev, Error **errp)
memcpy(&dev->perm_mac.a, &dev->nicconf.macaddr.a, sizeof(dev->perm_mac.a));
dev->nic = qemu_new_nic(&net_spapr_vlan_info, &dev->nicconf,
- object_get_typename(OBJECT(sdev)), sdev->qdev.id, dev);
+ object_get_typename(OBJECT(sdev)), sdev->qdev.id,
+ &sdev->qdev.mem_reentrancy_guard, dev);
qemu_format_nic_info_str(qemu_get_queue(dev->nic), dev->nicconf.macaddr.a);
dev->rxp_timer = timer_new_us(QEMU_CLOCK_VIRTUAL, spapr_vlan_flush_rx_queue,
diff --git a/hw/net/stellaris_enet.c b/hw/net/stellaris_enet.c
index 8dd60783d8..6768a6912f 100644
--- a/hw/net/stellaris_enet.c
+++ b/hw/net/stellaris_enet.c
@@ -492,7 +492,8 @@ static void stellaris_enet_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_stellaris_enet_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/net/sungem.c b/hw/net/sungem.c
index 510b370e5f..8e79eddd48 100644
--- a/hw/net/sungem.c
+++ b/hw/net/sungem.c
@@ -1399,7 +1399,7 @@ static void sungem_realize(PCIDevice *pci_dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_sungem_info, &s->conf,
object_get_typename(OBJECT(dev)),
- dev->id, s);
+ dev->id, &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic),
s->conf.macaddr.a);
}
diff --git a/hw/net/sunhme.c b/hw/net/sunhme.c
index 391d26fb82..de45fce07c 100644
--- a/hw/net/sunhme.c
+++ b/hw/net/sunhme.c
@@ -881,7 +881,8 @@ static void sunhme_realize(PCIDevice *pci_dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_sunhme_info, &s->conf,
- object_get_typename(OBJECT(d)), d->id, s);
+ object_get_typename(OBJECT(d)), d->id,
+ &d->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/net/tulip.c b/hw/net/tulip.c
index 915e5fb595..1f8e45de5e 100644
--- a/hw/net/tulip.c
+++ b/hw/net/tulip.c
@@ -983,7 +983,8 @@ static void pci_tulip_realize(PCIDevice *pci_dev, Error **errp)
s->nic = qemu_new_nic(&net_tulip_info, &s->c,
object_get_typename(OBJECT(pci_dev)),
- pci_dev->qdev.id, s);
+ pci_dev->qdev.id,
+ &pci_dev->qdev.mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->c.macaddr.a);
}
diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c
index 7102ec4817..9a93a2df01 100644
--- a/hw/net/virtio-net.c
+++ b/hw/net/virtio-net.c
@@ -3695,10 +3695,12 @@ static void virtio_net_device_realize(DeviceState *dev, Error **errp)
* Happen when virtio_net_set_netclient_name has been called.
*/
n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
- n->netclient_type, n->netclient_name, n);
+ n->netclient_type, n->netclient_name,
+ &dev->mem_reentrancy_guard, n);
} else {
n->nic = qemu_new_nic(&net_virtio_info, &n->nic_conf,
- object_get_typename(OBJECT(dev)), dev->id, n);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, n);
}
for (i = 0; i < n->max_queue_pairs; i++) {
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index 3fb108751a..1599ac76dc 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -2076,7 +2076,7 @@ static void vmxnet3_net_init(VMXNET3State *s)
s->nic = qemu_new_nic(&net_vmxnet3_info, &s->conf,
object_get_typename(OBJECT(s)),
- d->id, s);
+ d->id, &d->mem_reentrancy_guard, s);
s->peer_has_vhdr = vmxnet3_peer_has_vnet_hdr(s);
s->tx_sop = true;
diff --git a/hw/net/xen_nic.c b/hw/net/xen_nic.c
index 9bbf6599fc..7262d86f3c 100644
--- a/hw/net/xen_nic.c
+++ b/hw/net/xen_nic.c
@@ -294,7 +294,8 @@ static int net_init(struct XenLegacyDevice *xendev)
}
netdev->nic = qemu_new_nic(&net_xen_info, &netdev->conf,
- "xen", NULL, netdev);
+ "xen", NULL,
+ &xendev->qdev.mem_reentrancy_guard, netdev);
qemu_set_info_str(qemu_get_queue(netdev->nic),
"nic: xenbus vif macaddr=%s", netdev->mac);
diff --git a/hw/net/xgmac.c b/hw/net/xgmac.c
index 0ab6ae91aa..1f4f277d84 100644
--- a/hw/net/xgmac.c
+++ b/hw/net/xgmac.c
@@ -402,7 +402,8 @@ static void xgmac_enet_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_xgmac_enet_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
s->regs[XGMAC_ADDR_HIGH(0)] = (s->conf.macaddr.a[5] << 8) |
diff --git a/hw/net/xilinx_axienet.c b/hw/net/xilinx_axienet.c
index 5b19a01eaa..7d1fd37b4a 100644
--- a/hw/net/xilinx_axienet.c
+++ b/hw/net/xilinx_axienet.c
@@ -967,7 +967,8 @@ static void xilinx_enet_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_xilinx_enet_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
tdk_init(&s->TEMAC.phy);
diff --git a/hw/net/xilinx_ethlite.c b/hw/net/xilinx_ethlite.c
index 89f4f3b254..989afaf037 100644
--- a/hw/net/xilinx_ethlite.c
+++ b/hw/net/xilinx_ethlite.c
@@ -235,7 +235,8 @@ static void xilinx_ethlite_realize(DeviceState *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_xilinx_ethlite_info, &s->conf,
- object_get_typename(OBJECT(dev)), dev->id, s);
+ object_get_typename(OBJECT(dev)), dev->id,
+ &dev->mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
}
diff --git a/hw/usb/dev-network.c b/hw/usb/dev-network.c
index 5fff487ee5..2c33e36cad 100644
--- a/hw/usb/dev-network.c
+++ b/hw/usb/dev-network.c
@@ -1386,7 +1386,8 @@ static void usb_net_realize(USBDevice *dev, Error **errp)
qemu_macaddr_default_if_unset(&s->conf.macaddr);
s->nic = qemu_new_nic(&net_usbnet_info, &s->conf,
- object_get_typename(OBJECT(s)), s->dev.qdev.id, s);
+ object_get_typename(OBJECT(s)), s->dev.qdev.id,
+ &s->dev.qdev.mem_reentrancy_guard, s);
qemu_format_nic_info_str(qemu_get_queue(s->nic), s->conf.macaddr.a);
snprintf(s->usbstring_mac, sizeof(s->usbstring_mac),
"%02x%02x%02x%02x%02x%02x",
diff --git a/include/net/net.h b/include/net/net.h
index 1448d00afb..a7d8deaccb 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -157,6 +157,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
NICConf *conf,
const char *model,
const char *name,
+ MemReentrancyGuard *reentrancy_guard,
void *opaque);
void qemu_del_nic(NICState *nic);
NetClientState *qemu_get_subqueue(NICState *nic, int queue_index);
diff --git a/net/net.c b/net/net.c
index 6492ad530e..982df2479f 100644
--- a/net/net.c
+++ b/net/net.c
@@ -319,6 +319,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
NICConf *conf,
const char *model,
const char *name,
+ MemReentrancyGuard *reentrancy_guard,
void *opaque)
{
NetClientState **peers = conf->peers.ncs;
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 05/31] net: Update MemReentrancyGuard for NIC
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (3 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 04/31] net: Provide MemReentrancyGuard * to qemu_new_nic() Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 06/31] linux-user: Fix loaddr computation for some elf files Michael Tokarev
` (17 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Akihiko Odaki, Alexander Bulekov, Jason Wang,
Michael Tokarev
From: Akihiko Odaki <akihiko.odaki@daynix.com>
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
This implementation follows what bottom half does, but it does not add
a tracepoint for the case that the network device backend started
delivering a packet to a device which is already engaging in I/O. This
is because such reentrancy frequently happens for
qemu_flush_queued_packets() and is insignificant.
Fixes: CVE-2023-3019
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 9050f976e447444ea6ee2ba12c9f77e4b0dc54bc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/include/net/net.h b/include/net/net.h
index a7d8deaccb..685ec58318 100644
--- a/include/net/net.h
+++ b/include/net/net.h
@@ -124,6 +124,7 @@ typedef QTAILQ_HEAD(NetClientStateList, NetClientState) NetClientStateList;
typedef struct NICState {
NetClientState *ncs;
NICConf *conf;
+ MemReentrancyGuard *reentrancy_guard;
void *opaque;
bool peer_deleted;
} NICState;
diff --git a/net/net.c b/net/net.c
index 982df2479f..3523cceafc 100644
--- a/net/net.c
+++ b/net/net.c
@@ -332,6 +332,7 @@ NICState *qemu_new_nic(NetClientInfo *info,
nic = g_malloc0(info->size + sizeof(NetClientState) * queues);
nic->ncs = (void *)nic + info->size;
nic->conf = conf;
+ nic->reentrancy_guard = reentrancy_guard,
nic->opaque = opaque;
for (i = 0; i < queues; i++) {
@@ -805,6 +806,7 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender,
int iovcnt,
void *opaque)
{
+ MemReentrancyGuard *owned_reentrancy_guard;
NetClientState *nc = opaque;
int ret;
@@ -817,12 +819,24 @@ static ssize_t qemu_deliver_packet_iov(NetClientState *sender,
return 0;
}
+ if (nc->info->type != NET_CLIENT_DRIVER_NIC ||
+ qemu_get_nic(nc)->reentrancy_guard->engaged_in_io) {
+ owned_reentrancy_guard = NULL;
+ } else {
+ owned_reentrancy_guard = qemu_get_nic(nc)->reentrancy_guard;
+ owned_reentrancy_guard->engaged_in_io = true;
+ }
+
if (nc->info->receive_iov && !(flags & QEMU_NET_PACKET_FLAG_RAW)) {
ret = nc->info->receive_iov(nc, iov, iovcnt);
} else {
ret = nc_sendv_compat(nc, iov, iovcnt, flags);
}
+ if (owned_reentrancy_guard) {
+ owned_reentrancy_guard->engaged_in_io = false;
+ }
+
if (ret == 0) {
nc->receive_disabled = 1;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 06/31] linux-user: Fix loaddr computation for some elf files
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (4 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 05/31] net: Update MemReentrancyGuard for NIC Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 07/31] tests/avocado: Replace assertEquals() for Python 3.12 compatibility Michael Tokarev
` (16 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-stable, Richard Henderson, Michael Tokarev
From: Richard Henderson <richard.henderson@linaro.org>
The file offset of the load segment is not relevant to the
low address, only the beginning of the virtual address page.
Cc: qemu-stable@nongnu.org
Fixes: a93934fecd4 ("elf: take phdr offset into account when calculating the program load address")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1952
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 82d70a84c8ee42ef969a9cfddc0f5b30b16165f5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/linux-user/elfload.c b/linux-user/elfload.c
index 47170fe5d3..b1462842b6 100644
--- a/linux-user/elfload.c
+++ b/linux-user/elfload.c
@@ -3093,7 +3093,7 @@ static void load_elf_image(const char *image_name, int image_fd,
for (i = 0; i < ehdr->e_phnum; ++i) {
struct elf_phdr *eppnt = phdr + i;
if (eppnt->p_type == PT_LOAD) {
- abi_ulong a = eppnt->p_vaddr - eppnt->p_offset;
+ abi_ulong a = eppnt->p_vaddr & TARGET_PAGE_MASK;
if (a < loaddr) {
loaddr = a;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 07/31] tests/avocado: Replace assertEquals() for Python 3.12 compatibility
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (5 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 06/31] linux-user: Fix loaddr computation for some elf files Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 08/31] tests/avocado: Replace assertRegexpMatches() " Michael Tokarev
` (15 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Thomas Huth, Philippe Mathieu-Daudé,
Michael Tokarev
From: Thomas Huth <thuth@redhat.com>
assertEquals() has been removed in Python 3.12 and should be replaced by
assertEqual(). See: https://docs.python.org/3.12/whatsnew/3.12.html#id3
Message-ID: <20231114134326.287242-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 861f724d03e1748cda1c5b9ec8457a368590cbd5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: adjust context in pc_cpu_hotplug_props.py & cpu_queries.py for before
v8.1.0-1582-g684750ab4f "python/qemu: rename command() to cmd()")
diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index b6ad21bed1..1c4ee2af32 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -1077,7 +1077,7 @@ and hypothetical example follows:
'human-monitor-command',
command_line='info version')
- self.assertEquals(first_res, second_res, third_res)
+ self.assertEqual(first_res, second_res, third_res)
At test "tear down", ``avocado_qemu.Test`` handles all the QEMUMachines
shutdown.
diff --git a/tests/avocado/cpu_queries.py b/tests/avocado/cpu_queries.py
index cf69f69b11..295642772e 100644
--- a/tests/avocado/cpu_queries.py
+++ b/tests/avocado/cpu_queries.py
@@ -31,4 +31,4 @@ def test(self):
for c in cpus:
model = {'name': c['name']}
e = self.vm.command('query-cpu-model-expansion', model=model, type='full')
- self.assertEquals(e['model']['name'], c['name'])
+ self.assertEqual(e['model']['name'], c['name'])
diff --git a/tests/avocado/empty_cpu_model.py b/tests/avocado/empty_cpu_model.py
index 22f504418d..d906ef3d3c 100644
--- a/tests/avocado/empty_cpu_model.py
+++ b/tests/avocado/empty_cpu_model.py
@@ -15,5 +15,5 @@ def test(self):
self.vm.set_qmp_monitor(enabled=False)
self.vm.launch()
self.vm.wait()
- self.assertEquals(self.vm.exitcode(), 1, "QEMU exit code should be 1")
+ self.assertEqual(self.vm.exitcode(), 1, "QEMU exit code should be 1")
self.assertRegex(self.vm.get_log(), r'-cpu option cannot be empty')
diff --git a/tests/avocado/pc_cpu_hotplug_props.py b/tests/avocado/pc_cpu_hotplug_props.py
index 52b878188e..6100fb7760 100644
--- a/tests/avocado/pc_cpu_hotplug_props.py
+++ b/tests/avocado/pc_cpu_hotplug_props.py
@@ -32,4 +32,4 @@ def test_no_die_id(self):
self.vm.add_args('-smp', '1,sockets=2,cores=2,threads=2,maxcpus=8')
self.vm.add_args('-device', 'qemu64-x86_64-cpu,socket-id=1,core-id=0,thread-id=0')
self.vm.launch()
- self.assertEquals(len(self.vm.command('query-cpus-fast')), 2)
+ self.assertEqual(len(self.vm.command('query-cpus-fast')), 2)
diff --git a/tests/avocado/x86_cpu_model_versions.py b/tests/avocado/x86_cpu_model_versions.py
index a6edf74c1c..262d6a77fb 100644
--- a/tests/avocado/x86_cpu_model_versions.py
+++ b/tests/avocado/x86_cpu_model_versions.py
@@ -119,94 +119,95 @@ def test_4_1_alias(self):
self.assertFalse(cpus['Cascadelake-Server']['static'],
'unversioned Cascadelake-Server CPU model must not be static')
- self.assertEquals(cpus['Cascadelake-Server'].get('alias-of'), 'Cascadelake-Server-v1',
- 'Cascadelake-Server must be an alias of Cascadelake-Server-v1')
+ self.assertEqual(cpus['Cascadelake-Server'].get('alias-of'),
+ 'Cascadelake-Server-v1',
+ 'Cascadelake-Server must be an alias of Cascadelake-Server-v1')
self.assertNotIn('alias-of', cpus['Cascadelake-Server-v1'],
'Cascadelake-Server-v1 must not be an alias')
self.assertFalse(cpus['qemu64']['static'],
'unversioned qemu64 CPU model must not be static')
- self.assertEquals(cpus['qemu64'].get('alias-of'), 'qemu64-v1',
- 'qemu64 must be an alias of qemu64-v1')
+ self.assertEqual(cpus['qemu64'].get('alias-of'), 'qemu64-v1',
+ 'qemu64 must be an alias of qemu64-v1')
self.assertNotIn('alias-of', cpus['qemu64-v1'],
'qemu64-v1 must not be an alias')
self.validate_variant_aliases(cpus)
# On pc-*-4.1, -noTSX and -IBRS models should be aliases:
- self.assertEquals(cpus["Haswell"].get('alias-of'),
- "Haswell-v1",
+ self.assertEqual(cpus["Haswell"].get('alias-of'),
+ "Haswell-v1",
"Haswell must be an alias")
- self.assertEquals(cpus["Haswell-noTSX"].get('alias-of'),
- "Haswell-v2",
+ self.assertEqual(cpus["Haswell-noTSX"].get('alias-of'),
+ "Haswell-v2",
"Haswell-noTSX must be an alias")
- self.assertEquals(cpus["Haswell-IBRS"].get('alias-of'),
- "Haswell-v3",
+ self.assertEqual(cpus["Haswell-IBRS"].get('alias-of'),
+ "Haswell-v3",
"Haswell-IBRS must be an alias")
- self.assertEquals(cpus["Haswell-noTSX-IBRS"].get('alias-of'),
- "Haswell-v4",
+ self.assertEqual(cpus["Haswell-noTSX-IBRS"].get('alias-of'),
+ "Haswell-v4",
"Haswell-noTSX-IBRS must be an alias")
- self.assertEquals(cpus["Broadwell"].get('alias-of'),
- "Broadwell-v1",
+ self.assertEqual(cpus["Broadwell"].get('alias-of'),
+ "Broadwell-v1",
"Broadwell must be an alias")
- self.assertEquals(cpus["Broadwell-noTSX"].get('alias-of'),
- "Broadwell-v2",
+ self.assertEqual(cpus["Broadwell-noTSX"].get('alias-of'),
+ "Broadwell-v2",
"Broadwell-noTSX must be an alias")
- self.assertEquals(cpus["Broadwell-IBRS"].get('alias-of'),
- "Broadwell-v3",
+ self.assertEqual(cpus["Broadwell-IBRS"].get('alias-of'),
+ "Broadwell-v3",
"Broadwell-IBRS must be an alias")
- self.assertEquals(cpus["Broadwell-noTSX-IBRS"].get('alias-of'),
- "Broadwell-v4",
+ self.assertEqual(cpus["Broadwell-noTSX-IBRS"].get('alias-of'),
+ "Broadwell-v4",
"Broadwell-noTSX-IBRS must be an alias")
- self.assertEquals(cpus["Nehalem"].get('alias-of'),
- "Nehalem-v1",
+ self.assertEqual(cpus["Nehalem"].get('alias-of'),
+ "Nehalem-v1",
"Nehalem must be an alias")
- self.assertEquals(cpus["Nehalem-IBRS"].get('alias-of'),
- "Nehalem-v2",
+ self.assertEqual(cpus["Nehalem-IBRS"].get('alias-of'),
+ "Nehalem-v2",
"Nehalem-IBRS must be an alias")
- self.assertEquals(cpus["Westmere"].get('alias-of'),
- "Westmere-v1",
+ self.assertEqual(cpus["Westmere"].get('alias-of'),
+ "Westmere-v1",
"Westmere must be an alias")
- self.assertEquals(cpus["Westmere-IBRS"].get('alias-of'),
- "Westmere-v2",
+ self.assertEqual(cpus["Westmere-IBRS"].get('alias-of'),
+ "Westmere-v2",
"Westmere-IBRS must be an alias")
- self.assertEquals(cpus["SandyBridge"].get('alias-of'),
- "SandyBridge-v1",
+ self.assertEqual(cpus["SandyBridge"].get('alias-of'),
+ "SandyBridge-v1",
"SandyBridge must be an alias")
- self.assertEquals(cpus["SandyBridge-IBRS"].get('alias-of'),
- "SandyBridge-v2",
+ self.assertEqual(cpus["SandyBridge-IBRS"].get('alias-of'),
+ "SandyBridge-v2",
"SandyBridge-IBRS must be an alias")
- self.assertEquals(cpus["IvyBridge"].get('alias-of'),
- "IvyBridge-v1",
+ self.assertEqual(cpus["IvyBridge"].get('alias-of'),
+ "IvyBridge-v1",
"IvyBridge must be an alias")
- self.assertEquals(cpus["IvyBridge-IBRS"].get('alias-of'),
- "IvyBridge-v2",
+ self.assertEqual(cpus["IvyBridge-IBRS"].get('alias-of'),
+ "IvyBridge-v2",
"IvyBridge-IBRS must be an alias")
- self.assertEquals(cpus["Skylake-Client"].get('alias-of'),
- "Skylake-Client-v1",
+ self.assertEqual(cpus["Skylake-Client"].get('alias-of'),
+ "Skylake-Client-v1",
"Skylake-Client must be an alias")
- self.assertEquals(cpus["Skylake-Client-IBRS"].get('alias-of'),
- "Skylake-Client-v2",
+ self.assertEqual(cpus["Skylake-Client-IBRS"].get('alias-of'),
+ "Skylake-Client-v2",
"Skylake-Client-IBRS must be an alias")
- self.assertEquals(cpus["Skylake-Server"].get('alias-of'),
- "Skylake-Server-v1",
+ self.assertEqual(cpus["Skylake-Server"].get('alias-of'),
+ "Skylake-Server-v1",
"Skylake-Server must be an alias")
- self.assertEquals(cpus["Skylake-Server-IBRS"].get('alias-of'),
- "Skylake-Server-v2",
+ self.assertEqual(cpus["Skylake-Server-IBRS"].get('alias-of'),
+ "Skylake-Server-v2",
"Skylake-Server-IBRS must be an alias")
- self.assertEquals(cpus["EPYC"].get('alias-of'),
- "EPYC-v1",
+ self.assertEqual(cpus["EPYC"].get('alias-of'),
+ "EPYC-v1",
"EPYC must be an alias")
- self.assertEquals(cpus["EPYC-IBPB"].get('alias-of'),
- "EPYC-v2",
+ self.assertEqual(cpus["EPYC-IBPB"].get('alias-of'),
+ "EPYC-v2",
"EPYC-IBPB must be an alias")
self.validate_aliases(cpus)
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 08/31] tests/avocado: Replace assertRegexpMatches() for Python 3.12 compatibility
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (6 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 07/31] tests/avocado: Replace assertEquals() for Python 3.12 compatibility Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 09/31] linux-user/riscv: Add Zicboz block size to hwprobe Michael Tokarev
` (14 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Philippe Mathieu-Daudé, Thomas Huth,
Michael Tokarev
From: Philippe Mathieu-Daudé <philmd@linaro.org>
assertRegexpMatches() has been removed in Python 3.12 and should be replaced by
assertRegex(). See: https://docs.python.org/3.12/whatsnew/3.12.html#id3
Inspired-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20231114144832.71612-1-philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit f0a663b4ced2bf315936c774c2b6ff398fce8905)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: adjust context for before v8.1.0-1582-g684750ab4f
"python/qemu: rename command() to cmd()")
diff --git a/docs/devel/testing.rst b/docs/devel/testing.rst
index 1c4ee2af32..1502fc01f2 100644
--- a/docs/devel/testing.rst
+++ b/docs/devel/testing.rst
@@ -1016,7 +1016,7 @@ class. Here's a simple usage example:
self.vm.launch()
res = self.vm.command('human-monitor-command',
command_line='info version')
- self.assertRegexpMatches(res, r'^(\d+\.\d+\.\d)')
+ self.assertRegex(res, r'^(\d+\.\d+\.\d)')
To execute your test, run:
diff --git a/tests/avocado/version.py b/tests/avocado/version.py
index dd775955eb..1d5f1f2562 100644
--- a/tests/avocado/version.py
+++ b/tests/avocado/version.py
@@ -22,4 +22,4 @@ def test_qmp_human_info_version(self):
self.vm.launch()
res = self.vm.command('human-monitor-command',
command_line='info version')
- self.assertRegexpMatches(res, r'^(\d+\.\d+\.\d)')
+ self.assertRegex(res, r'^(\d+\.\d+\.\d)')
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 09/31] linux-user/riscv: Add Zicboz block size to hwprobe
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (7 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 08/31] tests/avocado: Replace assertRegexpMatches() " Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 10/31] hw/riscv/virt.c: do create_fdt() earlier, add finalize_fdt() Michael Tokarev
` (13 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Palmer Dabbelt, Alistair Francis,
Daniel Henrique Barboza, Michael Tokarev
From: Palmer Dabbelt <palmer@rivosinc.com>
Support for probing the Zicboz block size landed in Linux 6.6, which was
released a few weeks ago. This provides the user-configured block size
when Zicboz is enabled.
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20231110173716.24423-1-palmer@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 301c65f49f9602f39b9f3ce0ad9ff70d4bda7226)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup linux-user/syscall.c to before v8.1.0-2602-ge57039ddab
"target/riscv: rename ext_icboz to ext_zicboz")
diff --git a/linux-user/syscall.c b/linux-user/syscall.c
index 9353268cc1..bd0c99859d 100644
--- a/linux-user/syscall.c
+++ b/linux-user/syscall.c
@@ -9058,6 +9058,8 @@ static int do_getdents64(abi_long dirfd, abi_long arg2, abi_long count)
#define RISCV_HWPROBE_MISALIGNED_UNSUPPORTED (4 << 0)
#define RISCV_HWPROBE_MISALIGNED_MASK (7 << 0)
+#define RISCV_HWPROBE_KEY_ZICBOZ_BLOCK_SIZE 6
+
struct riscv_hwprobe {
abi_llong key;
abi_ullong value;
@@ -9102,6 +9104,10 @@ static void risc_hwprobe_fill_pairs(CPURISCVState *env,
case RISCV_HWPROBE_KEY_CPUPERF_0:
__put_user(RISCV_HWPROBE_MISALIGNED_FAST, &pair->value);
break;
+ case RISCV_HWPROBE_KEY_ZICBOZ_BLOCK_SIZE:
+ value = cfg->ext_icboz ? cfg->cboz_blocksize : 0;
+ __put_user(value, &pair->value);
+ break;
default:
__put_user(-1, &pair->key);
break;
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 10/31] hw/riscv/virt.c: do create_fdt() earlier, add finalize_fdt()
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (8 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 09/31] linux-user/riscv: Add Zicboz block size to hwprobe Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 11/31] riscv: Fix SiFive E CLINT clock frequency Michael Tokarev
` (12 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Daniel Henrique Barboza, Alistair Francis,
Michael Tokarev
From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Commit 49554856f0 fixed a problem, where TPM devices were not appearing
in the FDT, by delaying the FDT creation up until virt_machine_done().
This create a side effect (see gitlab #1925) - devices that need access
to the '/chosen' FDT node during realize() stopped working because, at
that point, we don't have a FDT.
This happens because our FDT creation is monolithic, but it doesn't need
to be. We can add the needed FDT components for realize() time and, at
the same time, do another FDT round where we account for dynamic sysbus
devices. In other words, the problem fixed by 49554856f0 could also be
fixed by postponing only create_fdt_sockets() and its dependencies,
leaving everything else from create_fdt() to be done during init().
Split the FDT creation in two parts:
- create_fdt(), now moved back to virt_machine_init(), will create FDT
nodes that doesn't depend on additional (dynamic) devices from the
sysbus;
- a new finalize_fdt() step is added, where create_fdt_sockets() and
friends is executed, accounting for the dynamic sysbus devices that
were added during realize().
This will make both use cases happy: TPM devices are still working as
intended, and devices such as 'guest-loader' have a FDT to work on
during realize().
Fixes: 49554856f0 ("riscv: Generate devicetree only after machine initialization is complete")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1925
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20231110172559.73209-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 7a87ba8956e59bec8cc4677c6aa5141e4c023a7d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 505a36dff6..ab1ce22870 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -958,7 +958,6 @@ static void create_fdt_uart(RISCVVirtState *s, const MemMapEntry *memmap,
qemu_fdt_setprop_cells(ms->fdt, name, "interrupts", UART0_IRQ, 0x4);
}
- qemu_fdt_add_subnode(ms->fdt, "/chosen");
qemu_fdt_setprop_string(ms->fdt, "/chosen", "stdout-path", name);
g_free(name);
}
@@ -1019,11 +1018,29 @@ static void create_fdt_fw_cfg(RISCVVirtState *s, const MemMapEntry *memmap)
g_free(nodename);
}
-static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap)
+static void finalize_fdt(RISCVVirtState *s)
{
- MachineState *ms = MACHINE(s);
uint32_t phandle = 1, irq_mmio_phandle = 1, msi_pcie_phandle = 1;
uint32_t irq_pcie_phandle = 1, irq_virtio_phandle = 1;
+
+ create_fdt_sockets(s, virt_memmap, &phandle, &irq_mmio_phandle,
+ &irq_pcie_phandle, &irq_virtio_phandle,
+ &msi_pcie_phandle);
+
+ create_fdt_virtio(s, virt_memmap, irq_virtio_phandle);
+
+ create_fdt_pcie(s, virt_memmap, irq_pcie_phandle, msi_pcie_phandle);
+
+ create_fdt_reset(s, virt_memmap, &phandle);
+
+ create_fdt_uart(s, virt_memmap, irq_mmio_phandle);
+
+ create_fdt_rtc(s, virt_memmap, irq_mmio_phandle);
+}
+
+static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap)
+{
+ MachineState *ms = MACHINE(s);
uint8_t rng_seed[32];
ms->fdt = create_device_tree(&s->fdt_size);
@@ -1043,28 +1060,16 @@ static void create_fdt(RISCVVirtState *s, const MemMapEntry *memmap)
qemu_fdt_setprop_cell(ms->fdt, "/soc", "#size-cells", 0x2);
qemu_fdt_setprop_cell(ms->fdt, "/soc", "#address-cells", 0x2);
- create_fdt_sockets(s, memmap, &phandle, &irq_mmio_phandle,
- &irq_pcie_phandle, &irq_virtio_phandle,
- &msi_pcie_phandle);
-
- create_fdt_virtio(s, memmap, irq_virtio_phandle);
-
- create_fdt_pcie(s, memmap, irq_pcie_phandle, msi_pcie_phandle);
-
- create_fdt_reset(s, memmap, &phandle);
-
- create_fdt_uart(s, memmap, irq_mmio_phandle);
-
- create_fdt_rtc(s, memmap, irq_mmio_phandle);
-
- create_fdt_flash(s, memmap);
- create_fdt_fw_cfg(s, memmap);
- create_fdt_pmu(s);
+ qemu_fdt_add_subnode(ms->fdt, "/chosen");
/* Pass seed to RNG */
qemu_guest_getrandom_nofail(rng_seed, sizeof(rng_seed));
qemu_fdt_setprop(ms->fdt, "/chosen", "rng-seed",
rng_seed, sizeof(rng_seed));
+
+ create_fdt_flash(s, memmap);
+ create_fdt_fw_cfg(s, memmap);
+ create_fdt_pmu(s);
}
static inline DeviceState *gpex_pcie_init(MemoryRegion *sys_mem,
@@ -1249,15 +1254,12 @@ static void virt_machine_done(Notifier *notifier, void *data)
uint64_t kernel_entry = 0;
BlockBackend *pflash_blk0;
- /* load/create device tree */
- if (machine->dtb) {
- machine->fdt = load_device_tree(machine->dtb, &s->fdt_size);
- if (!machine->fdt) {
- error_report("load_device_tree() failed");
- exit(1);
- }
- } else {
- create_fdt(s, memmap);
+ /*
+ * An user provided dtb must include everything, including
+ * dynamic sysbus devices. Our FDT needs to be finalized.
+ */
+ if (machine->dtb == NULL) {
+ finalize_fdt(s);
}
/*
@@ -1525,6 +1527,17 @@ static void virt_machine_init(MachineState *machine)
}
virt_flash_map(s, system_memory);
+ /* load/create device tree */
+ if (machine->dtb) {
+ machine->fdt = load_device_tree(machine->dtb, &s->fdt_size);
+ if (!machine->fdt) {
+ error_report("load_device_tree() failed");
+ exit(1);
+ }
+ } else {
+ create_fdt(s, memmap);
+ }
+
s->machine_done.notify = virt_machine_done;
qemu_add_machine_init_done_notifier(&s->machine_done);
}
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 11/31] riscv: Fix SiFive E CLINT clock frequency
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (9 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 10/31] hw/riscv/virt.c: do create_fdt() earlier, add finalize_fdt() Michael Tokarev
@ 2023-12-12 12:17 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 12/31] target/riscv/cpu_helper.c: Invalid exception on MMU translation stage Michael Tokarev
` (11 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:17 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Román Cárdenas, Alistair Francis,
Daniel Henrique Barboza, Michael Tokarev
From: Román Cárdenas <rcardenas.rod@gmail.com>
If you check the manual of SiFive E310 (https://cdn.sparkfun.com/assets/7/f/0/2/7/fe310-g002-manual-v19p05.pdf),
you can see in Figure 1 that the CLINT is connected to the real time clock, which also feeds the AON peripheral (they share the same clock).
In page 43, the docs also say that the timer registers of the CLINT count ticks from the rtcclk.
I am currently playing with bare metal applications both in QEMU and a physical SiFive E310 board and
I confirm that the CLINT clock in the physical board runs at 32.768 kHz.
In QEMU, the same app produces a completely different outcome, as sometimes a new CLINT interrupt is triggered before finishing other tasks.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1978
Signed-off-by: Rom\ufffd\ufffdn C\ufffd\ufffdrdenas <rcardenas.rod@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20231117082840.55705-1-rcardenas.rod@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit a7472560ca5f7a61ef3a46b52118f680de81058c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/riscv/sifive_e.c b/hw/riscv/sifive_e.c
index 0d37adc542..87d9602383 100644
--- a/hw/riscv/sifive_e.c
+++ b/hw/riscv/sifive_e.c
@@ -225,7 +225,7 @@ static void sifive_e_soc_realize(DeviceState *dev, Error **errp)
RISCV_ACLINT_SWI_SIZE,
RISCV_ACLINT_DEFAULT_MTIMER_SIZE, 0, ms->smp.cpus,
RISCV_ACLINT_DEFAULT_MTIMECMP, RISCV_ACLINT_DEFAULT_MTIME,
- RISCV_ACLINT_DEFAULT_TIMEBASE_FREQ, false);
+ SIFIVE_E_LFCLK_DEFAULT_FREQ, false);
sifive_e_prci_create(memmap[SIFIVE_E_DEV_PRCI].base);
/* AON */
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 12/31] target/riscv/cpu_helper.c: Invalid exception on MMU translation stage
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (10 preceding siblings ...)
2023-12-12 12:17 ` [Stable-8.1.4 11/31] riscv: Fix SiFive E CLINT clock frequency Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 13/31] target/riscv/cpu_helper.c: Fix mxr bit behavior Michael Tokarev
` (10 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Ivan Klokov, Alistair Francis,
Daniel Henrique Barboza, Michael Tokarev
From: Ivan Klokov <ivan.klokov@syntacore.com>
According to RISCV privileged spec sect. 5.3.2 Virtual Address Translation Process
access-fault exceptions may raise only after PMA/PMP check. Current implementation
generates an access-fault for mbare mode even if there were no PMA/PMP errors.
This patch removes the erroneous MMU mode check and generates an access-fault
exception based on the pmp_violation flag only.
Fixes: 1448689c7b ("target/riscv: Allow specifying MMU stage")
Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20231121071757.7178-2-ivan.klokov@syntacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 82d53adfbb1aa0dbe7dac09b61ad86014efe81a7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 9f611d89bb..3c482f9fd4 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -1100,47 +1100,31 @@ static void raise_mmu_exception(CPURISCVState *env, target_ulong address,
bool two_stage_indirect)
{
CPUState *cs = env_cpu(env);
- int page_fault_exceptions, vm;
- uint64_t stap_mode;
-
- if (riscv_cpu_mxl(env) == MXL_RV32) {
- stap_mode = SATP32_MODE;
- } else {
- stap_mode = SATP64_MODE;
- }
-
- if (first_stage) {
- vm = get_field(env->satp, stap_mode);
- } else {
- vm = get_field(env->hgatp, stap_mode);
- }
-
- page_fault_exceptions = vm != VM_1_10_MBARE && !pmp_violation;
switch (access_type) {
case MMU_INST_FETCH:
if (env->virt_enabled && !first_stage) {
cs->exception_index = RISCV_EXCP_INST_GUEST_PAGE_FAULT;
} else {
- cs->exception_index = page_fault_exceptions ?
- RISCV_EXCP_INST_PAGE_FAULT : RISCV_EXCP_INST_ACCESS_FAULT;
+ cs->exception_index = pmp_violation ?
+ RISCV_EXCP_INST_ACCESS_FAULT : RISCV_EXCP_INST_PAGE_FAULT;
}
break;
case MMU_DATA_LOAD:
if (two_stage && !first_stage) {
cs->exception_index = RISCV_EXCP_LOAD_GUEST_ACCESS_FAULT;
} else {
- cs->exception_index = page_fault_exceptions ?
- RISCV_EXCP_LOAD_PAGE_FAULT : RISCV_EXCP_LOAD_ACCESS_FAULT;
+ cs->exception_index = pmp_violation ?
+ RISCV_EXCP_LOAD_ACCESS_FAULT : RISCV_EXCP_LOAD_PAGE_FAULT;
}
break;
case MMU_DATA_STORE:
if (two_stage && !first_stage) {
cs->exception_index = RISCV_EXCP_STORE_GUEST_AMO_ACCESS_FAULT;
} else {
- cs->exception_index = page_fault_exceptions ?
- RISCV_EXCP_STORE_PAGE_FAULT :
- RISCV_EXCP_STORE_AMO_ACCESS_FAULT;
+ cs->exception_index = pmp_violation ?
+ RISCV_EXCP_STORE_AMO_ACCESS_FAULT :
+ RISCV_EXCP_STORE_PAGE_FAULT;
}
break;
default:
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 13/31] target/riscv/cpu_helper.c: Fix mxr bit behavior
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (11 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 12/31] target/riscv/cpu_helper.c: Invalid exception on MMU translation stage Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 14/31] vmdk: Don't corrupt desc file in vmdk_write_cid Michael Tokarev
` (9 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Ivan Klokov, Alistair Francis,
Daniel Henrique Barboza, Michael Tokarev
From: Ivan Klokov <ivan.klokov@syntacore.com>
According to RISCV Specification sect 9.5 on two stage translation when
V=1 the vsstatus(mstatus in QEMU's terms) field MXR, which makes
execute-only pages readable, only overrides VS-stage page protection.
Setting MXR at HS-level(mstatus_hs), however, overrides both VS-stage
and G-stage execute-only permissions.
The hypervisor extension changes the behavior of MXR\MPV\MPRV bits.
Due to RISCV Specification sect. 9.4.1 when MPRV=1, explicit memory
accesses are translated and protected, and endianness is applied, as
though the current virtualization mode were set to MPV and the current
nominal privilege mode were set to MPP. vsstatus.MXR makes readable
those pages marked executable at the VS translation stage.
Fixes: 36a18664ba ("target/riscv: Implement second stage MMU")
Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <20231121071757.7178-3-ivan.klokov@syntacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 6bca4d7d1ff2b8857486c3ff31f5c6fc3e3984b4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/riscv/cpu_helper.c b/target/riscv/cpu_helper.c
index 3c482f9fd4..ce10d722f1 100644
--- a/target/riscv/cpu_helper.c
+++ b/target/riscv/cpu_helper.c
@@ -989,13 +989,29 @@ restart:
prot |= PAGE_WRITE;
}
if (pte & PTE_X) {
- bool mxr;
+ bool mxr = false;
- if (first_stage == true) {
+ /*
+ * Use mstatus for first stage or for the second stage without
+ * virt_enabled (MPRV+MPV)
+ */
+ if (first_stage || !env->virt_enabled) {
mxr = get_field(env->mstatus, MSTATUS_MXR);
- } else {
- mxr = get_field(env->vsstatus, MSTATUS_MXR);
}
+
+ /* MPRV+MPV case, check VSSTATUS */
+ if (first_stage && two_stage && !env->virt_enabled) {
+ mxr |= get_field(env->vsstatus, MSTATUS_MXR);
+ }
+
+ /*
+ * Setting MXR at HS-level overrides both VS-stage and G-stage
+ * execute-only permissions
+ */
+ if (env->virt_enabled) {
+ mxr |= get_field(env->mstatus_hs, MSTATUS_MXR);
+ }
+
if (mxr) {
prot |= PAGE_READ;
}
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 14/31] vmdk: Don't corrupt desc file in vmdk_write_cid
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (12 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 13/31] target/riscv/cpu_helper.c: Fix mxr bit behavior Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 15/31] target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes Michael Tokarev
` (8 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Fam Zheng, Kevin Wolf, Eric Blake, Michael Tokarev
From: Fam Zheng <fam@euphon.net>
If the text description file is larger than DESC_SIZE, we force the last
byte in the buffer to be 0 and write it out.
This results in a corruption.
Try to allocate a big buffer in this case.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1923
Signed-off-by: Fam Zheng <fam@euphon.net>
Message-ID: <20231124115654.3239137-1-fam@euphon.net>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 9fb7b350ba9816ebca8a7614fec486fd4269ab2d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/block/vmdk.c b/block/vmdk.c
index 70066c2b01..58815dcef0 100644
--- a/block/vmdk.c
+++ b/block/vmdk.c
@@ -347,29 +347,41 @@ vmdk_write_cid(BlockDriverState *bs, uint32_t cid)
BDRVVmdkState *s = bs->opaque;
int ret = 0;
- desc = g_malloc0(DESC_SIZE);
- tmp_desc = g_malloc0(DESC_SIZE);
- ret = bdrv_co_pread(bs->file, s->desc_offset, DESC_SIZE, desc, 0);
+ size_t desc_buf_size;
+
+ if (s->desc_offset == 0) {
+ desc_buf_size = bdrv_getlength(bs->file->bs);
+ if (desc_buf_size > 16ULL << 20) {
+ error_report("VMDK description file too big");
+ return -EFBIG;
+ }
+ } else {
+ desc_buf_size = DESC_SIZE;
+ }
+
+ desc = g_malloc0(desc_buf_size);
+ tmp_desc = g_malloc0(desc_buf_size);
+ ret = bdrv_co_pread(bs->file, s->desc_offset, desc_buf_size, desc, 0);
if (ret < 0) {
goto out;
}
- desc[DESC_SIZE - 1] = '\0';
+ desc[desc_buf_size - 1] = '\0';
tmp_str = strstr(desc, "parentCID");
if (tmp_str == NULL) {
ret = -EINVAL;
goto out;
}
- pstrcpy(tmp_desc, DESC_SIZE, tmp_str);
+ pstrcpy(tmp_desc, desc_buf_size, tmp_str);
p_name = strstr(desc, "CID");
if (p_name != NULL) {
p_name += sizeof("CID");
- snprintf(p_name, DESC_SIZE - (p_name - desc), "%" PRIx32 "\n", cid);
- pstrcat(desc, DESC_SIZE, tmp_desc);
+ snprintf(p_name, desc_buf_size - (p_name - desc), "%" PRIx32 "\n", cid);
+ pstrcat(desc, desc_buf_size, tmp_desc);
}
- ret = bdrv_co_pwrite_sync(bs->file, s->desc_offset, DESC_SIZE, desc, 0);
+ ret = bdrv_co_pwrite_sync(bs->file, s->desc_offset, desc_buf_size, desc, 0);
out:
g_free(desc);
diff --git a/tests/qemu-iotests/059 b/tests/qemu-iotests/059
index e8be217e1f..9bcf1e7525 100755
--- a/tests/qemu-iotests/059
+++ b/tests/qemu-iotests/059
@@ -84,6 +84,8 @@ echo
echo "=== Testing big twoGbMaxExtentFlat ==="
_make_test_img -o "subformat=twoGbMaxExtentFlat" 1000G
_img_info --format-specific | _filter_img_info --format-specific
+$QEMU_IO -c "write 990G 512 -P 89" "$TEST_IMG" | _filter_qemu_io
+$QEMU_IO -c "read 990G 512 -P 89" "$TEST_IMG" | _filter_qemu_io
_cleanup_test_img
echo
diff --git a/tests/qemu-iotests/059.out b/tests/qemu-iotests/059.out
index 2b83c0c8b6..275ee7c778 100644
--- a/tests/qemu-iotests/059.out
+++ b/tests/qemu-iotests/059.out
@@ -2032,6 +2032,10 @@ Format specific information:
virtual size: 2147483648
filename: TEST_DIR/t-f500.IMGFMT
format: FLAT
+wrote 512/512 bytes at offset 1063004405760
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
+read 512/512 bytes at offset 1063004405760
+512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec)
=== Testing malformed VMFS extent description line ===
qemu-img: Could not open 'TEST_DIR/t.IMGFMT': Invalid extent line: RW 12582912 VMFS "dummy.IMGFMT" 1
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 15/31] target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (13 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 14/31] vmdk: Don't corrupt desc file in vmdk_write_cid Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 16/31] target/arm: Handle overflow in calculation of next timer tick Michael Tokarev
` (7 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel; +Cc: qemu-stable, Peter Maydell, Richard Henderson, Michael Tokarev
From: Peter Maydell <peter.maydell@linaro.org>
The syndrome register value always has an IL field at bit 25, which
is 0 for a trap on a 16 bit instruction, and 1 for a trap on a 32
bit instruction (or for exceptions which aren't traps on a known
instruction, like PC alignment faults). This means that our
syn_*() functions should always either take an is_16bit argument to
determine whether to set the IL bit, or else unconditionally set it.
We missed setting the IL bit for the syndrome for three kinds of trap:
* an SVE access exception
* a pointer authentication check failure
* a BTI (branch target identification) check failure
All of these traps are AArch64 only, and so the instruction causing
the trap is always 64 bit. This means we can unconditionally set
the IL bit in the syn_*() function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231120150121.3458408-1-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 11a3c4a286d5dc603582ea0a1fca62c2ec0a1aee)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/arm/syndrome.h b/target/arm/syndrome.h
index 62254d0e51..63d0f37a1c 100644
--- a/target/arm/syndrome.h
+++ b/target/arm/syndrome.h
@@ -214,7 +214,7 @@ static inline uint32_t syn_simd_access_trap(int cv, int cond, bool is_16bit)
static inline uint32_t syn_sve_access_trap(void)
{
- return EC_SVEACCESSTRAP << ARM_EL_EC_SHIFT;
+ return (EC_SVEACCESSTRAP << ARM_EL_EC_SHIFT) | ARM_EL_IL;
}
/*
@@ -234,12 +234,12 @@ static inline uint32_t syn_smetrap(SMEExceptionType etype, bool is_16bit)
static inline uint32_t syn_pactrap(void)
{
- return EC_PACTRAP << ARM_EL_EC_SHIFT;
+ return (EC_PACTRAP << ARM_EL_EC_SHIFT) | ARM_EL_IL;
}
static inline uint32_t syn_btitrap(int btype)
{
- return (EC_BTITRAP << ARM_EL_EC_SHIFT) | btype;
+ return (EC_BTITRAP << ARM_EL_EC_SHIFT) | ARM_EL_IL | btype;
}
static inline uint32_t syn_bxjtrap(int cv, int cond, int rm)
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 16/31] target/arm: Handle overflow in calculation of next timer tick
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (14 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 15/31] target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 17/31] hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize() Michael Tokarev
` (6 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Peter Maydell, Alex Bennée, Richard Henderson,
Michael Tokarev
From: Peter Maydell <peter.maydell@linaro.org>
In commit edac4d8a168 back in 2015 when we added support for
the virtual timer offset CNTVOFF_EL2, we didn't correctly update
the timer-recalculation code that figures out when the timer
interrupt is next going to change state. We got it wrong in
two ways:
* for the 0->1 transition, we didn't notice that gt->cval + offset
can overflow a uint64_t
* for the 1->0 transition, we didn't notice that the transition
might now happen before the count rolls over, if offset > count
In the former case, we end up trying to set the next interrupt
for a time in the past, which results in QEMU hanging as the
timer fires continuously.
In the latter case, we would fail to update the interrupt
status when we are supposed to.
Fix the calculations in both cases.
The test case is Alex Bennée's from the bug report, and tests
the 0->1 transition overflow case.
Fixes: edac4d8a168 ("target-arm: Add CNTVOFF_EL2")
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/60
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231120173506.3729884-1-peter.maydell@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 8d37a1425b9954d7e445615dcad23456515e24c0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/target/arm/helper.c b/target/arm/helper.c
index f66b610bdd..01822b9086 100644
--- a/target/arm/helper.c
+++ b/target/arm/helper.c
@@ -2616,11 +2616,28 @@ static void gt_recalc_timer(ARMCPU *cpu, int timeridx)
qemu_set_irq(cpu->gt_timer_outputs[timeridx], irqstate);
if (istatus) {
- /* Next transition is when count rolls back over to zero */
- nexttick = UINT64_MAX;
+ /*
+ * Next transition is when (count - offset) rolls back over to 0.
+ * If offset > count then this is when count == offset;
+ * if offset <= count then this is when count == offset + 2^64
+ * For the latter case we set nexttick to an "as far in future
+ * as possible" value and let the code below handle it.
+ */
+ if (offset > count) {
+ nexttick = offset;
+ } else {
+ nexttick = UINT64_MAX;
+ }
} else {
- /* Next transition is when we hit cval */
- nexttick = gt->cval + offset;
+ /*
+ * Next transition is when (count - offset) == cval, i.e.
+ * when count == (cval + offset).
+ * If that would overflow, then again we set up the next interrupt
+ * for "as far in the future as possible" for the code below.
+ */
+ if (uadd64_overflow(gt->cval, offset, &nexttick)) {
+ nexttick = UINT64_MAX;
+ }
}
/*
* Note that the desired next expiry time might be beyond the
diff --git a/tests/tcg/aarch64/Makefile.softmmu-target b/tests/tcg/aarch64/Makefile.softmmu-target
index b74a2534e3..d71659cc22 100644
--- a/tests/tcg/aarch64/Makefile.softmmu-target
+++ b/tests/tcg/aarch64/Makefile.softmmu-target
@@ -45,7 +45,8 @@ TESTS+=memory-sve
# Running
QEMU_BASE_MACHINE=-M virt -cpu max -display none
-QEMU_OPTS+=$(QEMU_BASE_MACHINE) -semihosting-config enable=on,target=native,chardev=output -kernel
+QEMU_BASE_ARGS=-semihosting-config enable=on,target=native,chardev=output
+QEMU_OPTS+=$(QEMU_BASE_MACHINE) $(QEMU_BASE_ARGS) -kernel
# console test is manual only
QEMU_SEMIHOST=-chardev stdio,mux=on,id=stdio0 -semihosting-config enable=on,chardev=stdio0 -mon chardev=stdio0,mode=readline
@@ -55,6 +56,10 @@ run-semiconsole: semiconsole
run-plugin-semiconsole-with-%: semiconsole
$(call skip-test, $<, "MANUAL ONLY")
+# vtimer test needs EL2
+QEMU_EL2_MACHINE=-machine virt,virtualization=on,gic-version=2 -cpu cortex-a57 -smp 4
+run-vtimer: QEMU_OPTS=$(QEMU_EL2_MACHINE) $(QEMU_BASE_ARGS) -kernel
+
# Simple Record/Replay Test
.PHONY: memory-record
run-memory-record: memory-record memory
diff --git a/tests/tcg/aarch64/system/vtimer.c b/tests/tcg/aarch64/system/vtimer.c
new file mode 100644
index 0000000000..42f2f7796c
--- /dev/null
+++ b/tests/tcg/aarch64/system/vtimer.c
@@ -0,0 +1,48 @@
+/*
+ * Simple Virtual Timer Test
+ *
+ * Copyright (c) 2020 Linaro Ltd
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include <inttypes.h>
+#include <minilib.h>
+
+/* grabbed from Linux */
+#define __stringify_1(x...) #x
+#define __stringify(x...) __stringify_1(x)
+
+#define read_sysreg(r) ({ \
+ uint64_t __val; \
+ asm volatile("mrs %0, " __stringify(r) : "=r" (__val)); \
+ __val; \
+})
+
+#define write_sysreg(r, v) do { \
+ uint64_t __val = (uint64_t)(v); \
+ asm volatile("msr " __stringify(r) ", %x0" \
+ : : "rZ" (__val)); \
+} while (0)
+
+int main(void)
+{
+ int i;
+
+ ml_printf("VTimer Test\n");
+
+ write_sysreg(cntvoff_el2, 1);
+ write_sysreg(cntv_cval_el0, -1);
+ write_sysreg(cntv_ctl_el0, 1);
+
+ ml_printf("cntvoff_el2=%lx\n", read_sysreg(cntvoff_el2));
+ ml_printf("cntv_cval_el0=%lx\n", read_sysreg(cntv_cval_el0));
+ ml_printf("cntv_ctl_el0=%lx\n", read_sysreg(cntv_ctl_el0));
+
+ /* Now read cval a few times */
+ for (i = 0; i < 10; i++) {
+ ml_printf("%d: cntv_cval_el0=%lx\n", i, read_sysreg(cntv_cval_el0));
+ }
+
+ return 0;
+}
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 17/31] hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize()
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (15 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 16/31] target/arm: Handle overflow in calculation of next timer tick Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 18/31] hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array " Michael Tokarev
` (5 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Philippe Mathieu-Daudé, Eric Auger,
Peter Maydell, Michael Tokarev
From: Philippe Mathieu-Daudé <philmd@linaro.org>
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 8077b8e549 added:
DEFINE_PROP_ARRAY("reserved-regions", VirtIOIOMMUPCI,
vdev.nb_reserved_regions, vdev.reserved_regions,
qdev_prop_reserved_region, ReservedRegion),
but forgot to free the 'vdev.reserved_regions' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 8077b8e549 ("virtio-iommu-pci: Add array of Interval properties") # v5.1.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20231121174051.63038-3-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit c9a4aa06dfce0fde1e279e1ea0c1945582ec0d16)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup hw/virtio/virtio-iommu-pci.c for before v8.1.0-2552-g41cc70cdf5,
"virtio-iommu: Rename reserved_regions into prop_resv_regions" -- so now
patch subject matches actual change again)
diff --git a/hw/virtio/virtio-iommu-pci.c b/hw/virtio/virtio-iommu-pci.c
index 7ef2f9dcdb..eab6e1c793 100644
--- a/hw/virtio/virtio-iommu-pci.c
+++ b/hw/virtio/virtio-iommu-pci.c
@@ -95,10 +95,18 @@ static void virtio_iommu_pci_instance_init(Object *obj)
TYPE_VIRTIO_IOMMU);
}
+static void virtio_iommu_pci_instance_finalize(Object *obj)
+{
+ VirtIOIOMMUPCI *dev = VIRTIO_IOMMU_PCI(obj);
+
+ g_free(dev->vdev.reserved_regions);
+}
+
static const VirtioPCIDeviceTypeInfo virtio_iommu_pci_info = {
.generic_name = TYPE_VIRTIO_IOMMU_PCI,
.instance_size = sizeof(VirtIOIOMMUPCI),
.instance_init = virtio_iommu_pci_instance_init,
+ .instance_finalize = virtio_iommu_pci_instance_finalize,
.class_init = virtio_iommu_pci_class_init,
};
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 18/31] hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array on finalize()
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (16 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 17/31] hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize() Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 19/31] hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] " Michael Tokarev
` (4 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Philippe Mathieu-Daudé, Peter Maydell,
Michael Tokarev
From: Philippe Mathieu-Daudé <philmd@linaro.org>
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 4fb013afcc added:
DEFINE_PROP_ARRAY("oscclk", MPS2SCC, num_oscclk, oscclk_reset,
qdev_prop_uint32, uint32_t),
but forgot to free the 'oscclk_reset' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 4fb013afcc ("hw/misc/mps2-scc: Support configurable number of OSCCLK values") # v6.0.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-4-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 896dd6ff7b9f2575f1a908a07f26a70b58d8b675)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/misc/mps2-scc.c b/hw/misc/mps2-scc.c
index b3b42a792c..fe5034db14 100644
--- a/hw/misc/mps2-scc.c
+++ b/hw/misc/mps2-scc.c
@@ -329,6 +329,13 @@ static void mps2_scc_realize(DeviceState *dev, Error **errp)
s->oscclk = g_new0(uint32_t, s->num_oscclk);
}
+static void mps2_scc_finalize(Object *obj)
+{
+ MPS2SCC *s = MPS2_SCC(obj);
+
+ g_free(s->oscclk_reset);
+}
+
static const VMStateDescription mps2_scc_vmstate = {
.name = "mps2-scc",
.version_id = 3,
@@ -385,6 +392,7 @@ static const TypeInfo mps2_scc_info = {
.parent = TYPE_SYS_BUS_DEVICE,
.instance_size = sizeof(MPS2SCC),
.instance_init = mps2_scc_init,
+ .instance_finalize = mps2_scc_finalize,
.class_init = mps2_scc_class_init,
};
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 19/31] hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] array on finalize()
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (17 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 18/31] hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array " Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 20/31] hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array Michael Tokarev
` (3 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Philippe Mathieu-Daudé, Peter Maydell,
Michael Tokarev
From: Philippe Mathieu-Daudé <philmd@linaro.org>
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 68fbcc344e added:
DEFINE_PROP_ARRAY("read-only", XlnxEFuse, ro_bits_cnt, ro_bits,
qdev_prop_uint32, uint32_t),
but forgot to free the 'ro_bits' array. Do it in the instance_finalize
handler.
Cc: qemu-stable@nongnu.org
Fixes: 68fbcc344e ("hw/nvram: Introduce Xilinx eFuse QOM") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-5-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 49b3e28b7bdfe771150d05c4b5860aa7854a4232)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/nvram/xlnx-efuse.c b/hw/nvram/xlnx-efuse.c
index 655c40b8d1..f7b849f7de 100644
--- a/hw/nvram/xlnx-efuse.c
+++ b/hw/nvram/xlnx-efuse.c
@@ -224,6 +224,13 @@ static void efuse_realize(DeviceState *dev, Error **errp)
}
}
+static void efuse_finalize(Object *obj)
+{
+ XlnxEFuse *s = XLNX_EFUSE(obj);
+
+ g_free(s->ro_bits);
+}
+
static void efuse_prop_set_drive(Object *obj, Visitor *v, const char *name,
void *opaque, Error **errp)
{
@@ -280,6 +287,7 @@ static const TypeInfo efuse_info = {
.name = TYPE_XLNX_EFUSE,
.parent = TYPE_DEVICE,
.instance_size = sizeof(XlnxEFuse),
+ .instance_finalize = efuse_finalize,
.class_init = efuse_class_init,
};
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 20/31] hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (18 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 19/31] hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] " Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 21/31] hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field Michael Tokarev
` (2 subsequent siblings)
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Philippe Mathieu-Daudé, Peter Maydell,
Michael Tokarev
From: Philippe Mathieu-Daudé <philmd@linaro.org>
Commit 0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit 9e4aa1fafe added:
DEFINE_PROP_ARRAY("pg0-lock",
XlnxVersalEFuseCtrl, extra_pg0_lock_n16,
extra_pg0_lock_spec, qdev_prop_uint16, uint16_t),
but forgot to free the 'extra_pg0_lock_spec' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes: 9e4aa1fafe ("hw/nvram: Xilinx Versal eFuse device") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-6-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4f10c66077e39969940d928077560665e155cac8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/nvram/xlnx-versal-efuse-ctrl.c b/hw/nvram/xlnx-versal-efuse-ctrl.c
index b35ba65ab5..2d2dc09526 100644
--- a/hw/nvram/xlnx-versal-efuse-ctrl.c
+++ b/hw/nvram/xlnx-versal-efuse-ctrl.c
@@ -725,6 +725,13 @@ static void efuse_ctrl_init(Object *obj)
sysbus_init_irq(sbd, &s->irq_efuse_imr);
}
+static void efuse_ctrl_finalize(Object *obj)
+{
+ XlnxVersalEFuseCtrl *s = XLNX_VERSAL_EFUSE_CTRL(obj);
+
+ g_free(s->extra_pg0_lock_spec);
+}
+
static const VMStateDescription vmstate_efuse_ctrl = {
.name = TYPE_XLNX_VERSAL_EFUSE_CTRL,
.version_id = 1,
@@ -762,6 +769,7 @@ static const TypeInfo efuse_ctrl_info = {
.instance_size = sizeof(XlnxVersalEFuseCtrl),
.class_init = efuse_ctrl_class_init,
.instance_init = efuse_ctrl_init,
+ .instance_finalize = efuse_ctrl_finalize,
};
static void efuse_ctrl_register_types(void)
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 21/31] hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (19 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 20/31] hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 22/31] hw/avr/atmega: Fix wrong initial value of stack pointer Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 23/31] hw/audio/hda-codec: fix multiplication overflow Michael Tokarev
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Philippe Mathieu-Daudé, Peter Maydell,
Michael Tokarev
From: Philippe Mathieu-Daudé <philmd@linaro.org>
The VirtioPCIDeviceTypeInfo structure, added in commit a4ee4c8baa
("virtio: Helper for registering virtio device types") got extended
in commit 8ea90ee690 ("virtio: add class_size") with the @class_size
field. Do similarly with the @instance_finalize field.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231121174051.63038-2-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 837053a7f491b445088eac647abe7f462c50f59a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/virtio/virtio-pci.c b/hw/virtio/virtio-pci.c
index edbc0daa18..c663fb2570 100644
--- a/hw/virtio/virtio-pci.c
+++ b/hw/virtio/virtio-pci.c
@@ -2388,6 +2388,7 @@ void virtio_pci_types_register(const VirtioPCIDeviceTypeInfo *t)
.parent = t->parent ? t->parent : TYPE_VIRTIO_PCI,
.instance_size = t->instance_size,
.instance_init = t->instance_init,
+ .instance_finalize = t->instance_finalize,
.class_size = t->class_size,
.abstract = true,
.interfaces = t->interfaces,
diff --git a/include/hw/virtio/virtio-pci.h b/include/hw/virtio/virtio-pci.h
index ab2051b64b..47c83edd28 100644
--- a/include/hw/virtio/virtio-pci.h
+++ b/include/hw/virtio/virtio-pci.h
@@ -246,6 +246,7 @@ typedef struct VirtioPCIDeviceTypeInfo {
size_t instance_size;
size_t class_size;
void (*instance_init)(Object *obj);
+ void (*instance_finalize)(Object *obj);
void (*class_init)(ObjectClass *klass, void *data);
InterfaceInfo *interfaces;
} VirtioPCIDeviceTypeInfo;
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 22/31] hw/avr/atmega: Fix wrong initial value of stack pointer
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (20 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 21/31] hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 23/31] hw/audio/hda-codec: fix multiplication overflow Michael Tokarev
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Gihun Nam, Philippe Mathieu-Daudé,
Michael Tokarev
From: Gihun Nam <gihun.nam@outlook.com>
The current implementation initializes the stack pointer of AVR devices
to 0. Although older AVR devices used to be like that, newer ones set
it to RAMEND.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1525
Signed-off-by: Gihun Nam <gihun.nam@outlook.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <PH0P222MB0010877445B594724D40C924DEBDA@PH0P222MB0010.NAMP222.PROD.OUTLOOK.COM>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 235948bf53860a1e2df5134eae7b0a30a971a124)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/avr/atmega.c b/hw/avr/atmega.c
index a34803e642..31c8992d75 100644
--- a/hw/avr/atmega.c
+++ b/hw/avr/atmega.c
@@ -233,6 +233,10 @@ static void atmega_realize(DeviceState *dev, Error **errp)
/* CPU */
object_initialize_child(OBJECT(dev), "cpu", &s->cpu, mc->cpu_type);
+
+ object_property_set_uint(OBJECT(&s->cpu), "init-sp",
+ mc->io_size + mc->sram_size - 1, &error_abort);
+
qdev_realize(DEVICE(&s->cpu), NULL, &error_abort);
cpudev = DEVICE(&s->cpu);
diff --git a/target/avr/cpu.c b/target/avr/cpu.c
index 8f741f258c..02d58484bb 100644
--- a/target/avr/cpu.c
+++ b/target/avr/cpu.c
@@ -25,6 +25,7 @@
#include "cpu.h"
#include "disas/dis-asm.h"
#include "tcg/debug-assert.h"
+#include "hw/qdev-properties.h"
static void avr_cpu_set_pc(CPUState *cs, vaddr value)
{
@@ -95,7 +96,7 @@ static void avr_cpu_reset_hold(Object *obj)
env->rampY = 0;
env->rampZ = 0;
env->eind = 0;
- env->sp = 0;
+ env->sp = cpu->init_sp;
env->skip = 0;
@@ -154,6 +155,11 @@ static void avr_cpu_initfn(Object *obj)
sizeof(cpu->env.intsrc) * 8);
}
+static Property avr_cpu_properties[] = {
+ DEFINE_PROP_UINT32("init-sp", AVRCPU, init_sp, 0),
+ DEFINE_PROP_END_OF_LIST()
+};
+
static ObjectClass *avr_cpu_class_by_name(const char *cpu_model)
{
ObjectClass *oc;
@@ -231,6 +237,8 @@ static void avr_cpu_class_init(ObjectClass *oc, void *data)
device_class_set_parent_realize(dc, avr_cpu_realizefn, &mcc->parent_realize);
+ device_class_set_props(dc, avr_cpu_properties);
+
resettable_class_set_parent_phases(rc, NULL, avr_cpu_reset_hold, NULL,
&mcc->parent_phases);
diff --git a/target/avr/cpu.h b/target/avr/cpu.h
index 7225174668..b73547deb2 100644
--- a/target/avr/cpu.h
+++ b/target/avr/cpu.h
@@ -150,6 +150,9 @@ struct ArchCPU {
CPUNegativeOffsetState neg;
CPUAVRState env;
+
+ /* Initial value of stack pointer */
+ uint32_t init_sp;
};
extern const struct VMStateDescription vms_avr_cpu;
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
* [Stable-8.1.4 23/31] hw/audio/hda-codec: fix multiplication overflow
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
` (21 preceding siblings ...)
2023-12-12 12:18 ` [Stable-8.1.4 22/31] hw/avr/atmega: Fix wrong initial value of stack pointer Michael Tokarev
@ 2023-12-12 12:18 ` Michael Tokarev
22 siblings, 0 replies; 24+ messages in thread
From: Michael Tokarev @ 2023-12-12 12:18 UTC (permalink / raw)
To: qemu-devel
Cc: qemu-stable, Volker Rümelin, M_O_Bz, Marc-André Lureau,
Michael S . Tsirkin, Michael Tokarev
From: Volker Rümelin <vr_qemu@t-online.de>
After a relatively short time, there is an multiplication overflow
when multiplying (now - buft_start) with hda_bytes_per_second().
While the uptime now - buft_start only overflows after 2**63 ns
= 292.27 years, this happens hda_bytes_per_second() times faster
with the multiplication. At 44100 samples/s * 2 channels
* 2 bytes/channel = 176400 bytes/s that is 14.52 hours. After the
multiplication overflow the affected audio stream stalls.
Replace the multiplication and following division with muldiv64()
to prevent a multiplication overflow.
Fixes: 280c1e1cdb ("audio/hda: create millisecond timers that handle IO")
Reported-by: M_O_Bz <m_o_bz@163.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20231105172552.8405-1-vr_qemu@t-online.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 74e8593e7e51d6b11ae9c56a3f4e7bb714bac4ec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
diff --git a/hw/audio/hda-codec.c b/hw/audio/hda-codec.c
index c51d8ba617..b2d08d8afb 100644
--- a/hw/audio/hda-codec.c
+++ b/hw/audio/hda-codec.c
@@ -22,6 +22,7 @@
#include "hw/qdev-properties.h"
#include "intel-hda.h"
#include "migration/vmstate.h"
+#include "qemu/host-utils.h"
#include "qemu/module.h"
#include "intel-hda-defs.h"
#include "audio/audio.h"
@@ -189,9 +190,9 @@ struct HDAAudioState {
bool use_timer;
};
-static inline int64_t hda_bytes_per_second(HDAAudioStream *st)
+static inline uint32_t hda_bytes_per_second(HDAAudioStream *st)
{
- return 2LL * st->as.nchannels * st->as.freq;
+ return 2 * (uint32_t)st->as.nchannels * (uint32_t)st->as.freq;
}
static inline void hda_timer_sync_adjust(HDAAudioStream *st, int64_t target_pos)
@@ -222,12 +223,18 @@ static void hda_audio_input_timer(void *opaque)
int64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
- int64_t buft_start = st->buft_start;
+ int64_t uptime = now - st->buft_start;
int64_t wpos = st->wpos;
int64_t rpos = st->rpos;
+ int64_t wanted_rpos;
- int64_t wanted_rpos = hda_bytes_per_second(st) * (now - buft_start)
- / NANOSECONDS_PER_SECOND;
+ if (uptime <= 0) {
+ /* wanted_rpos <= 0 */
+ goto out_timer;
+ }
+
+ wanted_rpos = muldiv64(uptime, hda_bytes_per_second(st),
+ NANOSECONDS_PER_SECOND);
wanted_rpos &= -4; /* IMPORTANT! clip to frames */
if (wanted_rpos <= rpos) {
@@ -286,12 +293,18 @@ static void hda_audio_output_timer(void *opaque)
int64_t now = qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL);
- int64_t buft_start = st->buft_start;
+ int64_t uptime = now - st->buft_start;
int64_t wpos = st->wpos;
int64_t rpos = st->rpos;
+ int64_t wanted_wpos;
+
+ if (uptime <= 0) {
+ /* wanted_wpos <= 0 */
+ goto out_timer;
+ }
- int64_t wanted_wpos = hda_bytes_per_second(st) * (now - buft_start)
- / NANOSECONDS_PER_SECOND;
+ wanted_wpos = muldiv64(uptime, hda_bytes_per_second(st),
+ NANOSECONDS_PER_SECOND);
wanted_wpos &= -4; /* IMPORTANT! clip to frames */
if (wanted_wpos <= wpos) {
--
2.39.2
^ permalink raw reply related [flat|nested] 24+ messages in thread
end of thread, other threads:[~2023-12-12 12:26 UTC | newest]
Thread overview: 24+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2023-12-12 12:17 [Stable-8.1.4 00/31] Patch Round-up for stable 8.1.4, freeze on 2023-12-20 Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 01/31] linux-user: xtensa: fix signal delivery in FDPIC Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 02/31] target/arm: Fix SME FMOPA (16-bit), BFMOPA Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 03/31] hw/ide/ahci: fix legacy software reset Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 04/31] net: Provide MemReentrancyGuard * to qemu_new_nic() Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 05/31] net: Update MemReentrancyGuard for NIC Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 06/31] linux-user: Fix loaddr computation for some elf files Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 07/31] tests/avocado: Replace assertEquals() for Python 3.12 compatibility Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 08/31] tests/avocado: Replace assertRegexpMatches() " Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 09/31] linux-user/riscv: Add Zicboz block size to hwprobe Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 10/31] hw/riscv/virt.c: do create_fdt() earlier, add finalize_fdt() Michael Tokarev
2023-12-12 12:17 ` [Stable-8.1.4 11/31] riscv: Fix SiFive E CLINT clock frequency Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 12/31] target/riscv/cpu_helper.c: Invalid exception on MMU translation stage Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 13/31] target/riscv/cpu_helper.c: Fix mxr bit behavior Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 14/31] vmdk: Don't corrupt desc file in vmdk_write_cid Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 15/31] target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 16/31] target/arm: Handle overflow in calculation of next timer tick Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 17/31] hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize() Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 18/31] hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array " Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 19/31] hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] " Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 20/31] hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 21/31] hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 22/31] hw/avr/atmega: Fix wrong initial value of stack pointer Michael Tokarev
2023-12-12 12:18 ` [Stable-8.1.4 23/31] hw/audio/hda-codec: fix multiplication overflow Michael Tokarev
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).