From 0a0923bb4835623af902f414e77565f2eb77ef2f Mon Sep 17 00:00:00 2001 From: Jiabo Feng Date: Sat, 30 Nov 2024 09:11:21 +0800 Subject: [PATCH 1/2] QEMU update to version 6.2.0-102: - target/ppc: Remove unused xer_* macros - hw/mips: Build fw_cfg.c once - minikconf: print error entirely on stderr - target/ppc: Remove extra space from s128 field in ppc_vsr_t - hw/arm/virt:Keep Guest L1 cache type consistent with KVM - pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym Signed-off-by: Jiabo Feng (cherry picked from commit d1b87187cf117c1b09ecb9422379af9a66c6f949) --- ...-Guest-L1-cache-type-consistent-with.patch | 669 ++++++++++++++++++ hw-mips-Build-fw_cfg.c-once.patch | 37 + ...kconf-print-error-entirely-on-stderr.patch | 38 + ...Use-the-official-xkb-name-for-Arabic.patch | 61 ++ qemu.spec | 16 +- ...e-extra-space-from-s128-field-in-ppc.patch | 37 + target-ppc-Remove-unused-xer_-macros.patch | 39 + 7 files changed, 896 insertions(+), 1 deletion(-) create mode 100644 hw-arm-virt-Keep-Guest-L1-cache-type-consistent-with.patch create mode 100644 hw-mips-Build-fw_cfg.c-once.patch create mode 100644 minikconf-print-error-entirely-on-stderr.patch create mode 100644 pc-bios-keymaps-Use-the-official-xkb-name-for-Arabic.patch create mode 100644 target-ppc-Remove-extra-space-from-s128-field-in-ppc.patch create mode 100644 target-ppc-Remove-unused-xer_-macros.patch diff --git a/hw-arm-virt-Keep-Guest-L1-cache-type-consistent-with.patch b/hw-arm-virt-Keep-Guest-L1-cache-type-consistent-with.patch new file mode 100644 index 0000000..9118589 --- /dev/null +++ b/hw-arm-virt-Keep-Guest-L1-cache-type-consistent-with.patch @@ -0,0 +1,669 @@ +From a898db34ae36f10a0d03c59b2ad57a6e990b10e7 Mon Sep 17 00:00:00 2001 +From: Jia Qingtong +Date: Tue, 24 Sep 2024 18:24:33 +0800 +Subject: [PATCH] hw/arm/virt:Keep Guest L1 cache type consistent with KVM + +Linux KVM normalize the cache configuration and expose a +fabricated CLIDR_EL1 value to guest, where L1 cache type +could be unified or seperate instruction cache and data +cache. Let's keep guest L1 cache type consistent with +KVM by checking the guest visable CLIDR_EL1, which can +avoid abnormal issue in guest when it's probing cache +info conbined CLIDR_EL1 with ACPI PPTT and DT. + +Signed-off-by: Yanan Wang +Signed-off-by: lishusen +--- + hw/acpi/aml-build.c | 165 ++--------------------------------- + hw/arm/virt-acpi-build.c | 167 ++++++++++++++++++++++++++++++++++++ + hw/arm/virt.c | 86 +++++++++++++++---- + include/hw/acpi/aml-build.h | 52 ++--------- + include/hw/arm/virt.h | 60 +++++++++++++ + 5 files changed, 306 insertions(+), 224 deletions(-) + +diff --git a/hw/acpi/aml-build.c b/hw/acpi/aml-build.c +index 39b8d807c0..0a9981acc1 100644 +--- a/hw/acpi/aml-build.c ++++ b/hw/acpi/aml-build.c +@@ -47,7 +47,7 @@ static void build_prepend_byte(GArray *array, uint8_t val) + g_array_prepend_val(array, val); + } + +-static void build_append_byte(GArray *array, uint8_t val) ++void build_append_byte(GArray *array, uint8_t val) + { + g_array_append_val(array, val); + } +@@ -1990,10 +1990,10 @@ void build_slit(GArray *table_data, BIOSLinker *linker, MachineState *ms, + * ACPI spec, Revision 6.3 + * 5.2.29.1 Processor hierarchy node structure (Type 0) + */ +-static void build_processor_hierarchy_node(GArray *tbl, uint32_t flags, +- uint32_t parent, uint32_t id, +- uint32_t *priv_rsrc, +- uint32_t priv_num) ++void build_processor_hierarchy_node(GArray *tbl, uint32_t flags, ++ uint32_t parent, uint32_t id, ++ uint32_t *priv_rsrc, ++ uint32_t priv_num) + { + int i; + +@@ -2016,161 +2016,6 @@ static void build_processor_hierarchy_node(GArray *tbl, uint32_t flags, + } + } + +-/* +- * ACPI spec, Revision 6.3 +- * 5.2.29.2 Cache Type Structure (Type 1) +- */ +-static void build_cache_hierarchy_node(GArray *tbl, uint32_t next_level, +- uint32_t cache_type) +-{ +- build_append_byte(tbl, 1); +- build_append_byte(tbl, 24); +- build_append_int_noprefix(tbl, 0, 2); +- build_append_int_noprefix(tbl, 127, 4); +- build_append_int_noprefix(tbl, next_level, 4); +- +- switch (cache_type) { +- case ARM_L1D_CACHE: /* L1 dcache info */ +- build_append_int_noprefix(tbl, ARM_L1DCACHE_SIZE, 4); +- build_append_int_noprefix(tbl, ARM_L1DCACHE_SETS, 4); +- build_append_byte(tbl, ARM_L1DCACHE_ASSOCIATIVITY); +- build_append_byte(tbl, ARM_L1DCACHE_ATTRIBUTES); +- build_append_int_noprefix(tbl, ARM_L1DCACHE_LINE_SIZE, 2); +- break; +- case ARM_L1I_CACHE: /* L1 icache info */ +- build_append_int_noprefix(tbl, ARM_L1ICACHE_SIZE, 4); +- build_append_int_noprefix(tbl, ARM_L1ICACHE_SETS, 4); +- build_append_byte(tbl, ARM_L1ICACHE_ASSOCIATIVITY); +- build_append_byte(tbl, ARM_L1ICACHE_ATTRIBUTES); +- build_append_int_noprefix(tbl, ARM_L1ICACHE_LINE_SIZE, 2); +- break; +- case ARM_L2_CACHE: /* L2 cache info */ +- build_append_int_noprefix(tbl, ARM_L2CACHE_SIZE, 4); +- build_append_int_noprefix(tbl, ARM_L2CACHE_SETS, 4); +- build_append_byte(tbl, ARM_L2CACHE_ASSOCIATIVITY); +- build_append_byte(tbl, ARM_L2CACHE_ATTRIBUTES); +- build_append_int_noprefix(tbl, ARM_L2CACHE_LINE_SIZE, 2); +- break; +- case ARM_L3_CACHE: /* L3 cache info */ +- build_append_int_noprefix(tbl, ARM_L3CACHE_SIZE, 4); +- build_append_int_noprefix(tbl, ARM_L3CACHE_SETS, 4); +- build_append_byte(tbl, ARM_L3CACHE_ASSOCIATIVITY); +- build_append_byte(tbl, ARM_L3CACHE_ATTRIBUTES); +- build_append_int_noprefix(tbl, ARM_L3CACHE_LINE_SIZE, 2); +- break; +- default: +- build_append_int_noprefix(tbl, 0, 4); +- build_append_int_noprefix(tbl, 0, 4); +- build_append_byte(tbl, 0); +- build_append_byte(tbl, 0); +- build_append_int_noprefix(tbl, 0, 2); +- } +-} +- +-/* +- * ACPI spec, Revision 6.3 +- * 5.2.29 Processor Properties Topology Table (PPTT) +- */ +-void build_pptt_arm(GArray *table_data, BIOSLinker *linker, MachineState *ms, +- const char *oem_id, const char *oem_table_id) +-{ +- MachineClass *mc = MACHINE_GET_CLASS(ms); +- GQueue *list = g_queue_new(); +- guint pptt_start = table_data->len; +- guint parent_offset; +- guint length, i; +- int uid = 0; +- int socket; +- AcpiTable table = { .sig = "PPTT", .rev = 2, +- .oem_id = oem_id, .oem_table_id = oem_table_id }; +- +- acpi_table_begin(&table, table_data); +- +- for (socket = 0; socket < ms->smp.sockets; socket++) { +- uint32_t l3_cache_offset = table_data->len - pptt_start; +- build_cache_hierarchy_node(table_data, 0, ARM_L3_CACHE); +- +- g_queue_push_tail(list, +- GUINT_TO_POINTER(table_data->len - pptt_start)); +- build_processor_hierarchy_node( +- table_data, +- /* +- * Physical package - represents the boundary +- * of a physical package +- */ +- (1 << 0), +- 0, socket, &l3_cache_offset, 1); +- } +- +- if (mc->smp_props.clusters_supported) { +- length = g_queue_get_length(list); +- for (i = 0; i < length; i++) { +- int cluster; +- +- parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list)); +- for (cluster = 0; cluster < ms->smp.clusters; cluster++) { +- g_queue_push_tail(list, +- GUINT_TO_POINTER(table_data->len - pptt_start)); +- build_processor_hierarchy_node( +- table_data, +- (0 << 0), /* not a physical package */ +- parent_offset, cluster, NULL, 0); +- } +- } +- } +- +- length = g_queue_get_length(list); +- for (i = 0; i < length; i++) { +- int core; +- +- parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list)); +- for (core = 0; core < ms->smp.cores; core++) { +- uint32_t priv_rsrc[3] = {}; +- priv_rsrc[0] = table_data->len - pptt_start; /* L2 cache offset */ +- build_cache_hierarchy_node(table_data, 0, ARM_L2_CACHE); +- +- priv_rsrc[1] = table_data->len - pptt_start; /* L1 dcache offset */ +- build_cache_hierarchy_node(table_data, priv_rsrc[0], ARM_L1D_CACHE); +- +- priv_rsrc[2] = table_data->len - pptt_start; /* L1 icache offset */ +- build_cache_hierarchy_node(table_data, priv_rsrc[0], ARM_L1I_CACHE); +- +- if (ms->smp.threads > 1) { +- g_queue_push_tail(list, +- GUINT_TO_POINTER(table_data->len - pptt_start)); +- build_processor_hierarchy_node( +- table_data, +- (0 << 0), /* not a physical package */ +- parent_offset, core, priv_rsrc, 3); +- } else { +- build_processor_hierarchy_node( +- table_data, +- (1 << 1) | /* ACPI Processor ID valid */ +- (1 << 3), /* Node is a Leaf */ +- parent_offset, uid++, priv_rsrc, 3); +- } +- } +- } +- +- length = g_queue_get_length(list); +- for (i = 0; i < length; i++) { +- int thread; +- +- parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list)); +- for (thread = 0; thread < ms->smp.threads; thread++) { +- build_processor_hierarchy_node( +- table_data, +- (1 << 1) | /* ACPI Processor ID valid */ +- (1 << 2) | /* Processor is a Thread */ +- (1 << 3), /* Node is a Leaf */ +- parent_offset, uid++, NULL, 0); +- } +- } +- +- g_queue_free(list); +- acpi_table_end(linker, &table); +-} +- + /* + * ACPI spec, Revision 6.3 + * 5.2.29 Processor Properties Topology Table (PPTT) +diff --git a/hw/arm/virt-acpi-build.c b/hw/arm/virt-acpi-build.c +index 89cecdd8e6..ed220d5d40 100644 +--- a/hw/arm/virt-acpi-build.c ++++ b/hw/arm/virt-acpi-build.c +@@ -60,6 +60,173 @@ + + #define ACPI_BUILD_TABLE_SIZE 0x20000 + ++/* ++ * ACPI spec, Revision 6.3 ++ * 5.2.29.2 Cache Type Structure (Type 1) ++ */ ++static void build_cache_hierarchy_node(GArray *tbl, uint32_t next_level, ++ uint32_t cache_type) ++{ ++ build_append_byte(tbl, 1); ++ build_append_byte(tbl, 24); ++ build_append_int_noprefix(tbl, 0, 2); ++ build_append_int_noprefix(tbl, 127, 4); ++ build_append_int_noprefix(tbl, next_level, 4); ++ ++ switch (cache_type) { ++ case ARM_L1D_CACHE: /* L1 dcache info */ ++ build_append_int_noprefix(tbl, ARM_L1DCACHE_SIZE, 4); ++ build_append_int_noprefix(tbl, ARM_L1DCACHE_SETS, 4); ++ build_append_byte(tbl, ARM_L1DCACHE_ASSOCIATIVITY); ++ build_append_byte(tbl, ARM_L1DCACHE_ATTRIBUTES); ++ build_append_int_noprefix(tbl, ARM_L1DCACHE_LINE_SIZE, 2); ++ break; ++ case ARM_L1I_CACHE: /* L1 icache info */ ++ build_append_int_noprefix(tbl, ARM_L1ICACHE_SIZE, 4); ++ build_append_int_noprefix(tbl, ARM_L1ICACHE_SETS, 4); ++ build_append_byte(tbl, ARM_L1ICACHE_ASSOCIATIVITY); ++ build_append_byte(tbl, ARM_L1ICACHE_ATTRIBUTES); ++ build_append_int_noprefix(tbl, ARM_L1ICACHE_LINE_SIZE, 2); ++ break; ++ case ARM_L1_CACHE: /* L1 cache info */ ++ build_append_int_noprefix(tbl, ARM_L1CACHE_SIZE, 4); ++ build_append_int_noprefix(tbl, ARM_L1CACHE_SETS, 4); ++ build_append_byte(tbl, ARM_L1CACHE_ASSOCIATIVITY); ++ build_append_byte(tbl, ARM_L1CACHE_ATTRIBUTES); ++ build_append_int_noprefix(tbl, ARM_L1CACHE_LINE_SIZE, 2); ++ break; ++ case ARM_L2_CACHE: /* L2 cache info */ ++ build_append_int_noprefix(tbl, ARM_L2CACHE_SIZE, 4); ++ build_append_int_noprefix(tbl, ARM_L2CACHE_SETS, 4); ++ build_append_byte(tbl, ARM_L2CACHE_ASSOCIATIVITY); ++ build_append_byte(tbl, ARM_L2CACHE_ATTRIBUTES); ++ build_append_int_noprefix(tbl, ARM_L2CACHE_LINE_SIZE, 2); ++ break; ++ case ARM_L3_CACHE: /* L3 cache info */ ++ build_append_int_noprefix(tbl, ARM_L3CACHE_SIZE, 4); ++ build_append_int_noprefix(tbl, ARM_L3CACHE_SETS, 4); ++ build_append_byte(tbl, ARM_L3CACHE_ASSOCIATIVITY); ++ build_append_byte(tbl, ARM_L3CACHE_ATTRIBUTES); ++ build_append_int_noprefix(tbl, ARM_L3CACHE_LINE_SIZE, 2); ++ break; ++ default: ++ build_append_int_noprefix(tbl, 0, 4); ++ build_append_int_noprefix(tbl, 0, 4); ++ build_append_byte(tbl, 0); ++ build_append_byte(tbl, 0); ++ build_append_int_noprefix(tbl, 0, 2); ++ } ++} ++ ++/* ++ * ACPI spec, Revision 6.3 ++ * 5.2.29 Processor Properties Topology Table (PPTT) ++ */ ++static void build_pptt_arm(GArray *table_data, BIOSLinker *linker, MachineState *ms, ++ const char *oem_id, const char *oem_table_id) ++{ ++ MachineClass *mc = MACHINE_GET_CLASS(ms); ++ GQueue *list = g_queue_new(); ++ guint pptt_start = table_data->len; ++ guint parent_offset; ++ guint length, i; ++ int uid = 0; ++ int socket; ++ AcpiTable table = { .sig = "PPTT", .rev = 2, ++ .oem_id = oem_id, .oem_table_id = oem_table_id }; ++ bool unified_l1 = cpu_l1_cache_unified(0); ++ ++ acpi_table_begin(&table, table_data); ++ ++ for (socket = 0; socket < ms->smp.sockets; socket++) { ++ uint32_t l3_cache_offset = table_data->len - pptt_start; ++ build_cache_hierarchy_node(table_data, 0, ARM_L3_CACHE); ++ ++ g_queue_push_tail(list, ++ GUINT_TO_POINTER(table_data->len - pptt_start)); ++ build_processor_hierarchy_node( ++ table_data, ++ /* ++ * Physical package - represents the boundary ++ * of a physical package ++ */ ++ (1 << 0), ++ 0, socket, &l3_cache_offset, 1); ++ } ++ ++ if (mc->smp_props.clusters_supported) { ++ length = g_queue_get_length(list); ++ for (i = 0; i < length; i++) { ++ int cluster; ++ ++ parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list)); ++ for (cluster = 0; cluster < ms->smp.clusters; cluster++) { ++ g_queue_push_tail(list, ++ GUINT_TO_POINTER(table_data->len - pptt_start)); ++ build_processor_hierarchy_node( ++ table_data, ++ (0 << 0), /* not a physical package */ ++ parent_offset, cluster, NULL, 0); ++ } ++ } ++ } ++ ++ length = g_queue_get_length(list); ++ for (i = 0; i < length; i++) { ++ int core; ++ ++ parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list)); ++ for (core = 0; core < ms->smp.cores; core++) { ++ uint32_t priv_rsrc[3] = {}; ++ priv_rsrc[0] = table_data->len - pptt_start; /* L2 cache offset */ ++ build_cache_hierarchy_node(table_data, 0, ARM_L2_CACHE); ++ ++ if (unified_l1) { ++ priv_rsrc[1] = table_data->len - pptt_start; /* L1 cache offset */ ++ build_cache_hierarchy_node(table_data, priv_rsrc[0], ARM_L1_CACHE); ++ } else { ++ priv_rsrc[1] = table_data->len - pptt_start; /* L1 dcache offset */ ++ build_cache_hierarchy_node(table_data, priv_rsrc[0], ARM_L1D_CACHE); ++ priv_rsrc[2] = table_data->len - pptt_start; /* L1 icache offset */ ++ build_cache_hierarchy_node(table_data, priv_rsrc[0], ARM_L1I_CACHE); ++ } ++ ++ if (ms->smp.threads > 1) { ++ g_queue_push_tail(list, ++ GUINT_TO_POINTER(table_data->len - pptt_start)); ++ build_processor_hierarchy_node( ++ table_data, ++ (0 << 0), /* not a physical package */ ++ parent_offset, core, priv_rsrc, 3); ++ } else { ++ build_processor_hierarchy_node( ++ table_data, ++ (1 << 1) | /* ACPI Processor ID valid */ ++ (1 << 3), /* Node is a Leaf */ ++ parent_offset, uid++, priv_rsrc, 3); ++ } ++ } ++ } ++ ++ length = g_queue_get_length(list); ++ for (i = 0; i < length; i++) { ++ int thread; ++ ++ parent_offset = GPOINTER_TO_UINT(g_queue_pop_head(list)); ++ for (thread = 0; thread < ms->smp.threads; thread++) { ++ build_processor_hierarchy_node( ++ table_data, ++ (1 << 1) | /* ACPI Processor ID valid */ ++ (1 << 2) | /* Processor is a Thread */ ++ (1 << 3), /* Node is a Leaf */ ++ parent_offset, uid++, NULL, 0); ++ } ++ } ++ ++ g_queue_free(list); ++ acpi_table_end(linker, &table); ++} ++ + static void acpi_dsdt_add_psd(Aml *dev, int cpus) + { + Aml *pkg; +diff --git a/hw/arm/virt.c b/hw/arm/virt.c +index 3394d3a6a6..d31675b0fd 100644 +--- a/hw/arm/virt.c ++++ b/hw/arm/virt.c +@@ -369,6 +369,39 @@ static void fdt_add_timer_nodes(const VirtMachineState *vms) + GIC_FDT_IRQ_TYPE_PPI, ARCH_TIMER_NS_EL2_IRQ, irqflags); + } + ++/* ++ * In CLIDR_EL1 exposed to guest by the hypervisor, L1 cache type ++ * maybe unified or seperate ins and data. We need to read the ++ * guest visable CLIDR_EL1 and check L1 cache type. ++ */ ++bool cpu_l1_cache_unified(int cpu) ++{ ++ bool unified = false; ++ uint64_t clidr; ++ ARMCPU *armcpu = ARM_CPU(qemu_get_cpu(cpu)); ++ CPUState *cs = CPU(armcpu); ++ int ret; ++ ++ if (kvm_enabled()) { ++ struct kvm_one_reg reg = { ++ .id = ARM64_REG_CLIDR_EL1, ++ .addr = (uintptr_t)&clidr ++ }; ++ ++ ret = kvm_vcpu_ioctl(cs, KVM_GET_ONE_REG, ®); ++ if (ret) { ++ error_setg(&error_fatal, "Get vCPU clidr from KVM failed:%d", ret); ++ return unified; ++ } ++ ++ if (CLIDR_CTYPE(clidr, 1) == CTYPE_UNIFIED) { ++ unified = true; ++ } ++ } ++ ++ return unified; ++} ++ + static void fdt_add_l3cache_nodes(const VirtMachineState *vms) + { + int i; +@@ -383,9 +416,10 @@ static void fdt_add_l3cache_nodes(const VirtMachineState *vms) + qemu_fdt_setprop_string(ms->fdt, nodename, "compatible", "cache"); + qemu_fdt_setprop_string(ms->fdt, nodename, "cache-unified", "true"); + qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-level", 3); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-size", 0x2000000); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-line-size", 128); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-sets", 2048); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-size", ARM_L3CACHE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-line-size", ++ ARM_L3CACHE_LINE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-sets", ARM_L3CACHE_SETS); + qemu_fdt_setprop_cell(ms->fdt, nodename, "phandle", + qemu_fdt_alloc_phandle(ms->fdt)); + g_free(nodename); +@@ -404,10 +438,12 @@ static void fdt_add_l2cache_nodes(const VirtMachineState *vms) + char *nodename = g_strdup_printf("/cpus/l2-cache%d", cpu); + + qemu_fdt_add_subnode(ms->fdt, nodename); ++ qemu_fdt_setprop_string(ms->fdt, nodename, "cache-unified", "true"); + qemu_fdt_setprop_string(ms->fdt, nodename, "compatible", "cache"); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-size", 0x80000); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-line-size", 64); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-sets", 1024); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-size", ARM_L2CACHE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-line-size", ++ ARM_L2CACHE_LINE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-sets", ARM_L2CACHE_SETS); + qemu_fdt_setprop_phandle(ms->fdt, nodename, "next-level-cache", + next_path); + qemu_fdt_setprop_cell(ms->fdt, nodename, "phandle", +@@ -421,18 +457,32 @@ static void fdt_add_l2cache_nodes(const VirtMachineState *vms) + static void fdt_add_l1cache_prop(const VirtMachineState *vms, + char *nodename, int cpu) + { +- const MachineState *ms = MACHINE(vms); +- char *cachename = g_strdup_printf("/cpus/l2-cache%d", cpu); +- +- qemu_fdt_setprop_cell(ms->fdt, nodename, "d-cache-size", 0x10000); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "d-cache-line-size", 64); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "d-cache-sets", 256); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "i-cache-size", 0x10000); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "i-cache-line-size", 64); +- qemu_fdt_setprop_cell(ms->fdt, nodename, "i-cache-sets", 256); +- qemu_fdt_setprop_phandle(ms->fdt, nodename, "next-level-cache", +- cachename); +- g_free(cachename); ++ const MachineState *ms = MACHINE(vms); ++ char *next_path = g_strdup_printf("/cpus/l2-cache%d", cpu); ++ bool unified_l1 = cpu_l1_cache_unified(0); ++ ++ if (unified_l1) { ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-size", ARM_L1CACHE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-line-size", ++ ARM_L1CACHE_LINE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "cache-sets", ARM_L1CACHE_SETS); ++ } else { ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "d-cache-size", ++ ARM_L1DCACHE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "d-cache-line-size", ++ ARM_L1DCACHE_LINE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "d-cache-sets", ++ ARM_L1DCACHE_SETS); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "i-cache-size", ++ ARM_L1ICACHE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "i-cache-line-size", ++ ARM_L1ICACHE_LINE_SIZE); ++ qemu_fdt_setprop_cell(ms->fdt, nodename, "i-cache-sets", ++ ARM_L1ICACHE_SETS); ++ } ++ qemu_fdt_setprop_phandle(ms->fdt, nodename, "next-level-cache", next_path); ++ ++ g_free(next_path); + } + + static void fdt_add_cpu_nodes(const VirtMachineState *vms) +diff --git a/include/hw/acpi/aml-build.h b/include/hw/acpi/aml-build.h +index 5e9b72c024..84a72267f9 100644 +--- a/include/hw/acpi/aml-build.h ++++ b/include/hw/acpi/aml-build.h +@@ -221,49 +221,6 @@ struct AcpiBuildTables { + BIOSLinker *linker; + } AcpiBuildTables; + +-/* Definitions of the hardcoded cache info*/ +-typedef enum { +- ARM_L1D_CACHE, +- ARM_L1I_CACHE, +- ARM_L2_CACHE, +- ARM_L3_CACHE +-} ArmCacheType; +- +-/* L1 data cache: */ +-#define ARM_L1DCACHE_SIZE 65536 +-#define ARM_L1DCACHE_SETS 256 +-#define ARM_L1DCACHE_ASSOCIATIVITY 4 +-#define ARM_L1DCACHE_ATTRIBUTES 2 +-#define ARM_L1DCACHE_LINE_SIZE 64 +- +-/* L1 instruction cache: */ +-#define ARM_L1ICACHE_SIZE 65536 +-#define ARM_L1ICACHE_SETS 256 +-#define ARM_L1ICACHE_ASSOCIATIVITY 4 +-#define ARM_L1ICACHE_ATTRIBUTES 4 +-#define ARM_L1ICACHE_LINE_SIZE 64 +- +-/* Level 2 unified cache: */ +-#define ARM_L2CACHE_SIZE 524288 +-#define ARM_L2CACHE_SETS 1024 +-#define ARM_L2CACHE_ASSOCIATIVITY 8 +-#define ARM_L2CACHE_ATTRIBUTES 10 +-#define ARM_L2CACHE_LINE_SIZE 64 +- +-/* Level 3 unified cache: */ +-#define ARM_L3CACHE_SIZE 33554432 +-#define ARM_L3CACHE_SETS 2048 +-#define ARM_L3CACHE_ASSOCIATIVITY 15 +-#define ARM_L3CACHE_ATTRIBUTES 10 +-#define ARM_L3CACHE_LINE_SIZE 128 +- +-struct offset_status { +- uint32_t parent; +- uint32_t l2_offset; +- uint32_t l1d_offset; +- uint32_t l1i_offset; +-}; +- + typedef + struct CrsRangeEntry { + uint64_t base; +@@ -458,6 +415,7 @@ Aml *aml_sizeof(Aml *arg); + Aml *aml_concatenate(Aml *source1, Aml *source2, Aml *target); + Aml *aml_object_type(Aml *object); + ++void build_append_byte(GArray *array, uint8_t val); + void build_append_int_noprefix(GArray *table, uint64_t value, int size); + + typedef struct AcpiTable { +@@ -535,10 +493,12 @@ void build_srat_memory(GArray *table_data, uint64_t base, + void build_slit(GArray *table_data, BIOSLinker *linker, MachineState *ms, + const char *oem_id, const char *oem_table_id); + +-void build_pptt(GArray *table_data, BIOSLinker *linker, MachineState *ms, +- const char *oem_id, const char *oem_table_id); ++void build_processor_hierarchy_node(GArray *tbl, uint32_t flags, ++ uint32_t parent, uint32_t id, ++ uint32_t *priv_rsrc, ++ uint32_t priv_num); + +-void build_pptt_arm(GArray *table_data, BIOSLinker *linker, MachineState *ms, ++void build_pptt(GArray *table_data, BIOSLinker *linker, MachineState *ms, + const char *oem_id, const char *oem_table_id); + + void build_fadt(GArray *tbl, BIOSLinker *linker, const AcpiFadtData *f, +diff --git a/include/hw/arm/virt.h b/include/hw/arm/virt.h +index 3fc1adcb42..7b99e84377 100644 +--- a/include/hw/arm/virt.h ++++ b/include/hw/arm/virt.h +@@ -58,6 +58,65 @@ + /* See Linux kernel arch/arm64/include/asm/pvclock-abi.h */ + #define PVTIME_SIZE_PER_CPU 64 + ++/* ARM CLIDR_EL1 related definitions */ ++/* Ctypen, bits[3(n - 1) + 2 : 3(n - 1)], for n = 1 to 7 */ ++#define CTYPE_NONE 0b000 ++#define CTYPE_INS 0b001 ++#define CTYPE_DATA 0b010 ++#define CTYPE_INS_DATA 0b011 ++#define CTYPE_UNIFIED 0b100 ++ ++#define ARM64_REG_CLIDR_EL1 ARM64_SYS_REG(3, 1, 0, 0, 1) ++ ++#define CLIDR_CTYPE_SHIFT(level) (3 * (level - 1)) ++#define CLIDR_CTYPE_MASK(level) (7 << CLIDR_CTYPE_SHIFT(level)) ++#define CLIDR_CTYPE(clidr, level) \ ++ (((clidr) & CLIDR_CTYPE_MASK(level)) >> CLIDR_CTYPE_SHIFT(level)) ++ ++/* L1 data cache */ ++#define ARM_L1DCACHE_SIZE 65536 ++#define ARM_L1DCACHE_SETS 256 ++#define ARM_L1DCACHE_ASSOCIATIVITY 4 ++#define ARM_L1DCACHE_ATTRIBUTES 2 ++#define ARM_L1DCACHE_LINE_SIZE 64 ++ ++/* L1 instruction cache */ ++#define ARM_L1ICACHE_SIZE 65536 ++#define ARM_L1ICACHE_SETS 256 ++#define ARM_L1ICACHE_ASSOCIATIVITY 4 ++#define ARM_L1ICACHE_ATTRIBUTES 4 ++#define ARM_L1ICACHE_LINE_SIZE 64 ++ ++/* L1 unified cache */ ++#define ARM_L1CACHE_SIZE 131072 ++#define ARM_L1CACHE_SETS 256 ++#define ARM_L1CACHE_ASSOCIATIVITY 4 ++#define ARM_L1CACHE_ATTRIBUTES 10 ++#define ARM_L1CACHE_LINE_SIZE 128 ++ ++/* L2 unified cache */ ++#define ARM_L2CACHE_SIZE 524288 ++#define ARM_L2CACHE_SETS 1024 ++#define ARM_L2CACHE_ASSOCIATIVITY 8 ++#define ARM_L2CACHE_ATTRIBUTES 10 ++#define ARM_L2CACHE_LINE_SIZE 64 ++ ++/* L3 unified cache */ ++#define ARM_L3CACHE_SIZE 33554432 ++#define ARM_L3CACHE_SETS 2048 ++#define ARM_L3CACHE_ASSOCIATIVITY 15 ++#define ARM_L3CACHE_ATTRIBUTES 10 ++#define ARM_L3CACHE_LINE_SIZE 128 ++ ++/* Definitions of the hardcoded cache info */ ++typedef enum { ++ ARM_L1D_CACHE, ++ ARM_L1I_CACHE, ++ ARM_L1_CACHE, ++ ARM_L2_CACHE, ++ ARM_L3_CACHE ++} ArmCacheType; ++ + enum { + VIRT_FLASH, + VIRT_MEM, +@@ -191,6 +250,7 @@ void virt_madt_cpu_entry(AcpiDeviceIf *adev, int uid, + bool force_enabled); + void virt_acpi_dsdt_cpu_cppc(AcpiDeviceIf *adev, int uid, + int num_cpu, Aml *dev); ++bool cpu_l1_cache_unified(int cpu); + + /* Return the number of used redistributor regions */ + static inline int virt_gicv3_redist_region_count(VirtMachineState *vms) +-- +2.41.0.windows.1 + diff --git a/hw-mips-Build-fw_cfg.c-once.patch b/hw-mips-Build-fw_cfg.c-once.patch new file mode 100644 index 0000000..b8333fa --- /dev/null +++ b/hw-mips-Build-fw_cfg.c-once.patch @@ -0,0 +1,37 @@ +From 9fd0695c0158250a0d9a8ab6fb88cb8d030f5b9f Mon Sep 17 00:00:00 2001 +From: guping +Date: Tue, 8 Oct 2024 01:44:34 +0000 +Subject: [PATCH] hw/mips: Build fw_cfg.c once cherry-pick from + f2a9c31dbba2976796c0391dc7426238e798c644 +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Nothing in fw_cfg.c requires target-specific knowledge, +build it once for the 4 MIPS variants. + +Signed-off-by: default avatarPhilippe Mathieu-Daudé +Reviewed-by: Thomas Huth's avatarThomas Huth +Reviewed-by: default avatarMichael Tokarev +Signed-off-by: default avatarMichael Tokarev + +Signed-off-by: guping +--- + hw/mips/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/mips/meson.build b/hw/mips/meson.build +index dd0101ad4d..1e57c63374 100644 +--- a/hw/mips/meson.build ++++ b/hw/mips/meson.build +@@ -1,6 +1,6 @@ + mips_ss = ss.source_set() + mips_ss.add(files('bootloader.c', 'mips_int.c')) +-mips_ss.add(when: 'CONFIG_FW_CFG_MIPS', if_true: files('fw_cfg.c')) ++common_ss.add(when: 'CONFIG_FW_CFG_MIPS', if_true: files('fw_cfg.c')) + mips_ss.add(when: 'CONFIG_LOONGSON3V', if_true: files('loongson3_bootp.c', 'loongson3_virt.c')) + mips_ss.add(when: 'CONFIG_MALTA', if_true: files('gt64xxx_pci.c', 'malta.c')) + mips_ss.add(when: 'CONFIG_MIPS_CPS', if_true: files('cps.c')) +-- +2.41.0.windows.1 + diff --git a/minikconf-print-error-entirely-on-stderr.patch b/minikconf-print-error-entirely-on-stderr.patch new file mode 100644 index 0000000..bc99f96 --- /dev/null +++ b/minikconf-print-error-entirely-on-stderr.patch @@ -0,0 +1,38 @@ +From f95f7e74c6b8e656a3217508706db8c7f3c84e6d Mon Sep 17 00:00:00 2001 +From: guping +Date: Tue, 8 Oct 2024 01:21:07 +0000 +Subject: [PATCH] minikconf: print error entirely on stderr cherry-pick from + f9423e9f0ad14b186c65d6eb207438d2eddd24ea +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +While debugging an invalid configuration, I noticed that the clauses debug +ends up on stderr but the header ("The following clauses were found..." +ends up on stdout. This makes the contents of meson-logs/meson-log.txt +a bit confusing. + +Reviewed-by: default avatarPhilippe Mathieu-Daudé +Signed-off-by: default avatarPaolo Bonzini + +Signed-off-by: guping +--- + scripts/minikconf.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/scripts/minikconf.py b/scripts/minikconf.py +index bcd91015d3..6f7f43b291 100644 +--- a/scripts/minikconf.py ++++ b/scripts/minikconf.py +@@ -112,7 +112,7 @@ def has_value(self): + def set_value(self, val, clause): + self.clauses_for_var.append(clause) + if self.has_value() and self.value != val: +- print("The following clauses were found for " + self.name) ++ print("The following clauses were found for " + self.name, file=sys.stderr) + for i in self.clauses_for_var: + print(" " + str(i), file=sys.stderr) + raise KconfigDataError('contradiction between clauses when setting %s' % self) +-- +2.41.0.windows.1 + diff --git a/pc-bios-keymaps-Use-the-official-xkb-name-for-Arabic.patch b/pc-bios-keymaps-Use-the-official-xkb-name-for-Arabic.patch new file mode 100644 index 0000000..83cd166 --- /dev/null +++ b/pc-bios-keymaps-Use-the-official-xkb-name-for-Arabic.patch @@ -0,0 +1,61 @@ +From e0af5020f882bb9152afa50c6e24a93019946e75 Mon Sep 17 00:00:00 2001 +From: Peter Maydell +Date: Tue, 20 Jun 2023 17:20:24 +0100 +Subject: [PATCH] pc-bios/keymaps: Use the official xkb name for Arabic layout, + not the legacy synonym +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The xkb official name for the Arabic keyboard layout is 'ara'. +However xkb has for at least the past 15 years also permitted it to +be named via the legacy synonym 'ar'. In xkeyboard-config 2.39 this +synoynm was removed, which breaks compilation of QEMU: + +FAILED: pc-bios/keymaps/ar +/home/fred/qemu-git/src/qemu/build-full/qemu-keymap -f pc-bios/keymaps/ar -l ar +xkbcommon: ERROR: Couldn't find file "symbols/ar" in include paths +xkbcommon: ERROR: 1 include paths searched: +xkbcommon: ERROR: /usr/share/X11/xkb +xkbcommon: ERROR: 3 include paths could not be added: +xkbcommon: ERROR: /home/fred/.config/xkb +xkbcommon: ERROR: /home/fred/.xkb +xkbcommon: ERROR: /etc/xkb +xkbcommon: ERROR: Abandoning symbols file "(unnamed)" +xkbcommon: ERROR: Failed to compile xkb_symbols +xkbcommon: ERROR: Failed to compile keymap + +The upstream xkeyboard-config change removing the compat +mapping is: +https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/commit/470ad2cd8fea84d7210377161d86b31999bb5ea6 + +Make QEMU always ask for the 'ara' xkb layout, which should work on +both older and newer xkeyboard-config. We leave the QEMU name for +this keyboard layout as 'ar'; it is not the only one where our name +for it deviates from the xkb standard name. + +Cc: qemu-stable@nongnu.org +Signed-off-by: Peter Maydell +Reviewed-by: Richard Henderson +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Daniel P. Berrangé +Message-id: 20230620162024.1132013-1-peter.maydell@linaro.org +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1709 +--- + pc-bios/keymaps/meson.build | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/pc-bios/keymaps/meson.build b/pc-bios/keymaps/meson.build +index 44247a12b5..6e025cddf2 100644 +--- a/pc-bios/keymaps/meson.build ++++ b/pc-bios/keymaps/meson.build +@@ -1,5 +1,5 @@ + keymaps = { +- 'ar': '-l ar', ++ 'ar': '-l ara', + 'bepo': '-l fr -v dvorak', + 'cz': '-l cz', + 'da': '-l dk', +-- +2.41.0.windows.1 + diff --git a/qemu.spec b/qemu.spec index 07c8cda..d0267e0 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 6.2.0 -Release: 101 +Release: 102 Epoch: 10 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -1070,6 +1070,12 @@ Patch1055: hw-i386-vmmouse-Require-i8042-property-to-be-set.patch Patch1056: vhost-backend-avoid-overflow-on-memslots_limit.patch Patch1057: sysemu-Cleanup-qemu_run_machine_init_done_notifiers.patch Patch1058: python-aqmp-use-absolute-import-statement.patch +Patch1059: pc-bios-keymaps-Use-the-official-xkb-name-for-Arabic.patch +Patch1060: hw-arm-virt-Keep-Guest-L1-cache-type-consistent-with.patch +Patch1061: target-ppc-Remove-extra-space-from-s128-field-in-ppc.patch +Patch1062: minikconf-print-error-entirely-on-stderr.patch +Patch1063: hw-mips-Build-fw_cfg.c-once.patch +Patch1064: target-ppc-Remove-unused-xer_-macros.patch BuildRequires: flex BuildRequires: gcc @@ -1668,6 +1674,14 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Sat Nov 30 2024 - 10:6.2.0-102 +- target/ppc: Remove unused xer_* macros +- hw/mips: Build fw_cfg.c once +- minikconf: print error entirely on stderr +- target/ppc: Remove extra space from s128 field in ppc_vsr_t +- hw/arm/virt:Keep Guest L1 cache type consistent with KVM +- pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy synonym + * Mon Oct 21 2024 - 10:6.2.0-101 - python/aqmp: use absolute import statement - sysemu: Cleanup qemu_run_machine_init_done_notifiers() diff --git a/target-ppc-Remove-extra-space-from-s128-field-in-ppc.patch b/target-ppc-Remove-extra-space-from-s128-field-in-ppc.patch new file mode 100644 index 0000000..5f21fa0 --- /dev/null +++ b/target-ppc-Remove-extra-space-from-s128-field-in-ppc.patch @@ -0,0 +1,37 @@ +From 21b17f03d4c506a8baca9d96f33e275bffec752f Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E5=88=98=E5=A9=A720201110?= + +Date: Sun, 29 Sep 2024 16:52:32 +0800 +Subject: [PATCH] target/ppc: Remove extra space from s128 field in ppc_vsr_t +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Very trivial rogue space removal. There are two spaces between Int128 +and s128 in ppc_vsr_t struct, where it should be only one. + +Signed-off-by: Víctor Colombo +Reviewed-by: Daniel Henrique Barboza +Message-Id: <20220906125523.38765-2-victor.colombo@eldorado.org.br> +Signed-off-by: Daniel Henrique Barboza +Signed-off-by: Liu Jing +--- + target/ppc/cpu.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h +index 1281323c02..8e924c6273 100644 +--- a/target/ppc/cpu.h ++++ b/target/ppc/cpu.h +@@ -231,7 +231,7 @@ typedef union _ppc_vsr_t { + #ifdef CONFIG_INT128 + __uint128_t u128; + #endif +- Int128 s128; ++ Int128 s128; + } ppc_vsr_t; + + typedef ppc_vsr_t ppc_avr_t; +-- +2.41.0.windows.1 + diff --git a/target-ppc-Remove-unused-xer_-macros.patch b/target-ppc-Remove-unused-xer_-macros.patch new file mode 100644 index 0000000..f3f4ba7 --- /dev/null +++ b/target-ppc-Remove-unused-xer_-macros.patch @@ -0,0 +1,39 @@ +From fe8e83c0695b8215a3eab44eb4e40e4c4b90b2d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?=E5=88=98=E5=A9=A720201110?= + +Date: Sun, 29 Sep 2024 17:25:23 +0800 +Subject: [PATCH] target/ppc: Remove unused xer_* macros +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The macros xer_ov, xer_ca, xer_ov32, and xer_ca32 are both unused and +hiding the usage of env. Remove them. + +Signed-off-by: Víctor Colombo +Reviewed-by: Daniel Henrique Barboza +Message-Id: <20220906125523.38765-3-victor.colombo@eldorado.org.br> +Signed-off-by: Daniel Henrique Barboza +Signed-off-by: Liu Jing +--- + target/ppc/cpu.h | 4 ---- + 1 file changed, 4 deletions(-) + +diff --git a/target/ppc/cpu.h b/target/ppc/cpu.h +index 1281323c02..3c2210096d 100644 +--- a/target/ppc/cpu.h ++++ b/target/ppc/cpu.h +@@ -1448,10 +1448,6 @@ typedef PowerPCCPU ArchCPU; + #define XER_CMP 8 + #define XER_BC 0 + #define xer_so (env->so) +-#define xer_ov (env->ov) +-#define xer_ca (env->ca) +-#define xer_ov32 (env->ov) +-#define xer_ca32 (env->ca) + #define xer_cmp ((env->xer >> XER_CMP) & 0xFF) + #define xer_bc ((env->xer >> XER_BC) & 0x7F) + +-- +2.41.0.windows.1 + -- Gitee From 7bb77ea74f3cf4f6fc9c04a2a6c90e42512111c7 Mon Sep 17 00:00:00 2001 From: Jiabo Feng Date: Sat, 30 Nov 2024 09:13:10 +0800 Subject: [PATCH 2/2] QEMU update to version 6.2.0-103: - Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016). - intel_iommu: Add missed sanity check for 256-bit invalidation queue - linux-user: use 'max' instead of 'qemu32' / 'qemu64' by default - chardev/baum: Use definitions to avoid dynamic stack allocation - ui/console: Get tab completion working again in the SDL monitor vc - s390x/tcg: Fix opcode for lzrf - virtiofsd: use g_date_time_get_microsecond to get subsecond - ui/curses: Avoid dynamic stack allocation - target/m68k: always call gen_exit_tb() after writes to SR - target/m68k: Perform writback before modifying SR - target/m68k: Fix MACSR to CCR - target/m68k: Implement atomic test-and-set - block/nvme: nvme_process_completion() fix bound for cid - hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure - target/ppc: Zero second doubleword of VSR registers for FPR insns - target/ppc: Set OV32 when OV is set - target/ppc: Zero second doubleword for VSX madd instructions - target/ppc: Set result to QNaN for DENBCD when VXCVI occurs - hw/pci: Add parenthesis to PCI_BUILD_BDF macro - intel_iommu: Send IQE event when setting reserved bit in IQT_TAIL - acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block - acpi: ged: Add macro for acpi sleep control register - hw/pci-bridge: Add a Kconfig switch for the normal PCI bridge - ui/vnc: fix handling of VNC_FEATURE_XVP - s390/sclp: fix SCLP facility map - docs/tools/qemu-img.rst: fix typo (sumarizes) - chardev/char: fix qemu_chr_is_busy() check - edu: fix DMA range upper bound check - platform-bus: fix refcount leak - hw/net/virtio-net: fix qemu set used ring flag even vhost started - hw/net/can/sja1000: fix bug for single acceptance filter and standard frame - tests/avocado: fix typo in replay_linux - util/userfaultfd: Remove unused uffd_poll_events - hw/core/ptimer: fix timer zero period condition for freq > 1GHz - hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero - tests/unit/test-vmstate: Avoid dynamic stack allocation - hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation - hw/i386/multiboot: Avoid dynamic stack allocation - hw/ppc/spapr: Fix code style problems reported by checkpatch - chardev/baum: Replace magic values by X_MAX / Y_MAX definitions - hw/intc/xics: Avoid dynamic stack allocation - hw/net/e1000e_core: Use definition to avoid dynamic stack allocation - intel_iommu: Fix invalidation descriptor type field - configs: Fix typo in the sh4-softmmu devices config file Signed-off-by: Jiabo Feng (cherry picked from commit 9813ed21ec2499c50cb58ac5fb114a1641708eb2) --- ...4-cipher-algorithms-OSCCA-GB-T-32907.patch | 341 ++++++++++++++++++ ...uest-visible-maximum-access-size-to-.patch | 170 +++++++++ ...acro-for-acpi-sleep-control-register.patch | 59 +++ ...process_completion-fix-bound-for-cid.patch | 42 +++ ...lace-magic-values-by-X_MAX-Y_MAX-def.patch | 58 +++ ...-definitions-to-avoid-dynamic-stack-.patch | 53 +++ chardev-char-fix-qemu_chr_is_busy-check.patch | 42 +++ ...-in-the-sh4-softmmu-devices-config-f.patch | 32 ++ ...ools-qemu-img.rst-fix-typo-sumarizes.patch | 31 ++ edu-fix-DMA-range-upper-bound-check.patch | 47 +++ ...ci_service_iso_td-if-ed-head-OHCI_DP.patch | 111 ++++++ ...ix-timer-zero-period-condition-for-f.patch | 101 ++++++ ...iboot-Avoid-dynamic-stack-allocation.patch | 50 +++ ...-xics-Avoid-dynamic-stack-allocation.patch | 42 +++ ...00-fix-bug-for-single-acceptance-fil.patch | 43 +++ ...re-Use-definition-to-avoid-dynamic-s.patch | 51 +++ ...t-fix-qemu-set-used-ring-flag-even-v.patch | 73 ++++ ...d-parenthesis-to-PCI_BUILD_BDF-macro.patch | 52 +++ ...d-a-Kconfig-switch-for-the-normal-PC.patch | 50 +++ ...phb-3-4-Fix-heap-out-of-bound-access.patch | 60 +++ ...-code-style-problems-reported-by-che.patch | 45 +++ ...Use-definition-to-avoid-dynamic-stac.patch | 58 +++ ...missed-sanity-check-for-256-bit-inva.patch | 180 +++++++++ ...x-invalidation-descriptor-type-field.patch | 99 +++++ ...-IQE-event-when-setting-reserved-bit.patch | 39 ++ ...ax-instead-of-qemu32-qemu64-by-defau.patch | 82 +++++ platform-bus-fix-refcount-leak.patch | 42 +++ qemu.spec | 93 ++++- s390-sclp-fix-SCLP-facility-map.patch | 43 +++ s390x-tcg-Fix-opcode-for-lzrf.patch | 37 ++ target-m68k-Fix-MACSR-to-CCR.patch | 38 ++ ...t-m68k-Implement-atomic-test-and-set.patch | 74 ++++ ...Perform-writback-before-modifying-SR.patch | 49 +++ ...ys-call-gen_exit_tb-after-writes-to-.patch | 61 ++++ target-ppc-Set-OV32-when-OV-is-set.patch | 43 +++ ...esult-to-QNaN-for-DENBCD-when-VXCVI-.patch | 84 +++++ ...second-doubleword-for-VSX-madd-instr.patch | 41 +++ ...second-doubleword-of-VSR-registers-f.patch | 47 +++ tests-avocado-fix-typo-in-replay_linux.patch | 36 ++ ...vmstate-Avoid-dynamic-stack-allocati.patch | 53 +++ ...ab-completion-working-again-in-the-S.patch | 47 +++ ...urses-Avoid-dynamic-stack-allocation.patch | 36 ++ ui-vnc-fix-handling-of-VNC_FEATURE_XVP.patch | 42 +++ ...ultfd-Remove-unused-uffd_poll_events.patch | 70 ++++ ...date_time_get_microsecond-to-get-sub.patch | 53 +++ 45 files changed, 2999 insertions(+), 1 deletion(-) create mode 100644 Introduce-the-SM4-cipher-algorithms-OSCCA-GB-T-32907.patch create mode 100644 acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch create mode 100644 acpi-ged-Add-macro-for-acpi-sleep-control-register.patch create mode 100644 block-nvme-nvme_process_completion-fix-bound-for-cid.patch create mode 100644 chardev-baum-Replace-magic-values-by-X_MAX-Y_MAX-def.patch create mode 100644 chardev-baum-Use-definitions-to-avoid-dynamic-stack-.patch create mode 100644 chardev-char-fix-qemu_chr_is_busy-check.patch create mode 100644 configs-Fix-typo-in-the-sh4-softmmu-devices-config-f.patch create mode 100644 docs-tools-qemu-img.rst-fix-typo-sumarizes.patch create mode 100644 edu-fix-DMA-range-upper-bound-check.patch create mode 100644 hcd-ohci-Drop-ohci_service_iso_td-if-ed-head-OHCI_DP.patch create mode 100644 hw-core-ptimer-fix-timer-zero-period-condition-for-f.patch create mode 100644 hw-i386-multiboot-Avoid-dynamic-stack-allocation.patch create mode 100644 hw-intc-xics-Avoid-dynamic-stack-allocation.patch create mode 100644 hw-net-can-sja1000-fix-bug-for-single-acceptance-fil.patch create mode 100644 hw-net-e1000e_core-Use-definition-to-avoid-dynamic-s.patch create mode 100644 hw-net-virtio-net-fix-qemu-set-used-ring-flag-even-v.patch create mode 100644 hw-pci-Add-parenthesis-to-PCI_BUILD_BDF-macro.patch create mode 100644 hw-pci-bridge-Add-a-Kconfig-switch-for-the-normal-PC.patch create mode 100644 hw-pci-host-pnv_phb-3-4-Fix-heap-out-of-bound-access.patch create mode 100644 hw-ppc-spapr-Fix-code-style-problems-reported-by-che.patch create mode 100644 hw-usb-hcd-ohci-Use-definition-to-avoid-dynamic-stac.patch create mode 100644 intel_iommu-Add-missed-sanity-check-for-256-bit-inva.patch create mode 100644 intel_iommu-Fix-invalidation-descriptor-type-field.patch create mode 100644 intel_iommu-Send-IQE-event-when-setting-reserved-bit.patch create mode 100644 linux-user-use-max-instead-of-qemu32-qemu64-by-defau.patch create mode 100644 platform-bus-fix-refcount-leak.patch create mode 100644 s390-sclp-fix-SCLP-facility-map.patch create mode 100644 s390x-tcg-Fix-opcode-for-lzrf.patch create mode 100644 target-m68k-Fix-MACSR-to-CCR.patch create mode 100644 target-m68k-Implement-atomic-test-and-set.patch create mode 100644 target-m68k-Perform-writback-before-modifying-SR.patch create mode 100644 target-m68k-always-call-gen_exit_tb-after-writes-to-.patch create mode 100644 target-ppc-Set-OV32-when-OV-is-set.patch create mode 100644 target-ppc-Set-result-to-QNaN-for-DENBCD-when-VXCVI-.patch create mode 100644 target-ppc-Zero-second-doubleword-for-VSX-madd-instr.patch create mode 100644 target-ppc-Zero-second-doubleword-of-VSR-registers-f.patch create mode 100644 tests-avocado-fix-typo-in-replay_linux.patch create mode 100644 tests-unit-test-vmstate-Avoid-dynamic-stack-allocati.patch create mode 100644 ui-console-Get-tab-completion-working-again-in-the-S.patch create mode 100644 ui-curses-Avoid-dynamic-stack-allocation.patch create mode 100644 ui-vnc-fix-handling-of-VNC_FEATURE_XVP.patch create mode 100644 util-userfaultfd-Remove-unused-uffd_poll_events.patch create mode 100644 virtiofsd-use-g_date_time_get_microsecond-to-get-sub.patch diff --git a/Introduce-the-SM4-cipher-algorithms-OSCCA-GB-T-32907.patch b/Introduce-the-SM4-cipher-algorithms-OSCCA-GB-T-32907.patch new file mode 100644 index 0000000..6f9f8df --- /dev/null +++ b/Introduce-the-SM4-cipher-algorithms-OSCCA-GB-T-32907.patch @@ -0,0 +1,341 @@ +From b8752afb94b20ec6ea0892260a689cfedbf6f1a5 Mon Sep 17 00:00:00 2001 +From: gaochuanji +Date: Thu, 19 Sep 2024 10:56:42 +0800 +Subject: [PATCH] Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016). +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +SM4 (GBT.32907-2016) is a cryptographic standard issued by the +Organization of State Commercial Administration of China (OSCCA) +as an authorized cryptographic algorithms for the use within China. + +Detect the SM4 cipher algorithms and enable the feature silently +if it is available. + +Signed-off-by: Hyman Huang +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Daniel P. Berrangé +Signed-off-by: Daniel P. Berrangé +Signed-off-by: cheliequan +--- + crypto/block-luks.c | 11 ++++++++ + crypto/cipher-gcrypt.c.inc | 8 ++++++ + crypto/cipher-nettle.c.inc | 49 +++++++++++++++++++++++++++++++++ + crypto/cipher.c | 6 ++++ + meson.build | 49 +++++++++++++++++++++++++++++++++ + qapi/crypto.json | 5 +++- + tests/unit/test-crypto-cipher.c | 13 +++++++++ + 7 files changed, 140 insertions(+), 1 deletion(-) + +diff --git a/crypto/block-luks.c b/crypto/block-luks.c +index fe8f04ffb2..0626092739 100644 +--- a/crypto/block-luks.c ++++ b/crypto/block-luks.c +@@ -126,12 +126,23 @@ qcrypto_block_luks_cipher_size_map_twofish[] = { + { 0, 0 }, + }; + ++#ifdef CONFIG_CRYPTO_SM4 ++static const QCryptoBlockLUKSCipherSizeMap ++qcrypto_block_luks_cipher_size_map_sm4[] = { ++ { 16, QCRYPTO_CIPHER_ALG_SM4}, ++ { 0, 0 }, ++}; ++#endif ++ + static const QCryptoBlockLUKSCipherNameMap + qcrypto_block_luks_cipher_name_map[] = { + { "aes", qcrypto_block_luks_cipher_size_map_aes }, + { "cast5", qcrypto_block_luks_cipher_size_map_cast5 }, + { "serpent", qcrypto_block_luks_cipher_size_map_serpent }, + { "twofish", qcrypto_block_luks_cipher_size_map_twofish }, ++#ifdef CONFIG_CRYPTO_SM4 ++ { "sm4", qcrypto_block_luks_cipher_size_map_sm4}, ++#endif + }; + + +diff --git a/crypto/cipher-gcrypt.c.inc b/crypto/cipher-gcrypt.c.inc +index a6a0117717..1377cbaf14 100644 +--- a/crypto/cipher-gcrypt.c.inc ++++ b/crypto/cipher-gcrypt.c.inc +@@ -35,6 +35,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + case QCRYPTO_CIPHER_ALG_SERPENT_256: + case QCRYPTO_CIPHER_ALG_TWOFISH_128: + case QCRYPTO_CIPHER_ALG_TWOFISH_256: ++#ifdef CONFIG_CRYPTO_SM4 ++ case QCRYPTO_CIPHER_ALG_SM4: ++#endif + break; + default: + return false; +@@ -219,6 +222,11 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, + case QCRYPTO_CIPHER_ALG_TWOFISH_256: + gcryalg = GCRY_CIPHER_TWOFISH; + break; ++#ifdef CONFIG_CRYPTO_SM4 ++ case QCRYPTO_CIPHER_ALG_SM4: ++ gcryalg = GCRY_CIPHER_SM4; ++ break; ++#endif + default: + error_setg(errp, "Unsupported cipher algorithm %s", + QCryptoCipherAlgorithm_str(alg)); +diff --git a/crypto/cipher-nettle.c.inc b/crypto/cipher-nettle.c.inc +index 24cc61f87b..42b39e18a2 100644 +--- a/crypto/cipher-nettle.c.inc ++++ b/crypto/cipher-nettle.c.inc +@@ -33,6 +33,9 @@ + #ifndef CONFIG_QEMU_PRIVATE_XTS + #include + #endif ++#ifdef CONFIG_CRYPTO_SM4 ++#include ++#endif + + static inline bool qcrypto_length_check(size_t len, size_t blocksize, + Error **errp) +@@ -426,6 +429,30 @@ DEFINE_ECB_CBC_CTR_XTS(qcrypto_nettle_twofish, + QCryptoNettleTwofish, TWOFISH_BLOCK_SIZE, + twofish_encrypt_native, twofish_decrypt_native) + ++#ifdef CONFIG_CRYPTO_SM4 ++typedef struct QCryptoNettleSm4 { ++ QCryptoCipher base; ++ struct sm4_ctx key[2]; ++} QCryptoNettleSm4; ++ ++static void sm4_encrypt_native(void *ctx, size_t length, ++ uint8_t *dst, const uint8_t *src) ++{ ++ struct sm4_ctx *keys = ctx; ++ sm4_crypt(&keys[0], length, dst, src); ++} ++ ++static void sm4_decrypt_native(void *ctx, size_t length, ++ uint8_t *dst, const uint8_t *src) ++{ ++ struct sm4_ctx *keys = ctx; ++ sm4_crypt(&keys[1], length, dst, src); ++} ++ ++DEFINE_ECB(qcrypto_nettle_sm4, ++ QCryptoNettleSm4, SM4_BLOCK_SIZE, ++ sm4_encrypt_native, sm4_decrypt_native) ++#endif + + bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + QCryptoCipherMode mode) +@@ -443,6 +470,9 @@ bool qcrypto_cipher_supports(QCryptoCipherAlgorithm alg, + case QCRYPTO_CIPHER_ALG_TWOFISH_128: + case QCRYPTO_CIPHER_ALG_TWOFISH_192: + case QCRYPTO_CIPHER_ALG_TWOFISH_256: ++#ifdef CONFIG_CRYPTO_SM4 ++ case QCRYPTO_CIPHER_ALG_SM4: ++#endif + break; + default: + return false; +@@ -701,6 +731,25 @@ static QCryptoCipher *qcrypto_cipher_ctx_new(QCryptoCipherAlgorithm alg, + + return &ctx->base; + } ++#ifdef CONFIG_CRYPTO_SM4 ++ case QCRYPTO_CIPHER_ALG_SM4: ++ { ++ QCryptoNettleSm4 *ctx = g_new0(QCryptoNettleSm4, 1); ++ ++ switch (mode) { ++ case QCRYPTO_CIPHER_MODE_ECB: ++ ctx->base.driver = &qcrypto_nettle_sm4_driver_ecb; ++ break; ++ default: ++ goto bad_cipher_mode; ++ } ++ ++ sm4_set_encrypt_key(&ctx->key[0], key); ++ sm4_set_decrypt_key(&ctx->key[1], key); ++ ++ return &ctx->base; ++ } ++#endif + + default: + error_setg(errp, "Unsupported cipher algorithm %s", +diff --git a/crypto/cipher.c b/crypto/cipher.c +index 74b09a5b26..5f512768ea 100644 +--- a/crypto/cipher.c ++++ b/crypto/cipher.c +@@ -38,6 +38,9 @@ static const size_t alg_key_len[QCRYPTO_CIPHER_ALG__MAX] = { + [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, + [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 24, + [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 32, ++#ifdef CONFIG_CRYPTO_SM4 ++ [QCRYPTO_CIPHER_ALG_SM4] = 16, ++#endif + }; + + static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { +@@ -53,6 +56,9 @@ static const size_t alg_block_len[QCRYPTO_CIPHER_ALG__MAX] = { + [QCRYPTO_CIPHER_ALG_TWOFISH_128] = 16, + [QCRYPTO_CIPHER_ALG_TWOFISH_192] = 16, + [QCRYPTO_CIPHER_ALG_TWOFISH_256] = 16, ++#ifdef CONFIG_CRYPTO_SM4 ++ [QCRYPTO_CIPHER_ALG_SM4] = 16, ++#endif + }; + + static const bool mode_need_iv[QCRYPTO_CIPHER_MODE__MAX] = { +diff --git a/meson.build b/meson.build +index 45bc69bf0c..1a225b51f3 100644 +--- a/meson.build ++++ b/meson.build +@@ -1010,6 +1010,7 @@ endif + # gcrypt over nettle for performance reasons. + gcrypt = not_found + nettle = not_found ++crypto_sm4 = not_found + xts = 'none' + + if get_option('nettle').enabled() and get_option('gcrypt').enabled() +@@ -1035,6 +1036,17 @@ if not gnutls_crypto.found() + gcrypt, + cc.find_library('gpg-error', required: true, kwargs: static_kwargs)]) + endif ++ crypto_sm4 = gcrypt ++ # SM4 ALG is available in libgcrypt >= 1.9 ++ if gcrypt.found() and not cc.links(''' ++ #include ++ int main(void) { ++ gcry_cipher_hd_t handler; ++ gcry_cipher_open(&handler, GCRY_CIPHER_SM4, GCRY_CIPHER_MODE_ECB, 0); ++ return 0; ++ }''', dependencies: gcrypt) ++ crypto_sm4 = not_found ++ endif + endif + if (not get_option('nettle').auto() or have_system) and not gcrypt.found() + nettle = dependency('nettle', version: '>=3.4', +@@ -1044,6 +1056,18 @@ if not gnutls_crypto.found() + if nettle.found() and not cc.has_header('nettle/xts.h', dependencies: nettle) + xts = 'private' + endif ++ crypto_sm4 = nettle ++ # SM4 ALG is available in nettle >= 3.9 ++ if nettle.found() and not cc.links(''' ++ #include ++ int main(void) { ++ struct sm4_ctx ctx; ++ unsigned char key[16] = {0}; ++ sm4_set_encrypt_key(&ctx, key); ++ return 0; ++ }''', dependencies: nettle) ++ crypto_sm4 = not_found ++ endif + endif + endif + +@@ -1411,6 +1435,17 @@ if get_option('virtfs').enabled() + elif not have_system + error('virtio-9p (virtfs) needs system emulation support') + endif ++ crypto_sm4 = gcrypt ++ # SM4 ALG is available in libgcrypt >= 1.9 ++ if gcrypt.found() and not cc.links(''' ++ #include ++ int main(void) { ++ gcry_cipher_hd_t handler; ++ gcry_cipher_open(&handler, GCRY_CIPHER_SM4, GCRY_CIPHER_MODE_ECB, 0); ++ return 0; ++ }''', dependencies: gcrypt) ++ crypto_sm4 = not_found ++ endif + endif + elif get_option('virtfs').disabled() + have_virtfs = false +@@ -1487,6 +1522,7 @@ config_host_data.set('CONFIG_GNUTLS', gnutls.found()) + config_host_data.set('CONFIG_GNUTLS_CRYPTO', gnutls_crypto.found()) + config_host_data.set('CONFIG_GCRYPT', gcrypt.found()) + config_host_data.set('CONFIG_NETTLE', nettle.found()) ++config_host_data.set('CONFIG_CRYPTO_SM4', crypto_sm4.found()) + config_host_data.set('CONFIG_QEMU_PRIVATE_XTS', xts == 'private') + config_host_data.set('CONFIG_MALLOC_TRIM', has_malloc_trim) + config_host_data.set('CONFIG_STATX', has_statx) +@@ -2093,6 +2129,18 @@ if capstone_opt in ['enabled', 'auto', 'system'] + if capstone_opt == 'system' + error('system capstone requested, it does not appear to work') + endif ++ crypto_sm4 = nettle ++ # SM4 ALG is available in nettle >= 3.9 ++ if nettle.found() and not cc.links(''' ++ #include ++ int main(void) { ++ struct sm4_ctx ctx; ++ unsigned char key[16] = {0}; ++ sm4_set_encrypt_key(&ctx, key); ++ return 0; ++ }''', dependencies: nettle) ++ crypto_sm4 = not_found ++ endif + endif + + if capstone.found() +@@ -3432,6 +3480,7 @@ summary_info += {'nettle': nettle} + if nettle.found() + summary_info += {' XTS': xts != 'private'} + endif ++summary_info += {'SM4 ALG support': crypto_sm4} + summary_info += {'crypto afalg': config_host.has_key('CONFIG_AF_ALG')} + summary_info += {'rng-none': config_host.has_key('CONFIG_RNG_NONE')} + summary_info += {'Linux keyring': config_host.has_key('CONFIG_SECRET_KEYRING')} +diff --git a/qapi/crypto.json b/qapi/crypto.json +index 1ec54c15ca..60e706ae09 100644 +--- a/qapi/crypto.json ++++ b/qapi/crypto.json +@@ -75,6 +75,8 @@ + # @twofish-128: Twofish with 128 bit / 16 byte keys + # @twofish-192: Twofish with 192 bit / 24 byte keys + # @twofish-256: Twofish with 256 bit / 32 byte keys ++# @sm4: SM4 with 128 bit / 16 byte keys (since 9.0) ++# + # Since: 2.6 + ## + { 'enum': 'QCryptoCipherAlgorithm', +@@ -83,7 +85,8 @@ + 'des', '3des', + 'cast5-128', + 'serpent-128', 'serpent-192', 'serpent-256', +- 'twofish-128', 'twofish-192', 'twofish-256']} ++ 'twofish-128', 'twofish-192', 'twofish-256', ++ 'sm4']} + + + ## +diff --git a/tests/unit/test-crypto-cipher.c b/tests/unit/test-crypto-cipher.c +index d9d9d078ff..11ab1a54fc 100644 +--- a/tests/unit/test-crypto-cipher.c ++++ b/tests/unit/test-crypto-cipher.c +@@ -382,6 +382,19 @@ static QCryptoCipherTestData test_data[] = { + .plaintext = "90afe91bb288544f2c32dc239b2635e6", + .ciphertext = "6cb4561c40bf0a9705931cb6d408e7fa", + }, ++#ifdef CONFIG_CRYPTO_SM4 ++ { ++ /* SM4, GB/T 32907-2016, Appendix A.1 */ ++ .path = "/crypto/cipher/sm4", ++ .alg = QCRYPTO_CIPHER_ALG_SM4, ++ .mode = QCRYPTO_CIPHER_MODE_ECB, ++ .key = "0123456789abcdeffedcba9876543210", ++ .plaintext = ++ "0123456789abcdeffedcba9876543210", ++ .ciphertext = ++ "681edf34d206965e86b3e94f536e4246", ++ }, ++#endif + { + /* #1 32 byte key, 32 byte PTX */ + .path = "/crypto/cipher/aes-xts-128-1", +-- +2.41.0.windows.1 + diff --git a/acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch b/acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch new file mode 100644 index 0000000..f431d15 --- /dev/null +++ b/acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch @@ -0,0 +1,170 @@ +From 4682b5120ba5eb8e9347f034d72e0e739bee3ff3 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Wed, 23 Oct 2024 14:53:23 +0800 +Subject: [PATCH] acpi: cpuhp: fix guest-visible maximum access size to the + legacy reg block +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cheery-pick from dab30fbef3896bb652a09d46c37d3f55657cbcbb + +The modern ACPI CPU hotplug interface was introduced in the following +series (aa1dd39ca307..679dd1a957df), released in v2.7.0: + + 1 abd49bc2ed2f docs: update ACPI CPU hotplug spec with new protocol + 2 16bcab97eb9f pc: piix4/ich9: add 'cpu-hotplug-legacy' property + 3 5e1b5d93887b acpi: cpuhp: add CPU devices AML with _STA method + 4 ac35f13ba8f8 pc: acpi: introduce AcpiDeviceIfClass.madt_cpu hook + 5 d2238cb6781d acpi: cpuhp: implement hot-add parts of CPU hotplug + interface + 6 8872c25a26cc acpi: cpuhp: implement hot-remove parts of CPU hotplug + interface + 7 76623d00ae57 acpi: cpuhp: add cpu._OST handling + 8 679dd1a957df pc: use new CPU hotplug interface since 2.7 machine type + +Before patch#1, "docs/specs/acpi_cpu_hotplug.txt" only specified 1-byte +accesses for the hotplug register block. Patch#1 preserved the same +restriction for the legacy register block, but: + +- it specified DWORD accesses for some of the modern registers, + +- in particular, the switch from the legacy block to the modern block + would require a DWORD write to the *legacy* block. + +The latter functionality was then implemented in cpu_status_write() +[hw/acpi/cpu_hotplug.c], in patch#8. + +Unfortunately, all DWORD accesses depended on a dormant bug: the one +introduced in earlier commit a014ed07bd5a ("memory: accept mismatching +sizes in memory_region_access_valid", 2013-05-29); first released in +v1.6.0. Due to commit a014ed07bd5a, the DWORD accesses to the *legacy* +CPU hotplug register block would work in spite of the above series *not* +relaxing "valid.max_access_size = 1" in "hw/acpi/cpu_hotplug.c": + +> static const MemoryRegionOps AcpiCpuHotplug_ops = { +> .read = cpu_status_read, +> .write = cpu_status_write, +> .endianness = DEVICE_LITTLE_ENDIAN, +> .valid = { +> .min_access_size = 1, +> .max_access_size = 1, +> }, +> }; + +Later, in commits e6d0c3ce6895 ("acpi: cpuhp: introduce 'Command data 2' +field", 2020-01-22) and ae340aa3d256 ("acpi: cpuhp: spec: add typical +usecases", 2020-01-22), first released in v5.0.0, the modern CPU hotplug +interface (including the documentation) was extended with another DWORD +*read* access, namely to the "Command data 2" register, which would be +important for the guest to confirm whether it managed to switch the +register block from legacy to modern. + +This functionality too silently depended on the bug from commit +a014ed07bd5a. + +In commit 5d971f9e6725 ('memory: Revert "memory: accept mismatching sizes +in memory_region_access_valid"', 2020-06-26), first released in v5.1.0, +the bug from commit a014ed07bd5a was fixed (the commit was reverted). +That swiftly exposed the bug in "AcpiCpuHotplug_ops", still present from +the v2.7.0 series quoted at the top -- namely the fact that +"valid.max_access_size = 1" didn't match what the guest was supposed to +do, according to the spec ("docs/specs/acpi_cpu_hotplug.txt"). + +The symptom is that the "modern interface negotiation protocol" +described in commit ae340aa3d256: + +> + Use following steps to detect and enable modern CPU hotplug interface: +> + 1. Store 0x0 to the 'CPU selector' register, +> + attempting to switch to modern mode +> + 2. Store 0x0 to the 'CPU selector' register, +> + to ensure valid selector value +> + 3. Store 0x0 to the 'Command field' register, +> + 4. Read the 'Command data 2' register. +> + If read value is 0x0, the modern interface is enabled. +> + Otherwise legacy or no CPU hotplug interface available + +falls apart for the guest: steps 1 and 2 are lost, because they are DWORD +writes; so no switching happens. Step 3 (a single-byte write) is not +lost, but it has no effect; see the condition in cpu_status_write() in +patch#8. And step 4 *misleads* the guest into thinking that the switch +worked: the DWORD read is lost again -- it returns zero to the guest +without ever reaching the device model, so the guest never learns the +switch didn't work. + +This means that guest behavior centered on the "Command data 2" register +worked *only* in the v5.0.0 release; it got effectively regressed in +v5.1.0. + +To make things *even more* complicated, the breakage was (and remains, as +of today) visible with TCG acceleration only. Commit 5d971f9e6725 makes +no difference with KVM acceleration -- the DWORD accesses still work, +despite "valid.max_access_size = 1". + +As commit 5d971f9e6725 suggests, fix the problem by raising +"valid.max_access_size" to 4 -- the spec now clearly instructs the guest +to perform DWORD accesses to the legacy register block too, for enabling +(and verifying!) the modern block. In order to keep compatibility for the +device model implementation though, set "impl.max_access_size = 1", so +that wide accesses be split before they reach the legacy read/write +handlers, like they always have been on KVM, and like they were on TCG +before 5d971f9e6725 (v5.1.0). + +Tested with: + +- OVMF IA32 + qemu-system-i386, CPU hotplug/hot-unplug with SMM, + intermixed with ACPI S3 suspend/resume, using KVM accel + (regression-test); + +- OVMF IA32X64 + qemu-system-x86_64, CPU hotplug/hot-unplug with SMM, + intermixed with ACPI S3 suspend/resume, using KVM accel + (regression-test); + +- OVMF IA32 + qemu-system-i386, SMM enabled, using TCG accel; verified the + register block switch and the present/possible CPU counting through the + modern hotplug interface, during OVMF boot (bugfix test); + +- I do not have any testcase (guest payload) for regression-testing CPU + hotplug through the *legacy* CPU hotplug register block. + +Cc: "Michael S. Tsirkin" +Cc: Ani Sinha +Cc: Ard Biesheuvel +Cc: Igor Mammedov +Cc: Paolo Bonzini +Cc: Peter Maydell +Cc: Philippe Mathieu-Daudé +Cc: qemu-stable@nongnu.org +Ref: "IO port write width clamping differs between TCG and KVM" +Link: http://mid.mail-archive.com/aaedee84-d3ed-a4f9-21e7-d221a28d1683@redhat.com +Link: https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg00199.html +Reported-by: Ard Biesheuvel +Signed-off-by: Laszlo Ersek +Tested-by: Ard Biesheuvel +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: Igor Mammedov +Message-Id: <20230105161804.82486-1-lersek@redhat.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Zhang Jiao +--- + hw/acpi/cpu_hotplug.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/hw/acpi/cpu_hotplug.c b/hw/acpi/cpu_hotplug.c +index 53654f8638..ff14c3f410 100644 +--- a/hw/acpi/cpu_hotplug.c ++++ b/hw/acpi/cpu_hotplug.c +@@ -52,6 +52,9 @@ static const MemoryRegionOps AcpiCpuHotplug_ops = { + .endianness = DEVICE_LITTLE_ENDIAN, + .valid = { + .min_access_size = 1, ++ .max_access_size = 4, ++ }, ++ .impl = { + .max_access_size = 1, + }, + }; +-- +2.41.0.windows.1 + diff --git a/acpi-ged-Add-macro-for-acpi-sleep-control-register.patch b/acpi-ged-Add-macro-for-acpi-sleep-control-register.patch new file mode 100644 index 0000000..975557f --- /dev/null +++ b/acpi-ged-Add-macro-for-acpi-sleep-control-register.patch @@ -0,0 +1,59 @@ +From 865e7df2b0c8dd7fa026350f9f4d0a4e1063f0a5 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Wed, 23 Oct 2024 14:43:08 +0800 +Subject: [PATCH] acpi: ged: Add macro for acpi sleep control register + +cheery-pick from edafc90ba481c586d0a649f34dcb8cd1f29c4259 + +Macro definition is added for acpi sleep control register, ged emulation +driver can use the macro , also it can be used in FDT table if ged is +exposed with FDT table. + +Signed-off-by: Bibo Mao +Reviewed-by: Igor Mammedov +Message-Id: <20240918014206.2165821-2-maobibo@loongson.cn> +Signed-off-by: Song Gao +Signed-off-by: Zhang Jiao +--- + hw/acpi/generic_event_device.c | 6 +++--- + include/hw/acpi/generic_event_device.h | 7 +++++-- + 2 files changed, 8 insertions(+), 5 deletions(-) + +diff --git a/hw/acpi/generic_event_device.c b/hw/acpi/generic_event_device.c +index 9118681662..9daf4f9f13 100644 +--- a/hw/acpi/generic_event_device.c ++++ b/hw/acpi/generic_event_device.c +@@ -201,9 +201,9 @@ static void ged_regs_write(void *opaque, hwaddr addr, uint64_t data, + + switch (addr) { + case ACPI_GED_REG_SLEEP_CTL: +- slp_typ = (data >> 2) & 0x07; +- slp_en = (data >> 5) & 0x01; +- if (slp_en && slp_typ == 5) { ++ slp_typ = (data >> ACPI_GED_SLP_TYP_POS) & ACPI_GED_SLP_TYP_MASK; ++ slp_en = !!(data & ACPI_GED_SLP_EN); ++ if (slp_en && slp_typ == ACPI_GED_SLP_TYP_S5) { + qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN); + } + return; +diff --git a/include/hw/acpi/generic_event_device.h b/include/hw/acpi/generic_event_device.h +index 6bb2ade385..95ade521e9 100644 +--- a/include/hw/acpi/generic_event_device.h ++++ b/include/hw/acpi/generic_event_device.h +@@ -83,8 +83,11 @@ OBJECT_DECLARE_SIMPLE_TYPE(AcpiGedState, ACPI_GED) + /* ACPI_GED_REG_RESET value for reset*/ + #define ACPI_GED_RESET_VALUE 0x42 + +-/* ACPI_GED_REG_SLEEP_CTL.SLP_TYP value for S5 (aka poweroff) */ +-#define ACPI_GED_SLP_TYP_S5 0x05 ++/* [ACPI 5.0 Chapter 4.8.3.7] Sleep Control and Status Register */ ++#define ACPI_GED_SLP_TYP_POS 0x2 /* SLP_TYPx Bit Offset */ ++#define ACPI_GED_SLP_TYP_MASK 0x07 /* SLP_TYPx 3-bit mask */ ++#define ACPI_GED_SLP_TYP_S5 0x05 /* System _S5 State (Soft Off) */ ++#define ACPI_GED_SLP_EN 0x20 /* SLP_EN write-only bit */ + + #define GED_DEVICE "GED" + #define AML_GED_EVT_REG "EREG" +-- +2.41.0.windows.1 + diff --git a/block-nvme-nvme_process_completion-fix-bound-for-cid.patch b/block-nvme-nvme_process_completion-fix-bound-for-cid.patch new file mode 100644 index 0000000..b34dbe1 --- /dev/null +++ b/block-nvme-nvme_process_completion-fix-bound-for-cid.patch @@ -0,0 +1,42 @@ +From 3abff2e277d590cd59941672278bbc3c94a8b90d Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Mon, 21 Oct 2024 14:48:25 +0800 +Subject: [PATCH] block/nvme: nvme_process_completion() fix bound for cid + +cheery-pick from cc8fb0c3ae3c950eb40e969607e17ff16a7519ac + +NVMeQueuePair::reqs has length NVME_NUM_REQS, which less than +NVME_QUEUE_SIZE by 1. + +Fixes: 1086e95da17050 ("block/nvme: switch to a NVMeRequest freelist") +Signed-off-by: Vladimir Sementsov-Ogievskiy +Reviewed-by: Stefan Hajnoczi +Reviewed-by: Maksim Davydov +Message-id: 20231017125941.810461-5-vsementsov@yandex-team.ru +Signed-off-by: Peter Maydell +Signed-off-by: Zhang Jiao +--- + block/nvme.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/block/nvme.c b/block/nvme.c +index fa360b9b3c..d8f4b04e19 100644 +--- a/block/nvme.c ++++ b/block/nvme.c +@@ -410,9 +410,10 @@ static bool nvme_process_completion(NVMeQueuePair *q) + q->cq_phase = !q->cq_phase; + } + cid = le16_to_cpu(c->cid); +- if (cid == 0 || cid > NVME_QUEUE_SIZE) { +- warn_report("NVMe: Unexpected CID in completion queue: %"PRIu32", " +- "queue size: %u", cid, NVME_QUEUE_SIZE); ++ if (cid == 0 || cid > NVME_NUM_REQS) { ++ warn_report("NVMe: Unexpected CID in completion queue: %" PRIu32 ++ ", should be within: 1..%u inclusively", cid, ++ NVME_NUM_REQS); + continue; + } + trace_nvme_complete_command(s, q->index, cid); +-- +2.41.0.windows.1 + diff --git a/chardev-baum-Replace-magic-values-by-X_MAX-Y_MAX-def.patch b/chardev-baum-Replace-magic-values-by-X_MAX-Y_MAX-def.patch new file mode 100644 index 0000000..2adaabe --- /dev/null +++ b/chardev-baum-Replace-magic-values-by-X_MAX-Y_MAX-def.patch @@ -0,0 +1,58 @@ +From 185f3887a17ed6f35d67934a8583096de0713168 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Sat, 12 Oct 2024 08:53:40 +0000 +Subject: [PATCH] chardev/baum: Replace magic values by X_MAX / Y_MAX + definitions mainline inclusion commit + f63a6e381c48b796c3964accaa88c0d0e229b17f category: bugfix +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--------------------------------------------------------------- + +Replace '84' magic value by the X_MAX definition, and '1' by Y_MAX. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Marc-André Lureau +Reviewed-by: Samuel Thibault +Signed-off-by: Peter Maydell +Message-id: 20220819153931.3147384-2-peter.maydell@linaro.org + +Signed-off-by: tangbinzy +--- + chardev/baum.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/chardev/baum.c b/chardev/baum.c +index 79d618e350..6d538808a0 100644 +--- a/chardev/baum.c ++++ b/chardev/baum.c +@@ -87,6 +87,9 @@ + + #define BUF_SIZE 256 + ++#define X_MAX 84 ++#define Y_MAX 1 ++ + struct BaumChardev { + Chardev parent; + +@@ -244,11 +247,11 @@ static int baum_deferred_init(BaumChardev *baum) + brlapi_perror("baum: brlapi__getDisplaySize"); + return 0; + } +- if (baum->y > 1) { +- baum->y = 1; ++ if (baum->y > Y_MAX) { ++ baum->y = Y_MAX; + } +- if (baum->x > 84) { +- baum->x = 84; ++ if (baum->x > X_MAX) { ++ baum->x = X_MAX; + } + + con = qemu_console_lookup_by_index(0); +-- +2.41.0.windows.1 + diff --git a/chardev-baum-Use-definitions-to-avoid-dynamic-stack-.patch b/chardev-baum-Use-definitions-to-avoid-dynamic-stack-.patch new file mode 100644 index 0000000..404902a --- /dev/null +++ b/chardev-baum-Use-definitions-to-avoid-dynamic-stack-.patch @@ -0,0 +1,53 @@ +From 68657107f970ea068b662e7a13b8b3ebcfcb36e1 Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 21 Oct 2024 20:04:58 +0800 +Subject: [PATCH] chardev/baum: Use definitions to avoid dynamic stack + allocation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We know 'x * y' will be at most 'X_MAX * Y_MAX' (which is not +a big value, it is actually 84). Instead of having the compiler +use variable-length array, declare an array able to hold the +maximum 'x * y'. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Marc-André Lureau +Reviewed-by: Samuel Thibault +Signed-off-by: Peter Maydell +Message-id: 20220819153931.3147384-3-peter.maydell@linaro.org +Signed-off-by: Liu Jing +--- + chardev/baum.c | 8 ++++---- + 1 file changed, 4 insertions(+), 4 deletions(-) + +diff --git a/chardev/baum.c b/chardev/baum.c +index 79d618e350..522ea1351e 100644 +--- a/chardev/baum.c ++++ b/chardev/baum.c +@@ -380,9 +380,9 @@ static int baum_eat_packet(BaumChardev *baum, const uint8_t *buf, int len) + switch (req) { + case BAUM_REQ_DisplayData: + { +- uint8_t cells[baum->x * baum->y], c; +- uint8_t text[baum->x * baum->y]; +- uint8_t zero[baum->x * baum->y]; ++ uint8_t cells[X_MAX * Y_MAX], c; ++ uint8_t text[X_MAX * Y_MAX]; ++ uint8_t zero[X_MAX * Y_MAX]; + int cursor = BRLAPI_CURSOR_OFF; + int i; + +@@ -405,7 +405,7 @@ static int baum_eat_packet(BaumChardev *baum, const uint8_t *buf, int len) + } + timer_del(baum->cellCount_timer); + +- memset(zero, 0, sizeof(zero)); ++ memset(zero, 0, baum->x * baum->y); + + brlapi_writeArguments_t wa = { + .displayNumber = BRLAPI_DISPLAY_DEFAULT, +-- +2.41.0.windows.1 + diff --git a/chardev-char-fix-qemu_chr_is_busy-check.patch b/chardev-char-fix-qemu_chr_is_busy-check.patch new file mode 100644 index 0000000..cea1570 --- /dev/null +++ b/chardev-char-fix-qemu_chr_is_busy-check.patch @@ -0,0 +1,42 @@ +From f443bb4b240574e17bb0b06fc88d910a68b40d54 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Thu, 17 Oct 2024 13:50:26 +0800 +Subject: [PATCH] chardev/char: fix qemu_chr_is_busy() check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cheery-pick from df12798f8791a929f4d7309f67a0f437c608e7fb + +`mux_cnt` struct member never goes negative or decrements, +so mux chardev can be !busy only when there are no +frontends attached. This patch fixes the always-true +check. + +Fixes: a4afa548fc6d ("char: move front end handlers in CharBackend") +Signed-off-by: Roman Penyaev +Cc: "Marc-André Lureau" +Cc: qemu-devel@nongnu.org +Reviewed-by: Marc-André Lureau +Message-ID: <20241014152408.427700-2-r.peniaev@gmail.com> +Signed-off-by: Zhang Jiao +--- + chardev/char.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/chardev/char.c b/chardev/char.c +index 6bb99bd485..b76bbe8019 100644 +--- a/chardev/char.c ++++ b/chardev/char.c +@@ -320,7 +320,7 @@ static bool qemu_chr_is_busy(Chardev *s) + { + if (CHARDEV_IS_MUX(s)) { + MuxChardev *d = MUX_CHARDEV(s); +- return d->mux_cnt >= 0; ++ return d->mux_cnt > 0; + } else { + return s->be != NULL; + } +-- +2.41.0.windows.1 + diff --git a/configs-Fix-typo-in-the-sh4-softmmu-devices-config-f.patch b/configs-Fix-typo-in-the-sh4-softmmu-devices-config-f.patch new file mode 100644 index 0000000..c49425e --- /dev/null +++ b/configs-Fix-typo-in-the-sh4-softmmu-devices-config-f.patch @@ -0,0 +1,32 @@ +From e4e3d2395eabfeee431155af2fb766c819d6513b Mon Sep 17 00:00:00 2001 +From: guping +Date: Wed, 9 Oct 2024 00:39:58 +0000 +Subject: [PATCH] configs: Fix typo in the sh4-softmmu devices config file + cherry-pick from 01063ba5e7490f209e13b28e700195c9d4800b73 + +This is the config file for the little endian target, so there +should not be a "eb" in here. + +Message-ID: <20240920161045.84622-1-thuth@redhat.com> +Reviewed-by: default avatarRichard Henderson +Reviewed-by: default avatarYoshinori Sato +Signed-off-by: Thomas Huth's avatarThomas Huth + +Signed-off-by: guping +--- + configs/devices/sh4-softmmu/default.mak | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/configs/devices/sh4-softmmu/default.mak b/configs/devices/sh4-softmmu/default.mak +index 565e8b0b5d..5e86578647 100644 +--- a/configs/devices/sh4-softmmu/default.mak ++++ b/configs/devices/sh4-softmmu/default.mak +@@ -1,4 +1,4 @@ +-# Default configuration for sh4eb-softmmu ++# Default configuration for sh4-softmmu + + # Uncomment the following lines to disable these optional devices: + # +-- +2.41.0.windows.1 + diff --git a/docs-tools-qemu-img.rst-fix-typo-sumarizes.patch b/docs-tools-qemu-img.rst-fix-typo-sumarizes.patch new file mode 100644 index 0000000..8d238bf --- /dev/null +++ b/docs-tools-qemu-img.rst-fix-typo-sumarizes.patch @@ -0,0 +1,31 @@ +From 0dcbabca41c8f59b4fc0f4e46379e016100dc73d Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Mon, 21 Oct 2024 09:42:05 +0800 +Subject: [PATCH] docs/tools/qemu-img.rst: fix typo (sumarizes) + +cheery-pick from 8a8be21dde814e7cef43acac8140a7ccd0c4f6fb + +Signed-off-by: Samuel Tardieu +Reviewed-by: Zhao Liu +Signed-off-by: Michael Tokarev +Signed-off-by: Zhang Jiao +--- + docs/tools/qemu-img.rst | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/docs/tools/qemu-img.rst b/docs/tools/qemu-img.rst +index d663dd92bd..1d68f9238f 100644 +--- a/docs/tools/qemu-img.rst ++++ b/docs/tools/qemu-img.rst +@@ -402,7 +402,7 @@ Command description: + Compare exits with ``0`` in case the images are equal and with ``1`` + in case the images differ. Other exit codes mean an error occurred during + execution and standard error output should contain an error message. +- The following table sumarizes all exit codes of the compare subcommand: ++ The following table summarizes all exit codes of the compare subcommand: + + 0 + Images are identical (or requested help was printed) +-- +2.41.0.windows.1 + diff --git a/edu-fix-DMA-range-upper-bound-check.patch b/edu-fix-DMA-range-upper-bound-check.patch new file mode 100644 index 0000000..957464f --- /dev/null +++ b/edu-fix-DMA-range-upper-bound-check.patch @@ -0,0 +1,47 @@ +From 2773eb7848850e1e5099b255d84fb1da13fecd44 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Fri, 18 Oct 2024 09:07:39 +0800 +Subject: [PATCH] edu: fix DMA range upper bound check + +cheery-pick from 2c5107e1b455d4a157124f021826ead4e04b4aea + +The edu_check_range function checks that start <= end1 < end2, where +end1 is the upper bound (exclusive) of the guest-supplied DMA range and +end2 is the upper bound (exclusive) of the device's allowed DMA range. +When the guest tries to transfer exactly DMA_SIZE (4096) bytes, end1 +will be equal to end2, so the check fails and QEMU aborts with this +puzzling error message (newlines added for formatting): + + qemu: hardware error: EDU: DMA range + 0x0000000000040000-0x0000000000040fff out of bounds + (0x0000000000040000-0x0000000000040fff)! + +By checking end1 <= end2 instead, guests will be allowed to transfer +exactly 4096 bytes. It is not necessary to explicitly check for +start <= end1 because the previous two checks (within(addr, start, end2) +and end1 > addr) imply start < end1. + +Fixes: b30934cb52a7 ("hw: misc, add educational driver", 2015-01-21) +Signed-off-by: Max Erenberg +Signed-off-by: Michael Tokarev +Signed-off-by: Zhang Jiao +--- + hw/misc/edu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/misc/edu.c b/hw/misc/edu.c +index e935c418d4..a9f6421aa5 100644 +--- a/hw/misc/edu.c ++++ b/hw/misc/edu.c +@@ -115,7 +115,7 @@ static void edu_check_range(uint64_t addr, uint64_t size1, uint64_t start, + uint64_t end2 = start + size2; + + if (within(addr, start, end2) && +- end1 > addr && within(end1, start, end2)) { ++ end1 > addr && end1 <= end2) { + return; + } + +-- +2.41.0.windows.1 + diff --git a/hcd-ohci-Drop-ohci_service_iso_td-if-ed-head-OHCI_DP.patch b/hcd-ohci-Drop-ohci_service_iso_td-if-ed-head-OHCI_DP.patch new file mode 100644 index 0000000..5df7c3b --- /dev/null +++ b/hcd-ohci-Drop-ohci_service_iso_td-if-ed-head-OHCI_DP.patch @@ -0,0 +1,111 @@ +From 11d2262ba82c29dd3b6bdfe1e40f57efad550ffc Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Sat, 12 Oct 2024 09:47:17 +0000 +Subject: [PATCH] hcd-ohci: Drop ohci_service_iso_td() if ed->head & + OHCI_DPTR_MASK is zero mainline inclusion commit + d8c2e6f2f6d29ccb766197181eb1c65c1d46b3a4 category: bugfix + +--------------------------------------------------------------- + +An abort happens in ohci_frame_boundary() when ohci->done is 0 [1]. + +``` c +static void ohci_frame_boundary(void *opaque) +{ + // ... + if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) { + if (!ohci->done) + abort(); <----------------------------------------- [1] +``` + +This was reported in https://bugs.launchpad.net/qemu/+bug/1911216/, +https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html, and +https://gitlab.com/qemu-project/qemu/-/issues/545. I can still reproduce it with +the latest QEMU. + +This happends due to crafted ED with putting ISO_TD at physical address 0. + +Suppose ed->head & OHCI_DPTR_MASK is 0 [2], and we memset 0 to the phyiscal +memory from 0 to sizeof(ohci_iso_td). Then, starting_frame [3] and frame_count +[4] are both 0. As we can control the value of ohci->frame_number (0 to 0x1f, +suppose 1), we then control the value of relative_frame_number to be 1 [6]. The +control flow goes to [7] where ohci->done is 0. Have returned from +ohci_service_iso_td(), ohci_frame_boundary() will abort() [1]. + +``` c +static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed) +{ + // ... + addr = ed->head & OHCI_DPTR_MASK; // <--------------------- [2] + + if (ohci_read_iso_td(ohci, addr, &iso_td)) { // <-------- [3] + // ... + + starting_frame = OHCI_BM(iso_td.flags, TD_SF); // <-------- [4] + frame_count = OHCI_BM(iso_td.flags, TD_FC); // <-------- [5] + relative_frame_number = USUB(ohci->frame_number, starting_frame); + // <-------- [6] + if (relative_frame_number < 0) { + return 1; + } else if (relative_frame_number > frame_count) { + // ... + ohci->done = addr; // <-------- [7] + // ... + } +``` + +As only (afaik) a guest root user can manipulate ED, TD and the physical memory, +this assertion failure is not a security bug. + +The idea to fix this issue is to drop ohci_service_iso_td() if ed->head & +OHCI_DPTR_MASK is 0, which is similar to the drop operation for +ohci_service_ed_list() when head is 0. Probably, a similar issue is in +ohci_service_td(). I drop ohci_service_td() if ed->head & OHCI_DPTR_MASK is 0. + +Fixes: 7bfe577702 ("OHCI USB isochronous transfers support (Arnon Gilboa)") +Reported-by: Gaoning Pan +Reported-by: Alexander Bulekov +Reported-by: Qiang Liu +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/545 +Buglink: https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html +Buglink: https://bugs.launchpad.net/qemu/+bug/1911216 +Signed-off-by: Qiang Liu +Message-Id: <20220826051557.119570-1-cyruscyliu@gmail.com> +Signed-off-by: Gerd Hoffmann + +Signed-off-by: tangbinzy +--- + hw/usb/hcd-ohci.c | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c +index a93d6b2e98..d6f1ae700e 100644 +--- a/hw/usb/hcd-ohci.c ++++ b/hw/usb/hcd-ohci.c +@@ -668,6 +668,11 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, + + addr = ed->head & OHCI_DPTR_MASK; + ++ if (addr == 0) { ++ ohci_die(ohci); ++ return 1; ++ } ++ + if (ohci_read_iso_td(ohci, addr, &iso_td)) { + trace_usb_ohci_iso_td_read_failed(addr); + ohci_die(ohci); +@@ -953,6 +958,11 @@ static int ohci_service_td(OHCIState *ohci, struct ohci_ed *ed) + int completion; + + addr = ed->head & OHCI_DPTR_MASK; ++ if (addr == 0) { ++ ohci_die(ohci); ++ return 1; ++ } ++ + /* See if this TD has already been submitted to the device. */ + completion = (addr == ohci->async_td); + if (completion && !ohci->async_complete) { +-- +2.41.0.windows.1 + diff --git a/hw-core-ptimer-fix-timer-zero-period-condition-for-f.patch b/hw-core-ptimer-fix-timer-zero-period-condition-for-f.patch new file mode 100644 index 0000000..7f45cb7 --- /dev/null +++ b/hw-core-ptimer-fix-timer-zero-period-condition-for-f.patch @@ -0,0 +1,101 @@ +From 309d5b48a969e67ee97a7cae0c77e67728742c19 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Wed, 16 Oct 2024 14:33:19 +0800 +Subject: [PATCH] hw/core/ptimer: fix timer zero period condition for freq > + 1GHz + +cheery-pick from 446e5e8b4515e9a7be69ef6a29852975289bb6f0 + +The real period is zero when both period and period_frac are zero. +Check the method ptimer_set_freq, if freq is larger than 1000 MHz, +the period is zero, but the period_frac is not, in this case, the +ptimer will work but the current code incorrectly recognizes that +the ptimer is disabled. + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2306 +Signed-off-by: JianZhou Yue +Message-id: 3DA024AEA8B57545AF1B3CAA37077D0FB75E82C8@SHASXM03.verisilicon.com +Reviewed-by: Peter Maydell +Signed-off-by: Peter Maydell +Signed-off-by: Zhang Jiao +--- + hw/core/ptimer.c | 4 ++-- + tests/unit/ptimer-test.c | 33 +++++++++++++++++++++++++++++++++ + 2 files changed, 35 insertions(+), 2 deletions(-) + +diff --git a/hw/core/ptimer.c b/hw/core/ptimer.c +index 6ba19fd965..25063deefe 100644 +--- a/hw/core/ptimer.c ++++ b/hw/core/ptimer.c +@@ -84,7 +84,7 @@ static void ptimer_reload(ptimer_state *s, int delta_adjust) + delta = s->delta = s->limit; + } + +- if (s->period == 0) { ++ if (s->period == 0 && s->period_frac == 0) { + if (!qtest_enabled()) { + fprintf(stderr, "Timer with period zero, disabling\n"); + } +@@ -310,7 +310,7 @@ void ptimer_run(ptimer_state *s, int oneshot) + + assert(s->in_transaction); + +- if (was_disabled && s->period == 0) { ++ if (was_disabled && s->period == 0 && s->period_frac == 0) { + if (!qtest_enabled()) { + fprintf(stderr, "Timer with period zero, disabling\n"); + } +diff --git a/tests/unit/ptimer-test.c b/tests/unit/ptimer-test.c +index 9176b96c1c..8544b6486c 100644 +--- a/tests/unit/ptimer-test.c ++++ b/tests/unit/ptimer-test.c +@@ -763,6 +763,33 @@ static void check_oneshot_with_load_0(gconstpointer arg) + ptimer_free(ptimer); + } + ++static void check_freq_more_than_1000M(gconstpointer arg) ++{ ++ const uint8_t *policy = arg; ++ ptimer_state *ptimer = ptimer_init(ptimer_trigger, NULL, *policy); ++ bool no_round_down = (*policy & PTIMER_POLICY_NO_COUNTER_ROUND_DOWN); ++ ++ triggered = false; ++ ++ ptimer_transaction_begin(ptimer); ++ ptimer_set_freq(ptimer, 2000000000); ++ ptimer_set_limit(ptimer, 8, 1); ++ ptimer_run(ptimer, 1); ++ ptimer_transaction_commit(ptimer); ++ ++ qemu_clock_step(3); ++ ++ g_assert_cmpuint(ptimer_get_count(ptimer), ==, no_round_down ? 3 : 2); ++ g_assert_false(triggered); ++ ++ qemu_clock_step(1); ++ ++ g_assert_cmpuint(ptimer_get_count(ptimer), ==, 0); ++ g_assert_true(triggered); ++ ++ ptimer_free(ptimer); ++} ++ + static void add_ptimer_tests(uint8_t policy) + { + char policy_name[256] = ""; +@@ -857,6 +884,12 @@ static void add_ptimer_tests(uint8_t policy) + policy_name), + g_memdup(&policy, 1), check_oneshot_with_load_0, g_free); + g_free(tmp); ++ ++ g_test_add_data_func_full( ++ tmp = g_strdup_printf("/ptimer/freq_more_than_1000M policy=%s", ++ policy_name), ++ g_memdup(&policy, 1), check_freq_more_than_1000M, g_free); ++ g_free(tmp); + } + + static void add_all_ptimer_policies_comb_tests(void) +-- +2.41.0.windows.1 + diff --git a/hw-i386-multiboot-Avoid-dynamic-stack-allocation.patch b/hw-i386-multiboot-Avoid-dynamic-stack-allocation.patch new file mode 100644 index 0000000..0fa3163 --- /dev/null +++ b/hw-i386-multiboot-Avoid-dynamic-stack-allocation.patch @@ -0,0 +1,50 @@ +From 1869848dd0bf4ac99ce1b272afc90d161558370c Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Sat, 12 Oct 2024 09:20:58 +0000 +Subject: [PATCH] hw/i386/multiboot: Avoid dynamic stack allocation mainline + inclusion commit fa87341dabebe79d2e5577432a98b83c9eddf968 category: bugfix +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--------------------------------------------------------------- + +Use autofree heap allocation instead of variable-length array on +the stack. Replace the snprintf() call by g_strdup_printf(). + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Richard Henderson +Signed-off-by: Peter Maydell +Message-id: 20220819153931.3147384-9-peter.maydell@linaro.org + +Signed-off-by: tangbinzy +--- + hw/i386/multiboot.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/hw/i386/multiboot.c b/hw/i386/multiboot.c +index 0a10089f14..963e29362e 100644 +--- a/hw/i386/multiboot.c ++++ b/hw/i386/multiboot.c +@@ -163,6 +163,7 @@ int load_multiboot(X86MachineState *x86ms, + uint8_t *mb_bootinfo_data; + uint32_t cmdline_len; + GList *mods = NULL; ++ g_autofree char *kcmdline = NULL; + + /* Ok, let's see if it is a multiboot image. + The header is 12x32bit long, so the latest entry may be 8192 - 48. */ +@@ -362,9 +363,7 @@ int load_multiboot(X86MachineState *x86ms, + } + + /* Commandline support */ +- char kcmdline[strlen(kernel_filename) + strlen(kernel_cmdline) + 2]; +- snprintf(kcmdline, sizeof(kcmdline), "%s %s", +- kernel_filename, kernel_cmdline); ++ kcmdline = g_strdup_printf("%s %s", kernel_filename, kernel_cmdline); + stl_p(bootinfo + MBI_CMDLINE, mb_add_cmdline(&mbs, kcmdline)); + + stl_p(bootinfo + MBI_BOOTLOADER, mb_add_bootloader(&mbs, bootloader_name)); +-- +2.41.0.windows.1 + diff --git a/hw-intc-xics-Avoid-dynamic-stack-allocation.patch b/hw-intc-xics-Avoid-dynamic-stack-allocation.patch new file mode 100644 index 0000000..46c4970 --- /dev/null +++ b/hw-intc-xics-Avoid-dynamic-stack-allocation.patch @@ -0,0 +1,42 @@ +From 2eae57b784c362d1e3aeb8f2b4c5796faaf91ac3 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Sat, 12 Oct 2024 09:04:19 +0000 +Subject: [PATCH] hw/intc/xics: Avoid dynamic stack allocation mainline + inclusion commit 7650c8fe520c67c3b36f6962c4ad990f56ad40b8 category: bugfix +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--------------------------------------------------------------- + +Use autofree heap allocation instead of variable-length +array on the stack. + +Signed-off-by: Philippe Mathieu-Daudé +Acked-by: David Gibson +Reviewed-by: Greg Kurz +Signed-off-by: Peter Maydell +Message-id: 20220819153931.3147384-8-peter.maydell@linaro.org + +Signed-off-by: tangbinzy +--- + hw/intc/xics.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/intc/xics.c b/hw/intc/xics.c +index 48a835eab7..9215ef1fb5 100644 +--- a/hw/intc/xics.c ++++ b/hw/intc/xics.c +@@ -565,8 +565,8 @@ static void ics_reset_irq(ICSIRQState *irq) + static void ics_reset(DeviceState *dev) + { + ICSState *ics = ICS(dev); ++ g_autofree uint8_t *flags = g_malloc(ics->nr_irqs); + int i; +- uint8_t flags[ics->nr_irqs]; + + for (i = 0; i < ics->nr_irqs; i++) { + flags[i] = ics->irqs[i].flags; +-- +2.41.0.windows.1 + diff --git a/hw-net-can-sja1000-fix-bug-for-single-acceptance-fil.patch b/hw-net-can-sja1000-fix-bug-for-single-acceptance-fil.patch new file mode 100644 index 0000000..8fbec5a --- /dev/null +++ b/hw-net-can-sja1000-fix-bug-for-single-acceptance-fil.patch @@ -0,0 +1,43 @@ +From 57625e5ddfb167711ebd0b9486594ef8413d519c Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Thu, 17 Oct 2024 11:07:11 +0800 +Subject: [PATCH] hw/net/can/sja1000: fix bug for single acceptance filter and + standard frame + +cheery-pick from 25145a7d7735344a469551946fc2a7f19eb4aa3d + +A CAN sja1000 standard frame filter mask has been computed and applied +incorrectly for standard frames when single Acceptance Filter Mode +(MOD_AFM = 1) has been selected. The problem has not been found +by Linux kernel testing because it uses dual filter mode (MOD_AFM = 0) +and leaves falters fully open. + +The problem has been noticed by Grant Ramsay when testing with Zephyr +RTOS which uses single filter mode. + +Signed-off-by: Pavel Pisa +Reported-by: Grant Ramsay +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2028 +Fixes: 733210e754 ("hw/net/can: SJA1000 chip register level emulation") +Message-ID: <20240103231426.5685-1-pisa@fel.cvut.cz> +Signed-off-by: Zhang Jiao +--- + hw/net/can/can_sja1000.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/hw/net/can/can_sja1000.c b/hw/net/can/can_sja1000.c +index 34eea684ce..5eefb8407e 100644 +--- a/hw/net/can/can_sja1000.c ++++ b/hw/net/can/can_sja1000.c +@@ -108,7 +108,7 @@ void can_sja_single_filter(struct qemu_can_filter *filter, + } + + filter->can_mask = (uint32_t)amr[0] << 3; +- filter->can_mask |= (uint32_t)amr[1] << 5; ++ filter->can_mask |= (uint32_t)amr[1] >> 5; + filter->can_mask = ~filter->can_mask & QEMU_CAN_SFF_MASK; + if (!(amr[1] & 0x10)) { + filter->can_mask |= QEMU_CAN_RTR_FLAG; +-- +2.41.0.windows.1 + diff --git a/hw-net-e1000e_core-Use-definition-to-avoid-dynamic-s.patch b/hw-net-e1000e_core-Use-definition-to-avoid-dynamic-s.patch new file mode 100644 index 0000000..2d6c196 --- /dev/null +++ b/hw-net-e1000e_core-Use-definition-to-avoid-dynamic-s.patch @@ -0,0 +1,51 @@ +From 01a9518a9f305ea0ade60028c6bf4c26431fd707 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Sat, 12 Oct 2024 09:01:55 +0000 +Subject: [PATCH] hw/net/e1000e_core: Use definition to avoid dynamic stack + allocation mainline inclusion commit c140a69055bad798a335ea3c83aebceaca82bde0 + category: bugfix +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--------------------------------------------------------------- + +The compiler isn't clever enough to figure 'min_buf_size' +is a constant, so help it by using a definitions instead. + +Signed-off-by: Philippe Mathieu-Daudé +Acked-by: Jason Wang +Reviewed-by: Richard Henderson +Signed-off-by: Peter Maydell +Message-id: 20220819153931.3147384-6-peter.maydell@linaro.org +--- + hw/net/e1000e_core.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/hw/net/e1000e_core.c b/hw/net/e1000e_core.c +index 8ae6fb7e14..32c3507795 100644 +--- a/hw/net/e1000e_core.c ++++ b/hw/net/e1000e_core.c +@@ -1620,15 +1620,16 @@ e1000e_rx_fix_l4_csum(E1000ECore *core, struct NetRxPkt *pkt) + } + } + ++/* Min. octets in an ethernet frame sans FCS */ ++#define MIN_BUF_SIZE 60 ++ + ssize_t + e1000e_receive_iov(E1000ECore *core, const struct iovec *iov, int iovcnt) + { + static const int maximum_ethernet_hdr_len = (14 + 4); +- /* Min. octets in an ethernet frame sans FCS */ +- static const int min_buf_size = 60; + + uint32_t n = 0; +- uint8_t min_buf[min_buf_size]; ++ uint8_t min_buf[MIN_BUF_SIZE]; + struct iovec min_iov; + uint8_t *filter_buf; + size_t size, orig_size; +-- +2.41.0.windows.1 + diff --git a/hw-net-virtio-net-fix-qemu-set-used-ring-flag-even-v.patch b/hw-net-virtio-net-fix-qemu-set-used-ring-flag-even-v.patch new file mode 100644 index 0000000..a237644 --- /dev/null +++ b/hw-net-virtio-net-fix-qemu-set-used-ring-flag-even-v.patch @@ -0,0 +1,73 @@ +From 8784e43349fe54c50ecd9df804bb610c2b7f6f3c Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Thu, 17 Oct 2024 12:14:27 +0800 +Subject: [PATCH] hw/net/virtio-net: fix qemu set used ring flag even vhost + started +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cheery-pick from 4c54f5bc8e1d38f15cc35b6a6932d8fbe219c692 + +When vhost-user or vhost-kernel is handling virtio net datapath, +QEMU should not touch used ring. + +But with vhost-user socket reconnect scenario, in a very rare case +(has pending kick event). VRING_USED_F_NO_NOTIFY is set by QEMU in +following code path: + + #0 virtio_queue_split_set_notification (vq=0x7ff5f4c920a8, enable=0) at ../hw/virtio/virtio.c:511 + #1 0x0000559d6dbf033b in virtio_queue_set_notification (vq=0x7ff5f4c920a8, enable=0) at ../hw/virtio/virtio.c:576 + #2 0x0000559d6dbbbdbc in virtio_net_handle_tx_bh (vdev=0x559d703a6aa0, vq=0x7ff5f4c920a8) at ../hw/net/virtio-net.c:2801 + #3 0x0000559d6dbf4791 in virtio_queue_notify_vq (vq=0x7ff5f4c920a8) at ../hw/virtio/virtio.c:2248 + #4 0x0000559d6dbf79da in virtio_queue_host_notifier_read (n=0x7ff5f4c9211c) at ../hw/virtio/virtio.c:3525 + #5 0x0000559d6d9a5814 in virtio_bus_cleanup_host_notifier (bus=0x559d703a6a20, n=1) at ../hw/virtio/virtio-bus.c:321 + #6 0x0000559d6dbf83c9 in virtio_device_stop_ioeventfd_impl (vdev=0x559d703a6aa0) at ../hw/virtio/virtio.c:3774 + #7 0x0000559d6d9a55c8 in virtio_bus_stop_ioeventfd (bus=0x559d703a6a20) at ../hw/virtio/virtio-bus.c:259 + #8 0x0000559d6d9a53e8 in virtio_bus_grab_ioeventfd (bus=0x559d703a6a20) at ../hw/virtio/virtio-bus.c:199 + #9 0x0000559d6dbf841c in virtio_device_grab_ioeventfd (vdev=0x559d703a6aa0) at ../hw/virtio/virtio.c:3783 + #10 0x0000559d6d9bde18 in vhost_dev_enable_notifiers (hdev=0x559d707edd70, vdev=0x559d703a6aa0) at ../hw/virtio/vhost.c:1592 + #11 0x0000559d6d89a0b8 in vhost_net_start_one (net=0x559d707edd70, dev=0x559d703a6aa0) at ../hw/net/vhost_net.c:266 + #12 0x0000559d6d89a6df in vhost_net_start (dev=0x559d703a6aa0, ncs=0x559d7048d890, data_queue_pairs=31, cvq=0) at ../hw/net/vhost_net.c:412 + #13 0x0000559d6dbb5b89 in virtio_net_vhost_status (n=0x559d703a6aa0, status=15 '\017') at ../hw/net/virtio-net.c:311 + #14 0x0000559d6dbb5e34 in virtio_net_set_status (vdev=0x559d703a6aa0, status=15 '\017') at ../hw/net/virtio-net.c:392 + #15 0x0000559d6dbb60d8 in virtio_net_set_link_status (nc=0x559d7048d890) at ../hw/net/virtio-net.c:455 + #16 0x0000559d6da64863 in qmp_set_link (name=0x559d6f0b83d0 "hostnet1", up=true, errp=0x7ffdd76569f0) at ../net/net.c:1459 + #17 0x0000559d6da7226e in net_vhost_user_event (opaque=0x559d6f0b83d0, event=CHR_EVENT_OPENED) at ../net/vhost-user.c:301 + #18 0x0000559d6ddc7f63 in chr_be_event (s=0x559d6f2ffea0, event=CHR_EVENT_OPENED) at ../chardev/char.c:62 + #19 0x0000559d6ddc7fdc in qemu_chr_be_event (s=0x559d6f2ffea0, event=CHR_EVENT_OPENED) at ../chardev/char.c:82 + +This issue causes guest kernel stop kicking device and traffic stop. + +Add vhost_started check in virtio_net_handle_tx_bh to fix this wrong +VRING_USED_F_NO_NOTIFY set. + +Signed-off-by: Yajun Wu +Reviewed-by: Jiri Pirko +Acked-by: Michael S. Tsirkin +Message-ID: <20240402045109.97729-1-yajunw@nvidia.com> +[PMD: Use unlikely()] +Signed-off-by: Philippe Mathieu-Daudé +Signed-off-by: Zhang Jiao +--- + hw/net/virtio-net.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c +index cef7fc0aa0..7c87aa28ef 100644 +--- a/hw/net/virtio-net.c ++++ b/hw/net/virtio-net.c +@@ -2709,6 +2709,10 @@ static void virtio_net_handle_tx_bh(VirtIODevice *vdev, VirtQueue *vq) + VirtIONet *n = VIRTIO_NET(vdev); + VirtIONetQueue *q = &n->vqs[vq2q(virtio_get_queue_index(vq))]; + ++ if (unlikely(n->vhost_started)) { ++ return; ++ } ++ + if (unlikely((n->status & VIRTIO_NET_S_LINK_UP) == 0)) { + virtio_net_drop_tx_queue_data(vdev, vq); + return; +-- +2.41.0.windows.1 + diff --git a/hw-pci-Add-parenthesis-to-PCI_BUILD_BDF-macro.patch b/hw-pci-Add-parenthesis-to-PCI_BUILD_BDF-macro.patch new file mode 100644 index 0000000..17bb931 --- /dev/null +++ b/hw-pci-Add-parenthesis-to-PCI_BUILD_BDF-macro.patch @@ -0,0 +1,52 @@ +From cf7f716ba8fbcc4fc4d4edcce7bc3c6bbfa425a5 Mon Sep 17 00:00:00 2001 +From: tangzhongrui +Date: Wed, 6 Nov 2024 15:02:38 +0800 +Subject: [PATCH] hw/pci: Add parenthesis to PCI_BUILD_BDF macro +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The bus parameter in the macro PCI_BUILD_BDF is not surrounded by +parenthesis. This can create a compile error when warnings are +treated as errors or can potentially create runtime errors due to the +operator precedence. + +For instance: + + file.c:x:32: error: suggest parentheses around '-' inside '<<' + [-Werror=parentheses] + 171 | uint16_t bdf = PCI_BUILD_BDF(a - b, sdev->devfn); + | ~~^~~ + include/hw/pci/pci.h:19:41: note: in definition of macro + 'PCI_BUILD_BDF' + 19 | #define PCI_BUILD_BDF(bus, devfn) ((bus << 8) | (devfn)) + | ^~~ + cc1: all warnings being treated as errors + +Signed-off-by: Roque Arcudia Hernandez +Reviewed-by: Nabih Estefan +Message-Id: <20241101215923.3399311-1-roqueh@google.com> +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Zhongrui Tang +--- + include/hw/pci/pci.h | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/include/hw/pci/pci.h b/include/hw/pci/pci.h +index 458126a18c..a0cf893bfd 100644 +--- a/include/hw/pci/pci.h ++++ b/include/hw/pci/pci.h +@@ -18,7 +18,7 @@ extern bool pci_available; + #define PCI_BUS_NUM(x) (((x) >> 8) & 0xff) + #define PCI_SLOT(devfn) (((devfn) >> 3) & 0x1f) + #define PCI_FUNC(devfn) ((devfn) & 0x07) +-#define PCI_BUILD_BDF(bus, devfn) ((bus << 8) | (devfn)) ++#define PCI_BUILD_BDF(bus, devfn) (((bus) << 8) | (devfn)) + #define PCI_BUS_MAX 256 + #define PCI_DEVFN_MAX 256 + #define PCI_SLOT_MAX 32 +-- +2.41.0.windows.1 + diff --git a/hw-pci-bridge-Add-a-Kconfig-switch-for-the-normal-PC.patch b/hw-pci-bridge-Add-a-Kconfig-switch-for-the-normal-PC.patch new file mode 100644 index 0000000..01b0e96 --- /dev/null +++ b/hw-pci-bridge-Add-a-Kconfig-switch-for-the-normal-PC.patch @@ -0,0 +1,50 @@ +From 44ed577fd7c8ecf487157658e3d54cbfccb30ec2 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Wed, 23 Oct 2024 14:02:47 +0800 +Subject: [PATCH] hw/pci-bridge: Add a Kconfig switch for the normal PCI bridge +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cheery-pick from e779e5c05ad5d8237e2a7d8ba8b432cd24c1708b + +The pci-bridge device is not usable on s390x, so introduce a Kconfig +switch that allows to disable it. + +Message-ID: <20240913144844.427899-1-thuth@redhat.com> +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Cédric Le Goater +Signed-off-by: Thomas Huth +Signed-off-by: Zhang Jiao +--- + hw/pci-bridge/Kconfig | 5 +++++ + hw/pci-bridge/meson.build | 2 +- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/hw/pci-bridge/Kconfig b/hw/pci-bridge/Kconfig +index f8df4315ba..d87b96e8bc 100644 +--- a/hw/pci-bridge/Kconfig ++++ b/hw/pci-bridge/Kconfig +@@ -1,3 +1,8 @@ ++config PCI_BRIDGE ++ bool ++ default y if PCI_DEVICES ++ depends on PCI ++ + config PCIE_PORT + bool + default y if PCI_DEVICES +diff --git a/hw/pci-bridge/meson.build b/hw/pci-bridge/meson.build +index daab8acf2a..a48a6b9653 100644 +--- a/hw/pci-bridge/meson.build ++++ b/hw/pci-bridge/meson.build +@@ -1,5 +1,5 @@ + pci_ss = ss.source_set() +-pci_ss.add(files('pci_bridge_dev.c')) ++pci_ss.add(when: 'CONFIG_PCI_BRIDGE', if_true: files('pci_bridge_dev.c')) + pci_ss.add(when: 'CONFIG_I82801B11', if_true: files('i82801b11.c')) + pci_ss.add(when: 'CONFIG_IOH3420', if_true: files('ioh3420.c')) + pci_ss.add(when: 'CONFIG_PCIE_PORT', if_true: files('pcie_root_port.c', 'gen_pcie_root_port.c', 'pcie_pci_bridge.c')) +-- +2.41.0.windows.1 + diff --git a/hw-pci-host-pnv_phb-3-4-Fix-heap-out-of-bound-access.patch b/hw-pci-host-pnv_phb-3-4-Fix-heap-out-of-bound-access.patch new file mode 100644 index 0000000..3802ab1 --- /dev/null +++ b/hw-pci-host-pnv_phb-3-4-Fix-heap-out-of-bound-access.patch @@ -0,0 +1,60 @@ +From 1a122b51bddc216fa129e039012711a1a1a8b6b4 Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 14 Oct 2024 16:42:03 +0800 +Subject: [PATCH] hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access + failure +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +pnv_phb3_root_bus_info and pnv_phb4_root_bus_info are missing the +instance_size initialization. This results in accessing out-of-bound +memory when setting 'chip-id' and 'phb-id', and eventually crashes +glib's malloc functionality with the following message: + + "qemu-system-ppc64: GLib: ../glib-2.72.3/glib/gmem.c:131: failed to allocate 3232 bytes" + +This issue was noticed only when running qtests with QEMU Windows +32-bit executable. Windows 64-bit, Linux 32/64-bit do not expose +this bug though. + +Fixes: 9ae1329ee2fe ("ppc/pnv: Add models for POWER8 PHB3 PCIe Host bridge") +Fixes: 4f9924c4d4cf ("ppc/pnv: Add models for POWER9 PHB4 PCIe Host bridge") +Reviewed-by: Cédric Le Goater +Signed-off-by: Xuzhou Cheng +Signed-off-by: Bin Meng +Message-Id: <20220920103159.1865256-29-bmeng.cn@gmail.com> +Signed-off-by: Daniel Henrique Barboza +Signed-off-by: Liu Jing +--- + hw/pci-host/pnv_phb3.c | 1 + + hw/pci-host/pnv_phb4.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/hw/pci-host/pnv_phb3.c b/hw/pci-host/pnv_phb3.c +index 947efa77dc..bdc128013e 100644 +--- a/hw/pci-host/pnv_phb3.c ++++ b/hw/pci-host/pnv_phb3.c +@@ -1130,6 +1130,7 @@ static void pnv_phb3_root_bus_class_init(ObjectClass *klass, void *data) + static const TypeInfo pnv_phb3_root_bus_info = { + .name = TYPE_PNV_PHB3_ROOT_BUS, + .parent = TYPE_PCIE_BUS, ++ .instance_size = sizeof(PnvPHB3RootBus), + .class_init = pnv_phb3_root_bus_class_init, + .interfaces = (InterfaceInfo[]) { + { INTERFACE_PCIE_DEVICE }, +diff --git a/hw/pci-host/pnv_phb4.c b/hw/pci-host/pnv_phb4.c +index 4e17a48d35..9f115da7ac 100644 +--- a/hw/pci-host/pnv_phb4.c ++++ b/hw/pci-host/pnv_phb4.c +@@ -1321,6 +1321,7 @@ static void pnv_phb4_root_bus_class_init(ObjectClass *klass, void *data) + static const TypeInfo pnv_phb4_root_bus_info = { + .name = TYPE_PNV_PHB4_ROOT_BUS, + .parent = TYPE_PCIE_BUS, ++ .instance_size = sizeof(PnvPHB4RootBus), + .class_init = pnv_phb4_root_bus_class_init, + .interfaces = (InterfaceInfo[]) { + { INTERFACE_PCIE_DEVICE }, +-- +2.41.0.windows.1 + diff --git a/hw-ppc-spapr-Fix-code-style-problems-reported-by-che.patch b/hw-ppc-spapr-Fix-code-style-problems-reported-by-che.patch new file mode 100644 index 0000000..b9db4fc --- /dev/null +++ b/hw-ppc-spapr-Fix-code-style-problems-reported-by-che.patch @@ -0,0 +1,45 @@ +From c6f178f914eeac4cf1fd537e5e1c4172cf494029 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Sat, 12 Oct 2024 08:43:14 +0000 +Subject: [PATCH] hw/ppc/spapr: Fix code style problems reported by checkpatch + mainline inclusion commit 6b5cf264ee76d24b357a60b69b0635a533c1f647 category: + bugfix + +--------------------------------------------------------------- + +Reviewed-by: Daniel Henrique Barboza +Signed-off-by: Bernhard Beschow +Message-Id: <20220919231720.163121-5-shentey@gmail.com> +Signed-off-by: Daniel Henrique Barboza + +Signed-off-by: tangbinzy +--- + include/hw/ppc/spapr.h | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/include/hw/ppc/spapr.h b/include/hw/ppc/spapr.h +index 316b80318e..8390dd7743 100644 +--- a/include/hw/ppc/spapr.h ++++ b/include/hw/ppc/spapr.h +@@ -754,7 +754,8 @@ static inline uint64_t ppc64_phys_to_real(uint64_t addr) + + static inline uint32_t rtas_ld(target_ulong phys, int n) + { +- return ldl_be_phys(&address_space_memory, ppc64_phys_to_real(phys + 4*n)); ++ return ldl_be_phys(&address_space_memory, ++ ppc64_phys_to_real(phys + 4 * n)); + } + + static inline uint64_t rtas_ldq(target_ulong phys, int n) +@@ -764,7 +765,7 @@ static inline uint64_t rtas_ldq(target_ulong phys, int n) + + static inline void rtas_st(target_ulong phys, int n, uint32_t val) + { +- stl_be_phys(&address_space_memory, ppc64_phys_to_real(phys + 4*n), val); ++ stl_be_phys(&address_space_memory, ppc64_phys_to_real(phys + 4 * n), val); + } + + typedef void (*spapr_rtas_fn)(PowerPCCPU *cpu, SpaprMachineState *sm, +-- +2.41.0.windows.1 + diff --git a/hw-usb-hcd-ohci-Use-definition-to-avoid-dynamic-stac.patch b/hw-usb-hcd-ohci-Use-definition-to-avoid-dynamic-stac.patch new file mode 100644 index 0000000..798a4c0 --- /dev/null +++ b/hw-usb-hcd-ohci-Use-definition-to-avoid-dynamic-stac.patch @@ -0,0 +1,58 @@ +From eb7f58bd9b45b2e113a66a3694661977541cd266 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Sat, 12 Oct 2024 09:21:03 +0000 +Subject: [PATCH] hw/usb/hcd-ohci: Use definition to avoid dynamic stack + allocation mainline inclusion commit 29d81e429d16fe8f0f1cd99e63507ca53ca1945c + category: bugfix +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--------------------------------------------------------------- + +The compiler isn't clever enough to figure 'width' is a constant, +so help it by using a definitions instead. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Richard Henderson +Signed-off-by: Peter Maydell +Message-id: 20220819153931.3147384-10-peter.maydell@linaro.org + +Signed-off-by: tangbinzy +--- + hw/usb/hcd-ohci.c | 7 ++++--- + 1 file changed, 4 insertions(+), 3 deletions(-) + +diff --git a/hw/usb/hcd-ohci.c b/hw/usb/hcd-ohci.c +index a93d6b2e98..5e67eb4089 100644 +--- a/hw/usb/hcd-ohci.c ++++ b/hw/usb/hcd-ohci.c +@@ -900,13 +900,14 @@ static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed, + return 1; + } + ++#define HEX_CHAR_PER_LINE 16 ++ + static void ohci_td_pkt(const char *msg, const uint8_t *buf, size_t len) + { + bool print16; + bool printall; +- const int width = 16; + int i; +- char tmp[3 * width + 1]; ++ char tmp[3 * HEX_CHAR_PER_LINE + 1]; + char *p = tmp; + + print16 = !!trace_event_get_state_backends(TRACE_USB_OHCI_TD_PKT_SHORT); +@@ -917,7 +918,7 @@ static void ohci_td_pkt(const char *msg, const uint8_t *buf, size_t len) + } + + for (i = 0; ; i++) { +- if (i && (!(i % width) || (i == len))) { ++ if (i && (!(i % HEX_CHAR_PER_LINE) || (i == len))) { + if (!printall) { + trace_usb_ohci_td_pkt_short(msg, tmp); + break; +-- +2.41.0.windows.1 + diff --git a/intel_iommu-Add-missed-sanity-check-for-256-bit-inva.patch b/intel_iommu-Add-missed-sanity-check-for-256-bit-inva.patch new file mode 100644 index 0000000..aaaf886 --- /dev/null +++ b/intel_iommu-Add-missed-sanity-check-for-256-bit-inva.patch @@ -0,0 +1,180 @@ +From c14cdf57217aaf043b5ac1087b7ade9b3b5cd730 Mon Sep 17 00:00:00 2001 +From: tangzhongrui +Date: Wed, 6 Nov 2024 10:55:43 +0800 +Subject: [PATCH] intel_iommu: Add missed sanity check for 256-bit invalidation + queue + +According to VTD spec, a 256-bit descriptor will result in an invalid +descriptor error if submitted in an IQ that is setup to provide hardware +with 128-bit descriptors (IQA_REG.DW=0). Meanwhile, there are old inv desc +types (e.g. iotlb_inv_desc) that can be either 128bits or 256bits. If a +128-bit version of this descriptor is submitted into an IQ that is setup +to provide hardware with 256-bit descriptors will also result in an invalid +descriptor error. + +The 2nd will be captured by the tail register update. So we only need to +focus on the 1st. + +Because the reserved bit check between different types of invalidation desc +are common, so introduce a common function vtd_inv_desc_reserved_check() +to do all the checks and pass the differences as parameters. + +With this change, need to replace error_report_once() call with error_report() +to catch different call sites. This isn't an issue as error_report_once() +here is mainly used to help debug guest error, but it only dumps once in +qemu life cycle and doesn't help much, we need error_report() instead. + +Fixes: c0c1d351849b ("intel_iommu: add 256 bits qi_desc support") +Suggested-by: Yi Liu +Signed-off-by: Zhenzhong Duan +Message-Id: <20241104125536.1236118-3-zhenzhong.duan@intel.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Zhongrui Tang tangzhongrui_yewu@cmss.chinamobile.com +--- + hw/i386/intel_iommu.c | 80 ++++++++++++++++++++++++---------- + hw/i386/intel_iommu_internal.h | 1 + + 2 files changed, 59 insertions(+), 22 deletions(-) + +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c +index 2f8bcc1557..296a32a927 100644 +--- a/hw/i386/intel_iommu.c ++++ b/hw/i386/intel_iommu.c +@@ -2293,15 +2293,51 @@ static bool vtd_get_inv_desc(IntelIOMMUState *s, + return true; + } + ++static bool vtd_inv_desc_reserved_check(IntelIOMMUState *s, ++ VTDInvDesc *inv_desc, ++ uint64_t mask[4], bool dw, ++ const char *func_name, ++ const char *desc_type) ++{ ++ if (s->iq_dw) { ++ if (inv_desc->val[0] & mask[0] || inv_desc->val[1] & mask[1] || ++ inv_desc->val[2] & mask[2] || inv_desc->val[3] & mask[3]) { ++ error_report("%s: invalid %s desc val[3]: 0x%"PRIx64 ++ " val[2]: 0x%"PRIx64" val[1]=0x%"PRIx64 ++ " val[0]=0x%"PRIx64" (reserved nonzero)", ++ func_name, desc_type, inv_desc->val[3], ++ inv_desc->val[2], inv_desc->val[1], ++ inv_desc->val[0]); ++ return false; ++ } ++ } else { ++ if (dw) { ++ error_report("%s: 256-bit %s desc in 128-bit invalidation queue", ++ func_name, desc_type); ++ return false; ++ } ++ ++ if (inv_desc->lo & mask[0] || inv_desc->hi & mask[1]) { ++ error_report("%s: invalid %s desc: hi=%"PRIx64", lo=%"PRIx64 ++ " (reserved nonzero)", func_name, desc_type, ++ inv_desc->hi, inv_desc->lo); ++ return false; ++ } ++ } ++ ++ return true; ++} ++ + static bool vtd_process_wait_desc(IntelIOMMUState *s, VTDInvDesc *inv_desc) + { +- if ((inv_desc->hi & VTD_INV_DESC_WAIT_RSVD_HI) || +- (inv_desc->lo & VTD_INV_DESC_WAIT_RSVD_LO)) { +- error_report_once("%s: invalid wait desc: hi=%"PRIx64", lo=%"PRIx64 +- " (reserved nonzero)", __func__, inv_desc->hi, +- inv_desc->lo); ++ uint64_t mask[4] = {VTD_INV_DESC_WAIT_RSVD_LO, VTD_INV_DESC_WAIT_RSVD_HI, ++ VTD_INV_DESC_ALL_ONE, VTD_INV_DESC_ALL_ONE}; ++ ++ if (!vtd_inv_desc_reserved_check(s, inv_desc, mask, false, ++ __func__, "wait")) { + return false; + } ++ + if (inv_desc->lo & VTD_INV_DESC_WAIT_SW) { + /* Status Write */ + uint32_t status_data = (uint32_t)(inv_desc->lo >> +@@ -2335,13 +2371,14 @@ static bool vtd_process_context_cache_desc(IntelIOMMUState *s, + VTDInvDesc *inv_desc) + { + uint16_t sid, fmask; ++ uint64_t mask[4] = {VTD_INV_DESC_CC_RSVD, VTD_INV_DESC_ALL_ONE, ++ VTD_INV_DESC_ALL_ONE, VTD_INV_DESC_ALL_ONE}; + +- if ((inv_desc->lo & VTD_INV_DESC_CC_RSVD) || inv_desc->hi) { +- error_report_once("%s: invalid cc inv desc: hi=%"PRIx64", lo=%"PRIx64 +- " (reserved nonzero)", __func__, inv_desc->hi, +- inv_desc->lo); ++ if (!vtd_inv_desc_reserved_check(s, inv_desc, mask, false, ++ __func__, "cc inv")) { + return false; + } ++ + switch (inv_desc->lo & VTD_INV_DESC_CC_G) { + case VTD_INV_DESC_CC_DOMAIN: + trace_vtd_inv_desc_cc_domain( +@@ -2371,12 +2408,11 @@ static bool vtd_process_iotlb_desc(IntelIOMMUState *s, VTDInvDesc *inv_desc) + uint16_t domain_id; + uint8_t am; + hwaddr addr; ++ uint64_t mask[4] = {VTD_INV_DESC_IOTLB_RSVD_LO, VTD_INV_DESC_IOTLB_RSVD_HI, ++ VTD_INV_DESC_ALL_ONE, VTD_INV_DESC_ALL_ONE}; + +- if ((inv_desc->lo & VTD_INV_DESC_IOTLB_RSVD_LO) || +- (inv_desc->hi & VTD_INV_DESC_IOTLB_RSVD_HI)) { +- error_report_once("%s: invalid iotlb inv desc: hi=0x%"PRIx64 +- ", lo=0x%"PRIx64" (reserved bits unzero)", +- __func__, inv_desc->hi, inv_desc->lo); ++ if (!vtd_inv_desc_reserved_check(s, inv_desc, mask, false, ++ __func__, "iotlb inv")) { + return false; + } + +@@ -2439,6 +2475,14 @@ static bool vtd_process_device_iotlb_desc(IntelIOMMUState *s, + uint8_t devfn; + bool size; + uint8_t bus_num; ++ uint64_t mask[4] = {VTD_INV_DESC_DEVICE_IOTLB_RSVD_LO, ++ VTD_INV_DESC_DEVICE_IOTLB_RSVD_HI, ++ VTD_INV_DESC_ALL_ONE, VTD_INV_DESC_ALL_ONE}; ++ ++ if (!vtd_inv_desc_reserved_check(s, inv_desc, mask, false, ++ __func__, "dev-iotlb inv")) { ++ return false; ++ } + + addr = VTD_INV_DESC_DEVICE_IOTLB_ADDR(inv_desc->hi); + sid = VTD_INV_DESC_DEVICE_IOTLB_SID(inv_desc->lo); +@@ -2446,14 +2490,6 @@ static bool vtd_process_device_iotlb_desc(IntelIOMMUState *s, + bus_num = sid >> 8; + size = VTD_INV_DESC_DEVICE_IOTLB_SIZE(inv_desc->hi); + +- if ((inv_desc->lo & VTD_INV_DESC_DEVICE_IOTLB_RSVD_LO) || +- (inv_desc->hi & VTD_INV_DESC_DEVICE_IOTLB_RSVD_HI)) { +- error_report_once("%s: invalid dev-iotlb inv desc: hi=%"PRIx64 +- ", lo=%"PRIx64" (reserved nonzero)", __func__, +- inv_desc->hi, inv_desc->lo); +- return false; +- } +- + vtd_bus = vtd_find_as_from_bus_num(s, bus_num); + if (!vtd_bus) { + goto done; +diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h +index 2b2f0dd848..827b91e2ba 100644 +--- a/hw/i386/intel_iommu_internal.h ++++ b/hw/i386/intel_iommu_internal.h +@@ -340,6 +340,7 @@ union VTDInvDesc { + typedef union VTDInvDesc VTDInvDesc; + + /* Masks for struct VTDInvDesc */ ++#define VTD_INV_DESC_ALL_ONE -1ULL + #define VTD_INV_DESC_TYPE(val) ((((val) >> 5) & 0x70ULL) | \ + ((val) & 0xfULL)) + #define VTD_INV_DESC_CC 0x1 /* Context-cache Invalidate Desc */ +-- +2.41.0.windows.1 + diff --git a/intel_iommu-Fix-invalidation-descriptor-type-field.patch b/intel_iommu-Fix-invalidation-descriptor-type-field.patch new file mode 100644 index 0000000..8557360 --- /dev/null +++ b/intel_iommu-Fix-invalidation-descriptor-type-field.patch @@ -0,0 +1,99 @@ +From 9ce9ecae9d7cf59554908787386901dd82fd7395 Mon Sep 17 00:00:00 2001 +From: guping +Date: Wed, 9 Oct 2024 09:21:03 +0800 +Subject: [PATCH] intel_iommu: Fix invalidation descriptor type field +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry-pick from 663168943d3db6d9b51d3dfa0998848a6e6eda71 + +According to spec, invalidation descriptor type is 7bits which is +concatenation of bits[11:9] and bits[3:0] of invalidation descriptor. + +Currently we only pick bits[3:0] as the invalidation type and treat +bits[11:9] as reserved zero. This is not a problem for now as bits[11:9] +is zero for all current invalidation types. But it will break if newer +type occupies bits[11:9]. + +Fix it by taking bits[11:9] into type and make reserved bits check accurate. + +Suggested-by: default avatarClément +Signed-off-by: default avatarZhenzhong Duan +Reviewed-by: default avatarYi Liu +Reviewed-by: default avatarClément +Message-Id: <20240814071321.2621384-2-zhenzhong.duan@intel.com> +Reviewed-by: MST's avatarMichael S. Tsirkin +Signed-off-by: MST's avatarMichael S. Tsirkin +Signed-off-by: guping +--- + hw/i386/intel_iommu.c | 2 +- + hw/i386/intel_iommu_internal.h | 11 ++++++----- + 2 files changed, 7 insertions(+), 6 deletions(-) + +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c +index 2d5ad84149..2f8bcc1557 100644 +--- a/hw/i386/intel_iommu.c ++++ b/hw/i386/intel_iommu.c +@@ -2502,7 +2502,7 @@ static bool vtd_process_inv_desc(IntelIOMMUState *s) + return false; + } + +- desc_type = inv_desc.lo & VTD_INV_DESC_TYPE; ++ desc_type = VTD_INV_DESC_TYPE(inv_desc.lo); + /* FIXME: should update at first or at last? */ + s->iq_last_desc_type = desc_type; + +diff --git a/hw/i386/intel_iommu_internal.h b/hw/i386/intel_iommu_internal.h +index a6c788049b..2b2f0dd848 100644 +--- a/hw/i386/intel_iommu_internal.h ++++ b/hw/i386/intel_iommu_internal.h +@@ -340,7 +340,8 @@ union VTDInvDesc { + typedef union VTDInvDesc VTDInvDesc; + + /* Masks for struct VTDInvDesc */ +-#define VTD_INV_DESC_TYPE 0xf ++#define VTD_INV_DESC_TYPE(val) ((((val) >> 5) & 0x70ULL) | \ ++ ((val) & 0xfULL)) + #define VTD_INV_DESC_CC 0x1 /* Context-cache Invalidate Desc */ + #define VTD_INV_DESC_IOTLB 0x2 + #define VTD_INV_DESC_DEVICE 0x3 +@@ -356,7 +357,7 @@ typedef union VTDInvDesc VTDInvDesc; + #define VTD_INV_DESC_WAIT_IF (1ULL << 4) + #define VTD_INV_DESC_WAIT_FN (1ULL << 6) + #define VTD_INV_DESC_WAIT_DATA_SHIFT 32 +-#define VTD_INV_DESC_WAIT_RSVD_LO 0Xffffff80ULL ++#define VTD_INV_DESC_WAIT_RSVD_LO 0Xfffff180ULL + #define VTD_INV_DESC_WAIT_RSVD_HI 3ULL + + /* Masks for Context-cache Invalidation Descriptor */ +@@ -367,7 +368,7 @@ typedef union VTDInvDesc VTDInvDesc; + #define VTD_INV_DESC_CC_DID(val) (((val) >> 16) & VTD_DOMAIN_ID_MASK) + #define VTD_INV_DESC_CC_SID(val) (((val) >> 32) & 0xffffUL) + #define VTD_INV_DESC_CC_FM(val) (((val) >> 48) & 3UL) +-#define VTD_INV_DESC_CC_RSVD 0xfffc00000000ffc0ULL ++#define VTD_INV_DESC_CC_RSVD 0xfffc00000000f1c0ULL + + /* Masks for IOTLB Invalidate Descriptor */ + #define VTD_INV_DESC_IOTLB_G (3ULL << 4) +@@ -377,7 +378,7 @@ typedef union VTDInvDesc VTDInvDesc; + #define VTD_INV_DESC_IOTLB_DID(val) (((val) >> 16) & VTD_DOMAIN_ID_MASK) + #define VTD_INV_DESC_IOTLB_ADDR(val) ((val) & ~0xfffULL) + #define VTD_INV_DESC_IOTLB_AM(val) ((val) & 0x3fULL) +-#define VTD_INV_DESC_IOTLB_RSVD_LO 0xffffffff0000ff00ULL ++#define VTD_INV_DESC_IOTLB_RSVD_LO 0xffffffff0000f100ULL + #define VTD_INV_DESC_IOTLB_RSVD_HI 0xf80ULL + + /* Mask for Device IOTLB Invalidate Descriptor */ +@@ -385,7 +386,7 @@ typedef union VTDInvDesc VTDInvDesc; + #define VTD_INV_DESC_DEVICE_IOTLB_SIZE(val) ((val) & 0x1) + #define VTD_INV_DESC_DEVICE_IOTLB_SID(val) (((val) >> 32) & 0xFFFFULL) + #define VTD_INV_DESC_DEVICE_IOTLB_RSVD_HI 0xffeULL +-#define VTD_INV_DESC_DEVICE_IOTLB_RSVD_LO 0xffff0000ffe0fff8 ++#define VTD_INV_DESC_DEVICE_IOTLB_RSVD_LO 0xffff0000ffe0f1f0 + + /* Rsvd field masks for spte */ + #define VTD_SPTE_SNP 0x800ULL +-- +2.41.0.windows.1 + diff --git a/intel_iommu-Send-IQE-event-when-setting-reserved-bit.patch b/intel_iommu-Send-IQE-event-when-setting-reserved-bit.patch new file mode 100644 index 0000000..b049d1f --- /dev/null +++ b/intel_iommu-Send-IQE-event-when-setting-reserved-bit.patch @@ -0,0 +1,39 @@ +From aa81e4e3f5d02bd8e8012df677452c4a8b208ac7 Mon Sep 17 00:00:00 2001 +From: Zhenzhong Duan +Date: Mon, 4 Nov 2024 20:55:34 +0800 +Subject: [PATCH] intel_iommu: Send IQE event when setting reserved bit in + IQT_TAIL + +According to VTD spec, Figure 11-22, Invalidation Queue Tail Register, +"When Descriptor Width (DW) field in Invalidation Queue Address Register +(IQA_REG) is Set (256-bit descriptors), hardware treats bit-4 as reserved +and a value of 1 in the bit will result in invalidation queue error." + +Current code missed to send IQE event to guest, fix it. + +Fixes: c0c1d351849b ("intel_iommu: add 256 bits qi_desc support") +Suggested-by: Yi Liu +Signed-off-by: Zhenzhong Duan +Message-Id: <20241104125536.1236118-2-zhenzhong.duan@intel.com> +Reviewed-by: Michael S. Tsirkin +Signed-off-by: Michael S. Tsirkin +Signed-off-by: Zhongrui Tang +--- + hw/i386/intel_iommu.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c +index 2f8bcc1557..deb853e1ea 100644 +--- a/hw/i386/intel_iommu.c ++++ b/hw/i386/intel_iommu.c +@@ -2605,6 +2605,7 @@ static void vtd_handle_iqt_write(IntelIOMMUState *s) + if (s->iq_dw && (val & VTD_IQT_QT_256_RSV_BIT)) { + error_report_once("%s: RSV bit is set: val=0x%"PRIx64, + __func__, val); ++ vtd_handle_inv_queue_error(s); + return; + } + s->iq_tail = VTD_IQT_QT(s->iq_dw, val); +-- +2.41.0.windows.1 + diff --git a/linux-user-use-max-instead-of-qemu32-qemu64-by-defau.patch b/linux-user-use-max-instead-of-qemu32-qemu64-by-defau.patch new file mode 100644 index 0000000..9b9809f --- /dev/null +++ b/linux-user-use-max-instead-of-qemu32-qemu64-by-defau.patch @@ -0,0 +1,82 @@ +From 9a09bf2b463cb0b98a71e335c6814143b23b3319 Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Tue, 22 Oct 2024 04:52:33 +0800 +Subject: [PATCH] linux-user: use 'max' instead of 'qemu32' / 'qemu64' by + default +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +The 'qemu64' CPU model implements the least featureful x86_64 CPU that's +possible. Historically this hasn't been an issue since it was rare for +OS distros to build with a higher mandatory CPU baseline. + +With RHEL-9, however, the entire distro is built for the x86_64-v2 ABI +baseline: + + https://developers.redhat.com/blog/2021/01/05/building-red-hat-enterprise-linux-9-for-the-x86-64-v2-microarchitecture-level + +It is likely that other distros may take similar steps in the not too +distant future. For example, it has been suggested for Fedora on a +number of occasions. + +This new baseline is not compatible with the qemu64 CPU model though. +While it is possible to pass a '-cpu xxx' flag to qemu-x86_64, the +usage of QEMU doesn't always allow for this. For example, the args +are typically controlled via binfmt rules that the user has no ability +to change. This impacts users who are trying to use podman on aarch64 +platforms, to run containers with x86_64 content. There's no arg to +podman that can be used to change the qemu-x86_64 args, and a non-root +user of podman can not change binfmt rules without elevating privileges: + + https://github.com/containers/podman/issues/15456#issuecomment-1228210973 + +Changing to the 'max' CPU model gives 'qemu-x86_64' maximum +compatibility with binaries it is likely to encounter in the wild, +and not likely to have a significant downside for existing usage. + +Most other architectures already use an 'any' CPU model, which is +often mapped to 'max' (or similar) already, rather than the oldest +possible CPU model. + +For the sake of consistency the 'i386' architecture is also changed +from using 'qemu32' to 'max'. + +Reviewed-by: Richard Henderson +Reviewed-by: Philippe Mathieu-Daudé +Signed-off-by: Daniel P. Berrangé +Message-Id: <20220923110413.70593-1-berrange@redhat.com> +Signed-off-by: Laurent Vivier +Signed-off-by: Liu Jing +--- + linux-user/i386/target_elf.h | 2 +- + linux-user/x86_64/target_elf.h | 2 +- + 2 files changed, 2 insertions(+), 2 deletions(-) + +diff --git a/linux-user/i386/target_elf.h b/linux-user/i386/target_elf.h +index 1c6142e7da..238a9aba73 100644 +--- a/linux-user/i386/target_elf.h ++++ b/linux-user/i386/target_elf.h +@@ -9,6 +9,6 @@ + #define I386_TARGET_ELF_H + static inline const char *cpu_get_model(uint32_t eflags) + { +- return "qemu32"; ++ return "max"; + } + #endif +diff --git a/linux-user/x86_64/target_elf.h b/linux-user/x86_64/target_elf.h +index 7b76a90de8..3f628f8d66 100644 +--- a/linux-user/x86_64/target_elf.h ++++ b/linux-user/x86_64/target_elf.h +@@ -9,6 +9,6 @@ + #define X86_64_TARGET_ELF_H + static inline const char *cpu_get_model(uint32_t eflags) + { +- return "qemu64"; ++ return "max"; + } + #endif +-- +2.41.0.windows.1 + diff --git a/platform-bus-fix-refcount-leak.patch b/platform-bus-fix-refcount-leak.patch new file mode 100644 index 0000000..ecdd2c5 --- /dev/null +++ b/platform-bus-fix-refcount-leak.patch @@ -0,0 +1,42 @@ +From ffb4abbc465b344d9e6195a9aac51e2530b13165 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Thu, 17 Oct 2024 13:14:54 +0800 +Subject: [PATCH] platform-bus: fix refcount leak + +cheery-pick from 99ec7b440a1d6a6ef07450b68687d24d13a25fb5 + +memory_region_find() returns an MR which it is the caller's +responsibility to unref, but platform_bus_map_mmio() was +forgetting to do so, thus leaking the MR. + +Signed-off-by: Gao Shiyuan +Message-id: 20240829131005.9196-1-gaoshiyuan@baidu.com +Reviewed-by: Peter Maydell +[PMM: tweaked commit message] +Signed-off-by: Peter Maydell +Signed-off-by: Zhang Jiao +--- + hw/core/platform-bus.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/hw/core/platform-bus.c b/hw/core/platform-bus.c +index b8487b26b6..dc58bf505a 100644 +--- a/hw/core/platform-bus.c ++++ b/hw/core/platform-bus.c +@@ -145,9 +145,12 @@ static void platform_bus_map_mmio(PlatformBusDevice *pbus, SysBusDevice *sbdev, + * the target device's memory region + */ + for (off = 0; off < pbus->mmio_size; off += alignment) { +- if (!memory_region_find(&pbus->mmio, off, size).mr) { ++ MemoryRegion *mr = memory_region_find(&pbus->mmio, off, size).mr; ++ if (!mr) { + found_region = true; + break; ++ } else { ++ memory_region_unref(mr); + } + } + +-- +2.41.0.windows.1 + diff --git a/qemu.spec b/qemu.spec index d0267e0..f671af5 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 6.2.0 -Release: 102 +Release: 103 Epoch: 10 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -1076,6 +1076,51 @@ Patch1061: target-ppc-Remove-extra-space-from-s128-field-in-ppc.patch Patch1062: minikconf-print-error-entirely-on-stderr.patch Patch1063: hw-mips-Build-fw_cfg.c-once.patch Patch1064: target-ppc-Remove-unused-xer_-macros.patch +Patch1065: configs-Fix-typo-in-the-sh4-softmmu-devices-config-f.patch +Patch1066: intel_iommu-Fix-invalidation-descriptor-type-field.patch +Patch1067: hw-net-e1000e_core-Use-definition-to-avoid-dynamic-s.patch +Patch1068: hw-intc-xics-Avoid-dynamic-stack-allocation.patch +Patch1069: chardev-baum-Replace-magic-values-by-X_MAX-Y_MAX-def.patch +Patch1070: hw-ppc-spapr-Fix-code-style-problems-reported-by-che.patch +Patch1071: hw-i386-multiboot-Avoid-dynamic-stack-allocation.patch +Patch1072: hw-usb-hcd-ohci-Use-definition-to-avoid-dynamic-stac.patch +Patch1073: tests-unit-test-vmstate-Avoid-dynamic-stack-allocati.patch +Patch1074: hcd-ohci-Drop-ohci_service_iso_td-if-ed-head-OHCI_DP.patch +Patch1075: hw-core-ptimer-fix-timer-zero-period-condition-for-f.patch +Patch1076: util-userfaultfd-Remove-unused-uffd_poll_events.patch +Patch1077: tests-avocado-fix-typo-in-replay_linux.patch +Patch1078: hw-net-can-sja1000-fix-bug-for-single-acceptance-fil.patch +Patch1079: hw-net-virtio-net-fix-qemu-set-used-ring-flag-even-v.patch +Patch1080: platform-bus-fix-refcount-leak.patch +Patch1081: edu-fix-DMA-range-upper-bound-check.patch +Patch1082: chardev-char-fix-qemu_chr_is_busy-check.patch +Patch1083: docs-tools-qemu-img.rst-fix-typo-sumarizes.patch +Patch1084: s390-sclp-fix-SCLP-facility-map.patch +Patch1085: ui-vnc-fix-handling-of-VNC_FEATURE_XVP.patch +Patch1086: hw-pci-bridge-Add-a-Kconfig-switch-for-the-normal-PC.patch +Patch1087: acpi-ged-Add-macro-for-acpi-sleep-control-register.patch +Patch1088: acpi-cpuhp-fix-guest-visible-maximum-access-size-to-.patch +Patch1089: intel_iommu-Send-IQE-event-when-setting-reserved-bit.patch +Patch1090: hw-pci-Add-parenthesis-to-PCI_BUILD_BDF-macro.patch +Patch1091: target-ppc-Set-result-to-QNaN-for-DENBCD-when-VXCVI-.patch +Patch1092: target-ppc-Zero-second-doubleword-for-VSX-madd-instr.patch +Patch1093: target-ppc-Set-OV32-when-OV-is-set.patch +Patch1094: target-ppc-Zero-second-doubleword-of-VSR-registers-f.patch +Patch1095: hw-pci-host-pnv_phb-3-4-Fix-heap-out-of-bound-access.patch +Patch1096: block-nvme-nvme_process_completion-fix-bound-for-cid.patch +Patch1097: target-m68k-Implement-atomic-test-and-set.patch +Patch1098: target-m68k-Fix-MACSR-to-CCR.patch +Patch1099: target-m68k-Perform-writback-before-modifying-SR.patch +Patch1100: target-m68k-always-call-gen_exit_tb-after-writes-to-.patch +Patch1101: ui-curses-Avoid-dynamic-stack-allocation.patch +Patch1102: virtiofsd-use-g_date_time_get_microsecond-to-get-sub.patch +Patch1103: s390x-tcg-Fix-opcode-for-lzrf.patch +Patch1104: ui-console-Get-tab-completion-working-again-in-the-S.patch +Patch1105: chardev-baum-Use-definitions-to-avoid-dynamic-stack-.patch +Patch1106: linux-user-use-max-instead-of-qemu32-qemu64-by-defau.patch +Patch1107: intel_iommu-Add-missed-sanity-check-for-256-bit-inva.patch +Patch1108: Introduce-the-SM4-cipher-algorithms-OSCCA-GB-T-32907.patch + BuildRequires: flex BuildRequires: gcc @@ -1674,6 +1719,52 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Sat Nov 30 2024 - 10:6.2.0-103 +- Introduce the SM4 cipher algorithms (OSCCA GB/T 32907-2016). +- intel_iommu: Add missed sanity check for 256-bit invalidation queue +- linux-user: use 'max' instead of 'qemu32' / 'qemu64' by default +- chardev/baum: Use definitions to avoid dynamic stack allocation +- ui/console: Get tab completion working again in the SDL monitor vc +- s390x/tcg: Fix opcode for lzrf +- virtiofsd: use g_date_time_get_microsecond to get subsecond +- ui/curses: Avoid dynamic stack allocation +- target/m68k: always call gen_exit_tb() after writes to SR +- target/m68k: Perform writback before modifying SR +- target/m68k: Fix MACSR to CCR +- target/m68k: Implement atomic test-and-set +- block/nvme: nvme_process_completion() fix bound for cid +- hw/pci-host: pnv_phb{3, 4}: Fix heap out-of-bound access failure +- target/ppc: Zero second doubleword of VSR registers for FPR insns +- target/ppc: Set OV32 when OV is set +- target/ppc: Zero second doubleword for VSX madd instructions +- target/ppc: Set result to QNaN for DENBCD when VXCVI occurs +- hw/pci: Add parenthesis to PCI_BUILD_BDF macro +- intel_iommu: Send IQE event when setting reserved bit in IQT_TAIL +- acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block +- acpi: ged: Add macro for acpi sleep control register +- hw/pci-bridge: Add a Kconfig switch for the normal PCI bridge +- ui/vnc: fix handling of VNC_FEATURE_XVP +- s390/sclp: fix SCLP facility map +- docs/tools/qemu-img.rst: fix typo (sumarizes) +- chardev/char: fix qemu_chr_is_busy() check +- edu: fix DMA range upper bound check +- platform-bus: fix refcount leak +- hw/net/virtio-net: fix qemu set used ring flag even vhost started +- hw/net/can/sja1000: fix bug for single acceptance filter and standard frame +- tests/avocado: fix typo in replay_linux +- util/userfaultfd: Remove unused uffd_poll_events +- hw/core/ptimer: fix timer zero period condition for freq > 1GHz +- hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero +- tests/unit/test-vmstate: Avoid dynamic stack allocation +- hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation +- hw/i386/multiboot: Avoid dynamic stack allocation +- hw/ppc/spapr: Fix code style problems reported by checkpatch +- chardev/baum: Replace magic values by X_MAX / Y_MAX definitions +- hw/intc/xics: Avoid dynamic stack allocation +- hw/net/e1000e_core: Use definition to avoid dynamic stack allocation +- intel_iommu: Fix invalidation descriptor type field +- configs: Fix typo in the sh4-softmmu devices config file + * Sat Nov 30 2024 - 10:6.2.0-102 - target/ppc: Remove unused xer_* macros - hw/mips: Build fw_cfg.c once diff --git a/s390-sclp-fix-SCLP-facility-map.patch b/s390-sclp-fix-SCLP-facility-map.patch new file mode 100644 index 0000000..f54c39b --- /dev/null +++ b/s390-sclp-fix-SCLP-facility-map.patch @@ -0,0 +1,43 @@ +From 0fe9c678645699c5dd27f60d5110d4da43e9db00 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Mon, 21 Oct 2024 14:16:42 +0800 +Subject: [PATCH] s390/sclp: fix SCLP facility map + +cheery-pick from 81f993828bce9a9afd72da17b7672cb8bd121e63 + +Qemu's SCLP implementation incorrectly reports that it supports CPU +reconfiguration. If a guest issues a CPU reconfiguration request it +is rejected as invalid command. + +Fix the SCLP_HAS_CPU_INFO mask, and remove the unused +SCLP_CMDW_CONFIGURE_CPU and SCLP_CMDW_DECONFIGURE_CPU defines. + +Reviewed-by: Eric Farman +Reviewed-by: Halil Pasic +Signed-off-by: Heiko Carstens +Message-ID: <20231024100703.929679-1-hca@linux.ibm.com> +Signed-off-by: Thomas Huth +Signed-off-by: Zhang Jiao +--- + include/hw/s390x/sclp.h | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/include/hw/s390x/sclp.h b/include/hw/s390x/sclp.h +index d3ade40a5a..a170ee5d71 100644 +--- a/include/hw/s390x/sclp.h ++++ b/include/hw/s390x/sclp.h +@@ -38,10 +38,8 @@ + #define MAX_STORAGE_INCREMENTS 1020 + + /* CPU hotplug SCLP codes */ +-#define SCLP_HAS_CPU_INFO 0x0C00000000000000ULL ++#define SCLP_HAS_CPU_INFO 0x0800000000000000ULL + #define SCLP_CMDW_READ_CPU_INFO 0x00010001 +-#define SCLP_CMDW_CONFIGURE_CPU 0x00110001 +-#define SCLP_CMDW_DECONFIGURE_CPU 0x00100001 + + /* SCLP PCI codes */ + #define SCLP_HAS_IOA_RECONFIG 0x0000000040000000ULL +-- +2.41.0.windows.1 + diff --git a/s390x-tcg-Fix-opcode-for-lzrf.patch b/s390x-tcg-Fix-opcode-for-lzrf.patch new file mode 100644 index 0000000..4414f9c --- /dev/null +++ b/s390x-tcg-Fix-opcode-for-lzrf.patch @@ -0,0 +1,37 @@ +From 2a966471139fff8fd01afb1bfa2bfbc9e65ed9ff Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Tue, 22 Oct 2024 04:16:57 +0800 +Subject: [PATCH] s390x/tcg: Fix opcode for lzrf + +Fix the opcode for Load and Zero Rightmost Byte (32). + +Fixes: c2a5c1d718ea ("target/s390x: Implement load-and-zero-rightmost-byte insns") +Reported-by: Nathan Chancellor +Signed-off-by: Christian Borntraeger +Tested-by: Nathan Chancellor +Reviewed-by: Cornelia Huck +Reviewed-by: David Hildenbrand +Cc: qemu-stable@nongnu.org +Message-Id: <20220914105750.767697-1-borntraeger@linux.ibm.com> +Signed-off-by: Thomas Huth +Signed-off-by: Liu Jing +--- + target/s390x/tcg/insn-data.def | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/s390x/tcg/insn-data.def b/target/s390x/tcg/insn-data.def +index 3e5594210c..149f2577be 100644 +--- a/target/s390x/tcg/insn-data.def ++++ b/target/s390x/tcg/insn-data.def +@@ -463,7 +463,7 @@ + C(0xe39f, LAT, RXY_a, LAT, 0, m2_32u, r1, 0, lat, 0) + C(0xe385, LGAT, RXY_a, LAT, 0, a2, r1, 0, lgat, 0) + /* LOAD AND ZERO RIGHTMOST BYTE */ +- C(0xe3eb, LZRF, RXY_a, LZRB, 0, m2_32u, new, r1_32, lzrb, 0) ++ C(0xe33b, LZRF, RXY_a, LZRB, 0, m2_32u, new, r1_32, lzrb, 0) + C(0xe32a, LZRG, RXY_a, LZRB, 0, m2_64, r1, 0, lzrb, 0) + /* LOAD LOGICAL AND ZERO RIGHTMOST BYTE */ + C(0xe33a, LLZRGF, RXY_a, LZRB, 0, m2_32u, r1, 0, lzrb, 0) +-- +2.41.0.windows.1 + diff --git a/target-m68k-Fix-MACSR-to-CCR.patch b/target-m68k-Fix-MACSR-to-CCR.patch new file mode 100644 index 0000000..9887b35 --- /dev/null +++ b/target-m68k-Fix-MACSR-to-CCR.patch @@ -0,0 +1,38 @@ +From 82293e21ded10ebdbd0efae9f9ef090f1fc62705 Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 21 Oct 2024 19:15:42 +0800 +Subject: [PATCH] target/m68k: Fix MACSR to CCR + +First, we were writing to the entire SR register, instead +of only the flags portion. Second, we were not clearing C +as per the documentation (X was cleared via the 0xf mask). + +Signed-off-by: Richard Henderson +Reviewed-by: Laurent Vivier +Message-Id: <20220913142818.7802-2-richard.henderson@linaro.org> +Signed-off-by: Laurent Vivier +Signed-off-by: Liu Jing +--- + target/m68k/translate.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/target/m68k/translate.c b/target/m68k/translate.c +index af43c8eab8..657f663fbe 100644 +--- a/target/m68k/translate.c ++++ b/target/m68k/translate.c +@@ -5809,8 +5809,10 @@ DISAS_INSN(from_mext) + DISAS_INSN(macsr_to_ccr) + { + TCGv tmp = tcg_temp_new(); +- tcg_gen_andi_i32(tmp, QREG_MACSR, 0xf); +- gen_helper_set_sr(cpu_env, tmp); ++ ++ /* Note that X and C are always cleared. */ ++ tcg_gen_andi_i32(tmp, QREG_MACSR, CCF_N | CCF_Z | CCF_V); ++ gen_helper_set_ccr(cpu_env, tmp); + tcg_temp_free(tmp); + set_cc_op(s, CC_OP_FLAGS); + } +-- +2.41.0.windows.1 + diff --git a/target-m68k-Implement-atomic-test-and-set.patch b/target-m68k-Implement-atomic-test-and-set.patch new file mode 100644 index 0000000..2a349de --- /dev/null +++ b/target-m68k-Implement-atomic-test-and-set.patch @@ -0,0 +1,74 @@ +From ea7c41f4146774298ed8210e2cc3e28f7d610675 Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 21 Oct 2024 19:03:19 +0800 +Subject: [PATCH] target/m68k: Implement atomic test-and-set + +This is slightly more complicated than cas, +because tas is allowed on data registers. + +Signed-off-by: Richard Henderson +Reviewed-by: Laurent Vivier +Message-Id: <20220829051746.227094-1-richard.henderson@linaro.org> +Signed-off-by: Laurent Vivier +Signed-off-by: Liu Jing +--- + target/m68k/translate.c | 40 ++++++++++++++++++++++++++++++---------- + 1 file changed, 30 insertions(+), 10 deletions(-) + +diff --git a/target/m68k/translate.c b/target/m68k/translate.c +index af43c8eab8..3a7c4c5231 100644 +--- a/target/m68k/translate.c ++++ b/target/m68k/translate.c +@@ -2809,19 +2809,39 @@ DISAS_INSN(illegal) + gen_exception(s, s->base.pc_next, EXCP_ILLEGAL); + } + +-/* ??? This should be atomic. */ + DISAS_INSN(tas) + { +- TCGv dest; +- TCGv src1; +- TCGv addr; ++ int mode = extract32(insn, 3, 3); ++ int reg0 = REG(insn, 0); + +- dest = tcg_temp_new(); +- SRC_EA(env, src1, OS_BYTE, 1, &addr); +- gen_logic_cc(s, src1, OS_BYTE); +- tcg_gen_ori_i32(dest, src1, 0x80); +- DEST_EA(env, insn, OS_BYTE, dest, &addr); +- tcg_temp_free(dest); ++ if (mode == 0) { ++ /* data register direct */ ++ TCGv dest = cpu_dregs[reg0]; ++ gen_logic_cc(s, dest, OS_BYTE); ++ tcg_gen_ori_tl(dest, dest, 0x80); ++ } else { ++ TCGv src1, addr; ++ ++ addr = gen_lea_mode(env, s, mode, reg0, OS_BYTE); ++ if (IS_NULL_QREG(addr)) { ++ gen_addr_fault(s); ++ return; ++ } ++ src1 = tcg_temp_new(); ++ tcg_gen_atomic_fetch_or_tl(src1, addr, tcg_constant_tl(0x80), ++ IS_USER(s), MO_SB); ++ gen_logic_cc(s, src1, OS_BYTE); ++ tcg_temp_free(src1); ++ ++ switch (mode) { ++ case 3: /* Indirect postincrement. */ ++ tcg_gen_addi_i32(AREG(insn, 0), addr, 1); ++ break; ++ case 4: /* Indirect predecrememnt. */ ++ tcg_gen_mov_i32(AREG(insn, 0), addr); ++ break; ++ } ++ } + } + + DISAS_INSN(mull) +-- +2.41.0.windows.1 + diff --git a/target-m68k-Perform-writback-before-modifying-SR.patch b/target-m68k-Perform-writback-before-modifying-SR.patch new file mode 100644 index 0000000..6b710d2 --- /dev/null +++ b/target-m68k-Perform-writback-before-modifying-SR.patch @@ -0,0 +1,49 @@ +From 364efd620bb9b6003a2b65fe7ea56b640a209be4 Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 21 Oct 2024 19:22:03 +0800 +Subject: [PATCH] target/m68k: Perform writback before modifying SR + +Writes to SR may change security state, which may involve +a swap of %ssp with %usp as reflected in %a7. Finish the +writeback of %sp@+ before swapping stack pointers. + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1206 +Signed-off-by: Richard Henderson +Reviewed-by: Laurent Vivier +Reviewed-by: Mark Cave-Ayland +Message-Id: <20220913142818.7802-3-richard.henderson@linaro.org> +Signed-off-by: Laurent Vivier +Signed-off-by: Liu Jing +--- + target/m68k/translate.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/target/m68k/translate.c b/target/m68k/translate.c +index af43c8eab8..6cc4321921 100644 +--- a/target/m68k/translate.c ++++ b/target/m68k/translate.c +@@ -2269,9 +2269,9 @@ static void gen_set_sr_im(DisasContext *s, uint16_t val, int ccr_only) + tcg_gen_movi_i32(QREG_CC_N, val & CCF_N ? -1 : 0); + tcg_gen_movi_i32(QREG_CC_X, val & CCF_X ? 1 : 0); + } else { +- TCGv sr = tcg_const_i32(val); +- gen_helper_set_sr(cpu_env, sr); +- tcg_temp_free(sr); ++ /* Must writeback before changing security state. */ ++ do_writebacks(s); ++ gen_helper_set_sr(cpu_env, tcg_constant_i32(val)); + } + set_cc_op(s, CC_OP_FLAGS); + } +@@ -2281,6 +2281,8 @@ static void gen_set_sr(DisasContext *s, TCGv val, int ccr_only) + if (ccr_only) { + gen_helper_set_ccr(cpu_env, val); + } else { ++ /* Must writeback before changing security state. */ ++ do_writebacks(s); + gen_helper_set_sr(cpu_env, val); + } + set_cc_op(s, CC_OP_FLAGS); +-- +2.41.0.windows.1 + diff --git a/target-m68k-always-call-gen_exit_tb-after-writes-to-.patch b/target-m68k-always-call-gen_exit_tb-after-writes-to-.patch new file mode 100644 index 0000000..1937d51 --- /dev/null +++ b/target-m68k-always-call-gen_exit_tb-after-writes-to-.patch @@ -0,0 +1,61 @@ +From 0338db7f0f42f68b709ad6bbd79e471292b32baf Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 21 Oct 2024 19:32:15 +0800 +Subject: [PATCH] target/m68k: always call gen_exit_tb() after writes to SR +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Any write to SR can change the security state so always call gen_exit_tb() when +this occurs. In particular MacOS makes use of andiw/oriw in a few places to +handle the switch between user and supervisor mode. + +Signed-off-by: Mark Cave-Ayland +Reviewed-by: Richard Henderson +Reviewed-by: Philippe Mathieu-Daudé +Message-Id: <20220917112515.83905-5-mark.cave-ayland@ilande.co.uk> +Signed-off-by: Laurent Vivier +Signed-off-by: Liu Jing +--- + target/m68k/translate.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/target/m68k/translate.c b/target/m68k/translate.c +index 6cc4321921..9e465272ea 100644 +--- a/target/m68k/translate.c ++++ b/target/m68k/translate.c +@@ -2359,6 +2359,7 @@ DISAS_INSN(arith_im) + tcg_gen_or_i32(dest, src1, im); + if (with_SR) { + gen_set_sr(s, dest, opsize == OS_BYTE); ++ gen_exit_tb(s); + } else { + DEST_EA(env, insn, opsize, dest, &addr); + gen_logic_cc(s, dest, opsize); +@@ -2368,6 +2369,7 @@ DISAS_INSN(arith_im) + tcg_gen_and_i32(dest, src1, im); + if (with_SR) { + gen_set_sr(s, dest, opsize == OS_BYTE); ++ gen_exit_tb(s); + } else { + DEST_EA(env, insn, opsize, dest, &addr); + gen_logic_cc(s, dest, opsize); +@@ -2391,6 +2393,7 @@ DISAS_INSN(arith_im) + tcg_gen_xor_i32(dest, src1, im); + if (with_SR) { + gen_set_sr(s, dest, opsize == OS_BYTE); ++ gen_exit_tb(s); + } else { + DEST_EA(env, insn, opsize, dest, &addr); + gen_logic_cc(s, dest, opsize); +@@ -4594,6 +4597,7 @@ DISAS_INSN(strldsr) + } + gen_push(s, gen_get_sr(s)); + gen_set_sr_im(s, ext, 0); ++ gen_exit_tb(s); + } + + DISAS_INSN(move_from_sr) +-- +2.41.0.windows.1 + diff --git a/target-ppc-Set-OV32-when-OV-is-set.patch b/target-ppc-Set-OV32-when-OV-is-set.patch new file mode 100644 index 0000000..ef93248 --- /dev/null +++ b/target-ppc-Set-OV32-when-OV-is-set.patch @@ -0,0 +1,43 @@ +From 6381854884f45d24fb67dca13519935e30642f48 Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 14 Oct 2024 16:07:54 +0800 +Subject: [PATCH] target/ppc: Set OV32 when OV is set +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +According to PowerISA: "OV32 is set whenever OV is implicitly set, and +is set to the same value that OV is defined to be set to in 32-bit +mode". + +This patch changes helper_update_ov_legacy to set/clear ov32 when +applicable. + +Signed-off-by: Víctor Colombo +Reviewed-by: Daniel Henrique Barboza +Message-Id: <20220906125523.38765-7-victor.colombo@eldorado.org.br> +Signed-off-by: Daniel Henrique Barboza +Signed-off-by: Liu Jing +--- + target/ppc/int_helper.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/target/ppc/int_helper.c b/target/ppc/int_helper.c +index 9bc327bcba..b577b43f4c 100644 +--- a/target/ppc/int_helper.c ++++ b/target/ppc/int_helper.c +@@ -36,9 +36,9 @@ + static inline void helper_update_ov_legacy(CPUPPCState *env, int ov) + { + if (unlikely(ov)) { +- env->so = env->ov = 1; ++ env->so = env->ov = env->ov32 = 1; + } else { +- env->ov = 0; ++ env->ov = env->ov32 = 0; + } + } + +-- +2.41.0.windows.1 + diff --git a/target-ppc-Set-result-to-QNaN-for-DENBCD-when-VXCVI-.patch b/target-ppc-Set-result-to-QNaN-for-DENBCD-when-VXCVI-.patch new file mode 100644 index 0000000..d6f3d65 --- /dev/null +++ b/target-ppc-Set-result-to-QNaN-for-DENBCD-when-VXCVI-.patch @@ -0,0 +1,84 @@ +From 05cee5f46432c4eb9774b53d014c5799bd924b8d Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 14 Oct 2024 15:54:33 +0800 +Subject: [PATCH] target/ppc: Set result to QNaN for DENBCD when VXCVI occurs +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +According to the ISA, for instruction DENBCD: +"If an invalid BCD digit or sign code is detected in the source +operand, an invalid-operation exception (VXCVI) occurs." + +In the Invalid Operation Exception section, there is the situation: +"When Invalid Operation Exception is disabled (VE=0) and Invalid +Operation occurs (...) If the operation is an (...) or format the +target FPR is set to a Quiet NaN". This was not being done in +QEMU. + +This patch sets the result to QNaN when the instruction DENBCD causes +an Invalid Operation Exception. + +Signed-off-by: Víctor Colombo +Reviewed-by: Daniel Henrique Barboza +Message-Id: <20220906125523.38765-5-victor.colombo@eldorado.org.br> +Signed-off-by: Daniel Henrique Barboza +Signed-off-by: Liu Jing +--- + target/ppc/dfp_helper.c | 26 ++++++++++++++++++++++++-- + 1 file changed, 24 insertions(+), 2 deletions(-) + +diff --git a/target/ppc/dfp_helper.c b/target/ppc/dfp_helper.c +index 0d01ac3de0..0398b3a50e 100644 +--- a/target/ppc/dfp_helper.c ++++ b/target/ppc/dfp_helper.c +@@ -1144,6 +1144,26 @@ static inline uint8_t dfp_get_bcd_digit_128(ppc_vsr_t *t, unsigned n) + return t->VsrD((n & 0x10) ? 0 : 1) >> ((n << 2) & 63) & 15; + } + ++static inline void dfp_invalid_op_vxcvi_64(struct PPC_DFP *dfp) ++{ ++ /* TODO: fpscr is incorrectly not being saved to env */ ++ dfp_set_FPSCR_flag(dfp, FP_VX | FP_VXCVI, FPSCR_VE); ++ if ((dfp->env->fpscr & FP_VE) == 0) { ++ dfp->vt.VsrD(1) = 0x7c00000000000000; /* QNaN */ ++ } ++} ++ ++ ++static inline void dfp_invalid_op_vxcvi_128(struct PPC_DFP *dfp) ++{ ++ /* TODO: fpscr is incorrectly not being saved to env */ ++ dfp_set_FPSCR_flag(dfp, FP_VX | FP_VXCVI, FPSCR_VE); ++ if ((dfp->env->fpscr & FP_VE) == 0) { ++ dfp->vt.VsrD(0) = 0x7c00000000000000; /* QNaN */ ++ dfp->vt.VsrD(1) = 0x0; ++ } ++} ++ + #define DFP_HELPER_ENBCD(op, size) \ + void helper_##op(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *b, \ + uint32_t s) \ +@@ -1170,7 +1190,8 @@ void helper_##op(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *b, \ + sgn = 0; \ + break; \ + default: \ +- dfp_set_FPSCR_flag(&dfp, FP_VX | FP_VXCVI, FPSCR_VE); \ ++ dfp_invalid_op_vxcvi_##size(&dfp); \ ++ set_dfp##size(t, &dfp.vt); \ + return; \ + } \ + } \ +@@ -1180,7 +1201,8 @@ void helper_##op(CPUPPCState *env, ppc_fprp_t *t, ppc_fprp_t *b, \ + digits[(size) / 4 - n] = dfp_get_bcd_digit_##size(&dfp.vb, \ + offset++); \ + if (digits[(size) / 4 - n] > 10) { \ +- dfp_set_FPSCR_flag(&dfp, FP_VX | FP_VXCVI, FPSCR_VE); \ ++ dfp_invalid_op_vxcvi_##size(&dfp); \ ++ set_dfp##size(t, &dfp.vt); \ + return; \ + } else { \ + nonzero |= (digits[(size) / 4 - n] > 0); \ +-- +2.41.0.windows.1 + diff --git a/target-ppc-Zero-second-doubleword-for-VSX-madd-instr.patch b/target-ppc-Zero-second-doubleword-for-VSX-madd-instr.patch new file mode 100644 index 0000000..76c3b74 --- /dev/null +++ b/target-ppc-Zero-second-doubleword-for-VSX-madd-instr.patch @@ -0,0 +1,41 @@ +From 8a7cee2fcf1520efea6103ab67e34b5fdc4a44fa Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 14 Oct 2024 16:01:16 +0800 +Subject: [PATCH] target/ppc: Zero second doubleword for VSX madd instructions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In 205eb5a89e we updated most VSX instructions to zero the +second doubleword, as is requested by PowerISA since v3.1. +However, VSX_MADD helper was left behind unchanged, while it +is also affected and should be fixed as well. + +This patch applies the fix for MADD instructions. + +Fixes: 205eb5a89e ("target/ppc: Change VSX instructions behavior to fill with zeros") +Signed-off-by: Víctor Colombo +Reviewed-by: Daniel Henrique Barboza +Message-Id: <20220906125523.38765-6-victor.colombo@eldorado.org.br> +Signed-off-by: Daniel Henrique Barboza +Signed-off-by: Liu Jing +--- + target/ppc/fpu_helper.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/ppc/fpu_helper.c b/target/ppc/fpu_helper.c +index c4896cecc8..4e34cc2a3f 100644 +--- a/target/ppc/fpu_helper.c ++++ b/target/ppc/fpu_helper.c +@@ -2086,7 +2086,7 @@ VSX_TSQRT(xvtsqrtsp, 4, float32, VsrW(i), -126, 23) + void helper_##op(CPUPPCState *env, ppc_vsr_t *xt, \ + ppc_vsr_t *xa, ppc_vsr_t *b, ppc_vsr_t *c) \ + { \ +- ppc_vsr_t t = *xt; \ ++ ppc_vsr_t t = { }; \ + int i; \ + \ + helper_reset_fpstatus(env); \ +-- +2.41.0.windows.1 + diff --git a/target-ppc-Zero-second-doubleword-of-VSR-registers-f.patch b/target-ppc-Zero-second-doubleword-of-VSR-registers-f.patch new file mode 100644 index 0000000..073cc88 --- /dev/null +++ b/target-ppc-Zero-second-doubleword-of-VSR-registers-f.patch @@ -0,0 +1,47 @@ +From bdaf1aecc24fcb74424b00f2fcfe28992aa2e30a Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Mon, 14 Oct 2024 16:14:28 +0800 +Subject: [PATCH] target/ppc: Zero second doubleword of VSR registers for FPR + insns +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +FPR register are mapped to the first doubleword of the VSR registers. +Since PowerISA v3.1, the second doubleword of the target register +must be zeroed for FP instructions. + +This patch does it by writting 0 to the second dw everytime the +first dw is being written using set_fpr. + +Signed-off-by: Víctor Colombo +Reviewed-by: Daniel Henrique Barboza +Message-Id: <20220906125523.38765-8-victor.colombo@eldorado.org.br> +Signed-off-by: Daniel Henrique Barboza +Signed-off-by: Liu Jing +--- + target/ppc/translate.c | 8 ++++++++ + 1 file changed, 8 insertions(+) + +diff --git a/target/ppc/translate.c b/target/ppc/translate.c +index 9960df6e18..153552ab50 100644 +--- a/target/ppc/translate.c ++++ b/target/ppc/translate.c +@@ -7290,6 +7290,14 @@ static inline void get_fpr(TCGv_i64 dst, int regno) + static inline void set_fpr(int regno, TCGv_i64 src) + { + tcg_gen_st_i64(src, cpu_env, fpr_offset(regno)); ++ /* ++ * Before PowerISA v3.1 the result of doubleword 1 of the VSR ++ * corresponding to the target FPR was undefined. However, ++ * most (if not all) real hardware were setting the result to 0. ++ * Starting at ISA v3.1, the result for doubleword 1 is now defined ++ * to be 0. ++ */ ++ tcg_gen_st_i64(tcg_constant_i64(0), cpu_env, vsr64_offset(regno, false)); + } + + static inline void get_avr64(TCGv_i64 dst, int regno, bool high) +-- +2.41.0.windows.1 + diff --git a/tests-avocado-fix-typo-in-replay_linux.patch b/tests-avocado-fix-typo-in-replay_linux.patch new file mode 100644 index 0000000..6406cf4 --- /dev/null +++ b/tests-avocado-fix-typo-in-replay_linux.patch @@ -0,0 +1,36 @@ +From 91aff32c821c74267c78462fdf36bce6017a3947 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Thu, 17 Oct 2024 10:40:12 +0800 +Subject: [PATCH] tests/avocado: fix typo in replay_linux +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cheery-pick from 2d8508bbab39bf342fe80e73c0b528eb3960fa37 + +Reviewed-by: Pavel Dovgalyuk +Reviewed-by: Philippe Mathieu-Daudé +Reviewed-by: Richard Henderson +Signed-off-by: Alex Bennée +Message-Id: <20231211091346.14616-3-alex.bennee@linaro.org> +Signed-off-by: Zhang Jiao +--- + tests/avocado/replay_linux.py | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/tests/avocado/replay_linux.py b/tests/avocado/replay_linux.py +index 897d5bad19..e2ee35a7f3 100644 +--- a/tests/avocado/replay_linux.py ++++ b/tests/avocado/replay_linux.py +@@ -83,7 +83,7 @@ def launch_and_wait(self, record, args, shift): + else: + vm.event_wait('SHUTDOWN', self.timeout) + vm.wait() +- logger.info('successfully fihished the replay') ++ logger.info('successfully finished the replay') + elapsed = time.time() - start_time + logger.info('elapsed time %.2f sec' % elapsed) + return elapsed +-- +2.41.0.windows.1 + diff --git a/tests-unit-test-vmstate-Avoid-dynamic-stack-allocati.patch b/tests-unit-test-vmstate-Avoid-dynamic-stack-allocati.patch new file mode 100644 index 0000000..bd9d3a1 --- /dev/null +++ b/tests-unit-test-vmstate-Avoid-dynamic-stack-allocati.patch @@ -0,0 +1,53 @@ +From 8c7bdb086c3417e73bcda56a317ca2586ccd2116 Mon Sep 17 00:00:00 2001 +From: tangbinzy +Date: Sat, 12 Oct 2024 09:38:31 +0000 +Subject: [PATCH] tests/unit/test-vmstate: Avoid dynamic stack allocation + mainline inclusion commit 972d325a8dc855aa3817d0df9e09fd556a0449f7 category: + bugfix +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +--------------------------------------------------------------- + +Use autofree heap allocation instead of variable-length +array on the stack. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Richard Henderson +Signed-off-by: Peter Maydell +Message-id: 20220819153931.3147384-12-peter.maydell@linaro.org + +Signed-off-by: tangbinzy +--- + tests/unit/test-vmstate.c | 7 +++---- + 1 file changed, 3 insertions(+), 4 deletions(-) + +diff --git a/tests/unit/test-vmstate.c b/tests/unit/test-vmstate.c +index ac47f0a44b..91879ad2d4 100644 +--- a/tests/unit/test-vmstate.c ++++ b/tests/unit/test-vmstate.c +@@ -88,17 +88,16 @@ static void save_buffer(const uint8_t *buf, size_t buf_size) + static void compare_vmstate(const uint8_t *wire, size_t size) + { + QEMUFile *f = open_test_file(false); +- uint8_t result[size]; ++ g_autofree uint8_t *result = g_malloc(size); + + /* read back as binary */ + +- g_assert_cmpint(qemu_get_buffer(f, result, sizeof(result)), ==, +- sizeof(result)); ++ g_assert_cmpint(qemu_get_buffer(f, result, size), ==, size); + g_assert(!qemu_file_get_error(f)); + + /* Compare that what is on the file is the same that what we + expected to be there */ +- SUCCESS(memcmp(result, wire, sizeof(result))); ++ SUCCESS(memcmp(result, wire, size)); + + /* Must reach EOF */ + qemu_get_byte(f); +-- +2.41.0.windows.1 + diff --git a/ui-console-Get-tab-completion-working-again-in-the-S.patch b/ui-console-Get-tab-completion-working-again-in-the-S.patch new file mode 100644 index 0000000..a15d426 --- /dev/null +++ b/ui-console-Get-tab-completion-working-again-in-the-S.patch @@ -0,0 +1,47 @@ +From b3703fa43dff0c9059bef2c0c2ce1f1b09b12ca7 Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Tue, 22 Oct 2024 04:26:00 +0800 +Subject: [PATCH] ui/console: Get tab completion working again in the SDL + monitor vc + +Define a QEMU special key constant for the tab key and add an entry for +it in the qcode_to_keysym table. This allows tab completion to work again +in the SDL monitor virtual console, which has been broken ever since the +migration from SDL1 to SDL2. + +Signed-off-by: Cal Peake +Message-Id: <7054816e-99c-7e2-6737-7cf98cc56e2@absolutedigital.net> +Signed-off-by: Gerd Hoffmann +Signed-off-by: Liu Jing +--- + include/ui/console.h | 1 + + ui/console.c | 1 + + 2 files changed, 2 insertions(+) + +diff --git a/include/ui/console.h b/include/ui/console.h +index 6d678924f6..407efaf5e3 100644 +--- a/include/ui/console.h ++++ b/include/ui/console.h +@@ -70,6 +70,7 @@ void hmp_mouse_set(Monitor *mon, const QDict *qdict); + /* keysym is a unicode code except for special keys (see QEMU_KEY_xxx + constants) */ + #define QEMU_KEY_ESC1(c) ((c) | 0xe100) ++#define QEMU_KEY_TAB 0x0009 + #define QEMU_KEY_BACKSPACE 0x007f + #define QEMU_KEY_UP QEMU_KEY_ESC1('A') + #define QEMU_KEY_DOWN QEMU_KEY_ESC1('B') +diff --git a/ui/console.c b/ui/console.c +index d22c3def20..28770bacd1 100644 +--- a/ui/console.c ++++ b/ui/console.c +@@ -1187,6 +1187,7 @@ static const int qcode_to_keysym[Q_KEY_CODE__MAX] = { + [Q_KEY_CODE_PGUP] = QEMU_KEY_PAGEUP, + [Q_KEY_CODE_PGDN] = QEMU_KEY_PAGEDOWN, + [Q_KEY_CODE_DELETE] = QEMU_KEY_DELETE, ++ [Q_KEY_CODE_TAB] = QEMU_KEY_TAB, + [Q_KEY_CODE_BACKSPACE] = QEMU_KEY_BACKSPACE, + }; + +-- +2.41.0.windows.1 + diff --git a/ui-curses-Avoid-dynamic-stack-allocation.patch b/ui-curses-Avoid-dynamic-stack-allocation.patch new file mode 100644 index 0000000..6920e75 --- /dev/null +++ b/ui-curses-Avoid-dynamic-stack-allocation.patch @@ -0,0 +1,36 @@ +From 6c3d7f8453cf7f18eed0c605ba2a7911caf9714b Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Tue, 22 Oct 2024 03:47:05 +0800 +Subject: [PATCH] ui/curses: Avoid dynamic stack allocation +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Use autofree heap allocation instead of variable-length +array on the stack. + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Richard Henderson +Signed-off-by: Peter Maydell +Message-id: 20220819153931.3147384-11-peter.maydell@linaro.org +Signed-off-by: Liu Jing +--- + ui/curses.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/ui/curses.c b/ui/curses.c +index 861d63244c..de962faa7c 100644 +--- a/ui/curses.c ++++ b/ui/curses.c +@@ -69,7 +69,7 @@ static void curses_update(DisplayChangeListener *dcl, + int x, int y, int w, int h) + { + console_ch_t *line; +- cchar_t curses_line[width]; ++ g_autofree cchar_t *curses_line = g_new(cchar_t, width); + wchar_t wch[CCHARW_MAX]; + attr_t attrs; + short colors; +-- +2.41.0.windows.1 + diff --git a/ui-vnc-fix-handling-of-VNC_FEATURE_XVP.patch b/ui-vnc-fix-handling-of-VNC_FEATURE_XVP.patch new file mode 100644 index 0000000..75754a0 --- /dev/null +++ b/ui-vnc-fix-handling-of-VNC_FEATURE_XVP.patch @@ -0,0 +1,42 @@ +From e6a8d11ec3fed5127626b0ed41546373ca84bf16 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Wed, 23 Oct 2024 09:36:06 +0800 +Subject: [PATCH] ui/vnc: fix handling of VNC_FEATURE_XVP + +cheery-pick from 477b301000d665313217f65e3a368d2cb7769c42 + +VNC_FEATURE_XVP was not shifted left before adding it to vs->features, +so it was never enabled; but it was also checked the wrong way with +a logical AND instead of vnc_has_feature. Fix both places. + +Signed-off-by: Paolo Bonzini +Signed-off-by: Zhang Jiao +--- + ui/vnc.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/ui/vnc.c b/ui/vnc.c +index 667db3b990..c72de81053 100644 +--- a/ui/vnc.c ++++ b/ui/vnc.c +@@ -2221,7 +2221,7 @@ static void set_encodings(VncState *vs, int32_t *encodings, size_t n_encodings) + break; + case VNC_ENCODING_XVP: + if (vs->vd->power_control) { +- vs->features |= VNC_FEATURE_XVP; ++ vs->features |= VNC_FEATURE_XVP_MASK; + send_xvp_message(vs, VNC_XVP_CODE_INIT); + } + break; +@@ -2475,7 +2475,7 @@ static int protocol_client_msg(VncState *vs, uint8_t *data, size_t len) + vnc_client_cut_text(vs, read_u32(data, 4), data + 8); + break; + case VNC_MSG_CLIENT_XVP: +- if (!(vs->features & VNC_FEATURE_XVP)) { ++ if (!vnc_has_feature(vs, VNC_FEATURE_XVP)) { + error_report("vnc: xvp client message while disabled"); + vnc_client_error(vs); + break; +-- +2.41.0.windows.1 + diff --git a/util-userfaultfd-Remove-unused-uffd_poll_events.patch b/util-userfaultfd-Remove-unused-uffd_poll_events.patch new file mode 100644 index 0000000..2747e52 --- /dev/null +++ b/util-userfaultfd-Remove-unused-uffd_poll_events.patch @@ -0,0 +1,70 @@ +From 9c262dccf8329c646f09ea53b6423a641abf7e80 Mon Sep 17 00:00:00 2001 +From: Zhang Jiao +Date: Thu, 17 Oct 2024 09:36:03 +0800 +Subject: [PATCH] util/userfaultfd: Remove unused uffd_poll_events + +chery-pick from ccf6b78275816c9dec84d3a40e9aa3b6ba6ebc06 + +uffd_poll_events has been unused since it was added; it's also +just a wrapper around a plain old poll call, so doesn't add anything. + +Signed-off-by: Dr. David Alan Gilbert +Reviewed-by: Peter Xu +Link: https://lore.kernel.org/r/20240919134626.166183-8-dave@treblig.org +Signed-off-by: Peter Xu +Signed-off-by: Zhang Jiao +--- + include/qemu/userfaultfd.h | 1 - + util/userfaultfd.c | 28 ---------------------------- + 2 files changed, 29 deletions(-) + +diff --git a/include/qemu/userfaultfd.h b/include/qemu/userfaultfd.h +index 6b74f92792..99831c052d 100644 +--- a/include/qemu/userfaultfd.h ++++ b/include/qemu/userfaultfd.h +@@ -30,6 +30,5 @@ int uffd_copy_page(int uffd_fd, void *dst_addr, void *src_addr, + int uffd_zero_page(int uffd_fd, void *addr, uint64_t length, bool dont_wake); + int uffd_wakeup(int uffd_fd, void *addr, uint64_t length); + int uffd_read_events(int uffd_fd, struct uffd_msg *msgs, int count); +-bool uffd_poll_events(int uffd_fd, int tmo); + + #endif /* USERFAULTFD_H */ +diff --git a/util/userfaultfd.c b/util/userfaultfd.c +index f1cd6af2b1..50d9246287 100644 +--- a/util/userfaultfd.c ++++ b/util/userfaultfd.c +@@ -315,31 +315,3 @@ int uffd_read_events(int uffd_fd, struct uffd_msg *msgs, int count) + + return (int) (res / sizeof(struct uffd_msg)); + } +- +-/** +- * uffd_poll_events: poll UFFD file descriptor for read +- * +- * Returns true if events are available for read, false otherwise +- * +- * @uffd_fd: UFFD file descriptor +- * @tmo: timeout value +- */ +-bool uffd_poll_events(int uffd_fd, int tmo) +-{ +- int res; +- struct pollfd poll_fd = { .fd = uffd_fd, .events = POLLIN, .revents = 0 }; +- +- do { +- res = poll(&poll_fd, 1, tmo); +- } while (res < 0 && errno == EINTR); +- +- if (res == 0) { +- return false; +- } +- if (res < 0) { +- error_report("uffd_poll_events() failed: errno=%i", errno); +- return false; +- } +- +- return (poll_fd.revents & POLLIN) != 0; +-} +-- +2.41.0.windows.1 + diff --git a/virtiofsd-use-g_date_time_get_microsecond-to-get-sub.patch b/virtiofsd-use-g_date_time_get_microsecond-to-get-sub.patch new file mode 100644 index 0000000..b68d452 --- /dev/null +++ b/virtiofsd-use-g_date_time_get_microsecond-to-get-sub.patch @@ -0,0 +1,53 @@ +From f6952f558b09aeafc6fd51e6b319f0e69c83981f Mon Sep 17 00:00:00 2001 +From: Liu Jing +Date: Tue, 22 Oct 2024 04:06:30 +0800 +Subject: [PATCH] virtiofsd: use g_date_time_get_microsecond to get subsecond + +The "%f" specifier in g_date_time_format() is only available in glib +2.65.2 or later. If combined with older glib, the function returns null +and the timestamp displayed as "(null)". + +For backward compatibility, g_date_time_get_microsecond should be used +to retrieve subsecond. + +In this patch the g_date_time_format() leaves subsecond field as "%06d" +and let next snprintf to format with g_date_time_get_microsecond. + +Signed-off-by: Yusuke Okada +Reviewed-by: Dr. David Alan Gilbert +Message-id: 20220818184618.2205172-1-yokada.996@gmail.com +Signed-off-by: Stefan Hajnoczi +Signed-off-by: Liu Jing +--- + tools/virtiofsd/passthrough_ll.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/tools/virtiofsd/passthrough_ll.c b/tools/virtiofsd/passthrough_ll.c +index b3d0674f6d..523d8fbe1e 100644 +--- a/tools/virtiofsd/passthrough_ll.c ++++ b/tools/virtiofsd/passthrough_ll.c +@@ -3791,6 +3791,7 @@ static void setup_nofile_rlimit(unsigned long rlimit_nofile) + static void log_func(enum fuse_log_level level, const char *fmt, va_list ap) + { + g_autofree char *localfmt = NULL; ++ char buf[64]; + + if (current_log_level < level) { + return; +@@ -3803,9 +3804,11 @@ static void log_func(enum fuse_log_level level, const char *fmt, va_list ap) + fmt); + } else { + g_autoptr(GDateTime) now = g_date_time_new_now_utc(); +- g_autofree char *nowstr = g_date_time_format(now, "%Y-%m-%d %H:%M:%S.%f%z"); ++ g_autofree char *nowstr = g_date_time_format(now, ++ "%Y-%m-%d %H:%M:%S.%%06d%z"); ++ snprintf(buf, 64, nowstr, g_date_time_get_microsecond(now)); + localfmt = g_strdup_printf("[%s] [ID: %08ld] %s", +- nowstr, syscall(__NR_gettid), fmt); ++ buf, syscall(__NR_gettid), fmt); + } + fmt = localfmt; + } +-- +2.41.0.windows.1 + -- Gitee