diff --git a/accel-kvm-Make-kvm_has_guest_debug-static.patch b/accel-kvm-Make-kvm_has_guest_debug-static.patch new file mode 100644 index 0000000000000000000000000000000000000000..38fb3510e01771b7e24908b60cc30bf80f833ffc --- /dev/null +++ b/accel-kvm-Make-kvm_has_guest_debug-static.patch @@ -0,0 +1,37 @@ +From ead624df30b907caceef76e55f891d262fd1e8b3 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Tue, 19 Dec 2023 17:57:38 +0000 +Subject: [PATCH] accel/kvm: Make kvm_has_guest_debug static +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This variable is not used or declared outside kvm-all.c. + +Backport from QEMU official community: 16617c3cba55 + +Signed-off-by: Richard Henderson +Reviewed-by: Gavin Shan +Reviewed-by: Philippe Mathieu-Daudé +Tested-by: Philippe Mathieu-Daudé +Signed-off-by: Peter Maydell +--- + accel/kvm/kvm-all.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c +index f472fc4f69..6e3a3f14a1 100644 +--- a/accel/kvm/kvm-all.c ++++ b/accel/kvm/kvm-all.c +@@ -104,7 +104,7 @@ bool kvm_readonly_mem_allowed; + bool kvm_vm_attributes_allowed; + bool kvm_msi_use_devid; + bool kvm_csv3_allowed; +-bool kvm_has_guest_debug; ++static bool kvm_has_guest_debug; + static int kvm_sstep_flags; + static bool kvm_immediate_exit; + static hwaddr kvm_max_slot_size = ~0; +-- +2.33.0 + diff --git a/block-stream-fix-Werror-maybe-uninitialized-false-po.patch b/block-stream-fix-Werror-maybe-uninitialized-false-po.patch new file mode 100644 index 0000000000000000000000000000000000000000..75c833218876550e1a439f47d892ab47a12edec3 --- /dev/null +++ b/block-stream-fix-Werror-maybe-uninitialized-false-po.patch @@ -0,0 +1,49 @@ +From b1c05b06211be42f97b506beacc7b347cd600e23 Mon Sep 17 00:00:00 2001 +From: guping +Date: Mon, 25 Aug 2025 10:20:30 +0000 +Subject: [PATCH] block/stream: fix -Werror=maybe-uninitialized false-positives + cherry-pick from ce2a0ef65c3bb857985cd4b9c1f2145c81f2cdec +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +../block/stream.c:193:19: error: ‘unfiltered_bs’ may be used uninitialized [-Werror=maybe-uninitialized] +../block/stream.c:176:5: error: ‘len’ may be used uninitialized [-Werror=maybe-uninitialized] +trace/trace-block.h:906:9: error: ‘ret’ may be used uninitialized [-Werror=maybe-uninitialized] + +Signed-off-by: Marc-André Lureau +Acked-by: Vladimir Sementsov-Ogievskiy +Reviewed-by: Manos Pitsidianakis + +Signed-off-by: guping +--- + block/stream.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/block/stream.c b/block/stream.c +index 01fe7c0f16..421ef5c729 100644 +--- a/block/stream.c ++++ b/block/stream.c +@@ -149,8 +149,8 @@ static void stream_clean(Job *job) + static int coroutine_fn stream_run(Job *job, Error **errp) + { + StreamBlockJob *s = container_of(job, StreamBlockJob, common.job); +- BlockDriverState *unfiltered_bs; +- int64_t len; ++ BlockDriverState *unfiltered_bs = NULL; ++ int64_t len = -1; + int64_t offset = 0; + int error = 0; + int64_t n = 0; /* bytes */ +@@ -171,7 +171,7 @@ static int coroutine_fn stream_run(Job *job, Error **errp) + + for ( ; offset < len; offset += n) { + bool copy; +- int ret; ++ int ret = -1; + + /* Note that even when no rate limit is applied we need to yield + * with no pending I/O here so that bdrv_drain_all() returns. +-- +2.33.0 + diff --git a/hw-nvme-cap-MDTS-value-for-internal-limitation.patch b/hw-nvme-cap-MDTS-value-for-internal-limitation.patch new file mode 100644 index 0000000000000000000000000000000000000000..08d41cfdbe0e9fb293573cdc20773edbd6b711ba --- /dev/null +++ b/hw-nvme-cap-MDTS-value-for-internal-limitation.patch @@ -0,0 +1,43 @@ +From 312cbe919b94565dc54c9c6189cea4d72797d514 Mon Sep 17 00:00:00 2001 +From: guping +Date: Tue, 26 Aug 2025 02:13:17 +0000 +Subject: [PATCH] hw/nvme: cap MDTS value for internal limitation cherry-pick + from 53493c1f836f4dda90a6b5f2fb3d9264918c6871 + +The emulated device had let the user set whatever max transfers size +they wanted, including no limit. However the device does have an +internal limit of 1024 segments. NVMe doesn't report max segments, +though. This is implicitly inferred based on the MDTS and MPSMIN values. + +IOV_MAX is currently 1024 which 4k PRPs can exceed with 2MB transfers. +Don't allow MDTS values that can exceed this, otherwise users risk +seeing "internal error" status to their otherwise protocol compliant +commands. + +Signed-off-by: Keith Busch +Signed-off-by: Klaus Jensen + +Signed-off-by: guping +--- + hw/nvme/ctrl.c | 5 +++++ + 1 file changed, 5 insertions(+) + +diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c +index 6fc2a64b0e..e293496ac7 100644 +--- a/hw/nvme/ctrl.c ++++ b/hw/nvme/ctrl.c +@@ -7816,6 +7816,11 @@ static bool nvme_check_params(NvmeCtrl *n, Error **errp) + host_memory_backend_set_mapped(n->pmr.dev, true); + } + ++ if (!n->params.mdts || ((1 << n->params.mdts) + 1) > IOV_MAX) { ++ error_setg(errp, "mdts exceeds IOV_MAX"); ++ return false; ++ } ++ + if (n->params.zasl > n->params.mdts) { + error_setg(errp, "zoned.zasl (Zone Append Size Limit) must be less " + "than or equal to mdts (Maximum Data Transfer Size)"); +-- +2.33.0 + diff --git a/hw-ssi-xilinx_spips-Fix-flash-erase-assert-in-dual-p.patch b/hw-ssi-xilinx_spips-Fix-flash-erase-assert-in-dual-p.patch new file mode 100644 index 0000000000000000000000000000000000000000..18b31668d153fcd789f67a8c3b241344da91818d --- /dev/null +++ b/hw-ssi-xilinx_spips-Fix-flash-erase-assert-in-dual-p.patch @@ -0,0 +1,41 @@ +From cb2311054c27a95460267a69140606194840b51b Mon Sep 17 00:00:00 2001 +From: guping +Date: Mon, 25 Aug 2025 10:44:05 +0000 +Subject: [PATCH] hw/ssi/xilinx_spips: Fix flash erase assert in dual parallel + configuration cherry-pick from a8cc14435e675e86cba9afce8aa5e098b2e43ff4 + +Ensure that the FIFO is checked for emptiness before popping data +from it. Previously, the code directly popped the data from the FIFO +without checking, which could cause an assertion failure: + +../util/fifo8.c:67: fifo8_pop: Assertion `fifo->num > 0' failed. + +Signed-off-by: Shiva sagar Myana +Message-id: 20240924112035.1320865-1-Shivasagar.Myana@amd.com +Reviewed-by: Francisco Iglesias +[PMM: tweaked commit message] +Signed-off-by: Peter Maydell + +Signed-off-by: guping +--- + hw/ssi/xilinx_spips.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/hw/ssi/xilinx_spips.c b/hw/ssi/xilinx_spips.c +index 0bdfad7e2e..67dd00b434 100644 +--- a/hw/ssi/xilinx_spips.c ++++ b/hw/ssi/xilinx_spips.c +@@ -620,7 +620,9 @@ static void xilinx_spips_flush_txfifo(XilinxSPIPS *s) + } else if (s->snoop_state == SNOOP_STRIPING || + s->snoop_state == SNOOP_NONE) { + for (i = 0; i < num_effective_busses(s); ++i) { +- tx_rx[i] = fifo8_pop(&s->tx_fifo); ++ if (!fifo8_is_empty(&s->tx_fifo)) { ++ tx_rx[i] = fifo8_pop(&s->tx_fifo); ++ } + } + stripe8(tx_rx, num_effective_busses(s), false); + } else if (s->snoop_state >= SNOOP_ADDR) { +-- +2.33.0 + diff --git a/i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch b/i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch new file mode 100644 index 0000000000000000000000000000000000000000..ca4632ac18777f58df859b226cc2104b0d3a6b26 --- /dev/null +++ b/i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch @@ -0,0 +1,50 @@ +From 02b85f8f47e8670bd4b105c23912ea911d009ec5 Mon Sep 17 00:00:00 2001 +From: Zhao Liu +Date: Wed, 6 Nov 2024 11:07:18 +0800 +Subject: [PATCH 09/10] i386/cpu: Mark avx10_version filtered when prefix is + NULL + +commit cf4c263551886964c5d58bd7b675b13fd497b402 upstream. + +In x86_cpu_filter_features(), if host doesn't support AVX10, the +configured avx10_version should be marked as filtered regardless of +whether prefix is NULL or not. + +Check prefix before warn_report() instead of checking for +have_filtered_features. + +Intel-SIG: commit cf4c26355188 i386/cpu: Mark avx10_version filtered when prefix is NULL. +GNR AVX10.1 backporting + +Cc: qemu-stable@nongnu.org +Fixes: commit bccfb846fd52 ("target/i386: add AVX10 feature and AVX10 version property") +Signed-off-by: Zhao Liu +Reviewed-by: Tao Su +Link: https://lore.kernel.org/r/20241106030728.553238-2-zhao1.liu@intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 7b969a4447..eff23af452 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -7816,8 +7816,10 @@ static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + env->avx10_version = version; + have_filtered_features = true; + } +- } else if (env->avx10_version && prefix) { +- warn_report("%s: avx10.%d.", prefix, env->avx10_version); ++ } else if (env->avx10_version) { ++ if (prefix) { ++ warn_report("%s: avx10.%d.", prefix, env->avx10_version); ++ } + have_filtered_features = true; + } + +-- +2.33.0 + diff --git a/migration-fix-Werror-maybe-uninitialized-false-posit2.patch b/migration-fix-Werror-maybe-uninitialized-false-posit2.patch new file mode 100644 index 0000000000000000000000000000000000000000..9145f5d673bd8c64e21fa9efa123cb85613ce63c --- /dev/null +++ b/migration-fix-Werror-maybe-uninitialized-false-posit2.patch @@ -0,0 +1,61 @@ +From 6f166f000e6913a8926ab03e9a4e0a05457d6963 Mon Sep 17 00:00:00 2001 +From: guping +Date: Mon, 25 Aug 2025 18:28:37 +0800 +Subject: [PATCH] migration: fix -Werror=maybe-uninitialized false-positives +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +cherry-pick from 7cea863719f83b2489e939e9f5a9acce060ec21d + +migration: fix -Werror=maybe-uninitialized false-positives + +../migration/dirtyrate.c:186:5: error: ‘records’ may be used uninitialized [-Werror=maybe-uninitialized] +../migration/dirtyrate.c:168:12: error: ‘gen_id’ may be used uninitialized [-Werror=maybe-uninitialized] +../migration/migration.c:2273:5: error: ‘file’ may be used uninitialized [-Werror=maybe-uninitialized] + +Signed-off-by: Marc-André Lureau +Acked-by: Peter Xu +Reviewed-by: Hyman Huang + +Signed-off-by: guping +--- + migration/dirtyrate.c | 4 ++-- + migration/migration.c | 2 +- + 2 files changed, 3 insertions(+), 3 deletions(-) + +diff --git a/migration/dirtyrate.c b/migration/dirtyrate.c +index 036ac017fc..ffb1ed868d 100644 +--- a/migration/dirtyrate.c ++++ b/migration/dirtyrate.c +@@ -145,12 +145,12 @@ int64_t vcpu_calculate_dirtyrate(int64_t calc_time_ms, + unsigned int flag, + bool one_shot) + { +- DirtyPageRecord *records; ++ DirtyPageRecord *records = NULL; + int64_t init_time_ms; + int64_t duration; + int64_t dirtyrate; + int i = 0; +- unsigned int gen_id; ++ unsigned int gen_id = 0; + + retry: + init_time_ms = qemu_clock_get_ms(QEMU_CLOCK_REALTIME); +diff --git a/migration/migration.c b/migration/migration.c +index 526f926b79..eba3f9d17d 100644 +--- a/migration/migration.c ++++ b/migration/migration.c +@@ -2181,7 +2181,7 @@ static bool migrate_handle_rp_resume_ack(MigrationState *s, + */ + static void migration_release_dst_files(MigrationState *ms) + { +- QEMUFile *file; ++ QEMUFile *file = NULL; + + WITH_QEMU_LOCK_GUARD(&ms->qemu_file_lock) { + /* +-- +2.33.0 + diff --git a/qemu-img-fix-division-by-zero-in-bench_cb-for-zero-s.patch b/qemu-img-fix-division-by-zero-in-bench_cb-for-zero-s.patch new file mode 100644 index 0000000000000000000000000000000000000000..d9bbb08cd1170bc028565a6a82ffa50cba7235de --- /dev/null +++ b/qemu-img-fix-division-by-zero-in-bench_cb-for-zero-s.patch @@ -0,0 +1,45 @@ +From d745a8f1717b9c666a67ea299a48050b70605780 Mon Sep 17 00:00:00 2001 +From: dinglimin +Date: Thu, 21 Aug 2025 12:20:47 +0800 +Subject: [PATCH] qemu-img: fix division by zero in bench_cb() for zero-sized + images + +This error was discovered by fuzzing qemu-img. + +This commit fixes a division by zero error in the bench_cb() function +that occurs when using the bench command with a zero-sized image. + +The issue arises because b->image_size can be zero, leading to a +division by zero in the modulo operation (b->offset %= b->image_size). +This patch adds a check for b->image_size == 0 and resets b->offset +to 0 in such cases, preventing the error. + +Signed-off-by: Denis Rastyogin +Message-ID: <20250318101933.255617-1-gerben@altlinux.org> +Reviewed-by: Kevin Wolf +Signed-off-by: Kevin Wolf +Signed-off-by: dinglimin +--- + qemu-img.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/qemu-img.c b/qemu-img.c +index 49d914c9c4..685beee06b 100644 +--- a/qemu-img.c ++++ b/qemu-img.c +@@ -4522,7 +4522,11 @@ static void bench_cb(void *opaque, int ret) + */ + b->in_flight++; + b->offset += b->step; +- b->offset %= b->image_size; ++ if (b->image_size == 0) { ++ b->offset = 0; ++ } else { ++ b->offset %= b->image_size; ++ } + if (b->write) { + acb = blk_aio_pwritev(b->blk, offset, b->qiov, 0, bench_cb, b); + } else { +-- +2.33.0 + diff --git a/qemu-options-Clarify-handling-of-commas-in-options-p.patch b/qemu-options-Clarify-handling-of-commas-in-options-p.patch new file mode 100644 index 0000000000000000000000000000000000000000..59662923161b1b4f07ae1082ad7ee1b4f97c3e12 --- /dev/null +++ b/qemu-options-Clarify-handling-of-commas-in-options-p.patch @@ -0,0 +1,76 @@ +From 7223363e347095fc124e7bc1a78a25fc5711bce9 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Wed, 13 Dec 2023 22:17:07 +0800 +Subject: [PATCH] qemu-options: Clarify handling of commas in options + parameters + +Provide explicit guidance on dealing with option parameters as arbitrary +strings containing commas, such as in "file=my,file" and "string=a,b". The +updated documentation emphasizes the need to double commas when they +appear within such parameters. + +Backport from QEMU official community: fd49b2153ed2 + +Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1839 +Signed-off-by: Yihuan Pan +Message-ID: <20231213141706.629833-2-xun794@gmail.com> +Signed-off-by: Thomas Huth +--- + docs/system/invocation.rst | 5 +++++ + docs/system/qemu-manpage.rst | 5 +++++ + qemu-options.hx | 4 ++++ + 3 files changed, 14 insertions(+) + +diff --git a/docs/system/invocation.rst b/docs/system/invocation.rst +index 4ba38fc23d..14b7db1c10 100644 +--- a/docs/system/invocation.rst ++++ b/docs/system/invocation.rst +@@ -10,6 +10,11 @@ Invocation + disk_image is a raw hard disk image for IDE hard disk 0. Some targets do + not need a disk image. + ++When dealing with options parameters as arbitrary strings containing ++commas, such as in "file=my,file" and "string=a,b", it's necessary to ++double the commas. For instance,"-fw_cfg name=z,string=a,,b" will be ++parsed as "-fw_cfg name=z,string=a,b". ++ + .. hxtool-doc:: qemu-options.hx + + Device URL Syntax +diff --git a/docs/system/qemu-manpage.rst b/docs/system/qemu-manpage.rst +index c47a412758..3ade4ee45b 100644 +--- a/docs/system/qemu-manpage.rst ++++ b/docs/system/qemu-manpage.rst +@@ -31,6 +31,11 @@ Options + disk_image is a raw hard disk image for IDE hard disk 0. Some targets do + not need a disk image. + ++When dealing with options parameters as arbitrary strings containing ++commas, such as in "file=my,file" and "string=a,b", it's necessary to ++double the commas. For instance,"-fw_cfg name=z,string=a,,b" will be ++parsed as "-fw_cfg name=z,string=a,b". ++ + .. hxtool-doc:: qemu-options.hx + + .. include:: keys.rst.inc +diff --git a/qemu-options.hx b/qemu-options.hx +index b09d692d5b..523438e908 100644 +--- a/qemu-options.hx ++++ b/qemu-options.hx +@@ -4086,9 +4086,13 @@ DEF("fw_cfg", HAS_ARG, QEMU_OPTION_fwcfg, + SRST + ``-fw_cfg [name=]name,file=file`` + Add named fw\_cfg entry with contents from file file. ++ If the filename contains comma, you must double it (for instance, ++ "file=my,,file" to use file "my,file"). + + ``-fw_cfg [name=]name,string=str`` + Add named fw\_cfg entry with contents from string str. ++ If the string contains comma, you must double it (for instance, ++ "string=my,,string" to use file "my,string"). + + The terminating NUL character of the contents of str will not be + included as part of the fw\_cfg item data. To insert contents with +-- +2.33.0 + diff --git a/qemu.spec b/qemu.spec index f67cfd6c50c4db1d9f74fb06f5ea7f53c7b79176..8c9de58d47419079639d2309cc33680251f5e42d 100644 --- a/qemu.spec +++ b/qemu.spec @@ -3,7 +3,7 @@ Name: qemu Version: 8.2.0 -Release: 43 +Release: 44 Epoch: 11 Summary: QEMU is a generic and open source machine emulator and virtualizer License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 @@ -1036,6 +1036,25 @@ Patch1019: hw-ahci-fix-Werror-maybe-uninitialized-false-positiv.patch Patch1020: hw-sdhci-fix-Werror-maybe-uninitialized-false-positi.patch Patch1021: migration-fix-Werror-maybe-uninitialized-false-posit.patch Patch1022: qemu-img-improve-queue-depth-validation-in-img_bench.patch +Patch1023: qemu-img-fix-division-by-zero-in-bench_cb-for-zero-s.patch +Patch1024: target-i386-cpu-set-correct-supported-XCR0-features-.patch +Patch1025: target-i386-do-not-rely-on-ExtSaveArea-for-accelerat.patch +Patch1026: target-i386-return-bool-from-x86_cpu_filter_features.patch +Patch1027: target-i386-add-AVX10-feature-and-AVX10-version-prop.patch +Patch1028: target-i386-add-CPUID.24-features-for-AVX10.patch +Patch1029: target-i386-Add-feature-dependencies-for-AVX10.patch +Patch1030: target-i386-Add-AVX512-state-when-AVX10-is-supported.patch +Patch1031: target-i386-Introduce-GraniteRapids-v2-model.patch +Patch1032: i386-cpu-Mark-avx10_version-filtered-when-prefix-is-.patch +Patch1033: target-i386-add-avx-vnni-int16-feature.patch +Patch1034: block-stream-fix-Werror-maybe-uninitialized-false-po.patch +Patch1035: migration-fix-Werror-maybe-uninitialized-false-posit2.patch +Patch1036: hw-ssi-xilinx_spips-Fix-flash-erase-assert-in-dual-p.patch +Patch1037: hw-nvme-cap-MDTS-value-for-internal-limitation.patch +Patch1038: accel-kvm-Make-kvm_has_guest_debug-static.patch +Patch1039: target-arm-tcg-Including-missing-exec-exec-all.h-hea.patch +Patch1040: system-qtest-Include-missing-hw-core-cpu.h-header.patch +Patch1041: qemu-options-Clarify-handling-of-commas-in-options-p.patch BuildRequires: flex BuildRequires: gcc @@ -1638,6 +1657,27 @@ getent passwd qemu >/dev/null || \ %endif %changelog +* Sat Aug 30 2025 Pengrui Zhang - 11:8.2.0-44 +- qemu-img: fix division by zero in bench_cb() for zero-sized images +- target/i386: cpu: set correct supported XCR0 features for TCG +- target/i386: do not rely on ExtSaveArea for accelerator-supported XCR0 bits +- target/i386: return bool from x86_cpu_filter_features +- target/i386: add AVX10 feature and AVX10 version property +- target/i386: add CPUID.24 features for AVX10 +- target/i386: Add feature dependencies for AVX10 +- target/i386: Add AVX512 state when AVX10 is supported +- target/i386: Introduce GraniteRapids-v2 model +- i386/cpu: Mark avx10_version filtered when prefix is NULL +- target/i386: add avx-vnni-int16 feature +- block/stream: fix -Werror=maybe-uninitialized false-positives +- migration: fix -Werror=maybe-uninitialized false-positives +- hw/ssi/xilinx_spips: Fix flash erase assert in dual parallel configuration +- hw/nvme: cap MDTS value for internal limitation +- accel/kvm: Make kvm_has_guest_debug static +- vtarget/arm/tcg: Including missing 'exec/exec-all.h' header +- system/qtest: Include missing 'hw/core/cpu.h' header +- qemu-options: Clarify handling of commas in options parameters + * Thu Aug 28 2025 Pengrui Zhang - 11:8.2.0-43 - util/timer: fix -Werror=maybe-uninitialized false-positive - hw/qxl: fix -Werror=maybe-uninitialized false-positives diff --git a/system-qtest-Include-missing-hw-core-cpu.h-header.patch b/system-qtest-Include-missing-hw-core-cpu.h-header.patch new file mode 100644 index 0000000000000000000000000000000000000000..f469a5e9d03ae6be6c6b8d07817bce6628821b2a --- /dev/null +++ b/system-qtest-Include-missing-hw-core-cpu.h-header.patch @@ -0,0 +1,40 @@ +From eda8a258895a5ec550434ae967052aac9d767ec2 Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Tue, 12 Dec 2023 12:30:15 +0100 +Subject: [PATCH] system/qtest: Include missing 'hw/core/cpu.h' header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +"hw/core/cpu.h" declares 'first_cpu'. Include it to avoid +when unrelated headers are refactored: + + system/qtest.c:548:33: error: use of undeclared identifier 'first_cpu' + address_space_write(first_cpu->as, addr, MEMTXATTRS_UNSPECIFIED, + ^ + +Backport from QEMU official community: 65eac5bd547f + +Signed-off-by: Philippe Mathieu-Daudé +Message-ID: <20231212113016.29808-2-philmd@linaro.org> +Reviewed-by: Thomas Huth +Signed-off-by: Thomas Huth +--- + system/qtest.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/system/qtest.c b/system/qtest.c +index 7964f0b248..6da58b3874 100644 +--- a/system/qtest.c ++++ b/system/qtest.c +@@ -21,6 +21,7 @@ + #include "exec/tswap.h" + #include "hw/qdev-core.h" + #include "hw/irq.h" ++#include "hw/core/cpu.h" + #include "qemu/accel.h" + #include "sysemu/cpu-timers.h" + #include "qemu/config-file.h" +-- +2.33.0 + diff --git a/target-arm-tcg-Including-missing-exec-exec-all.h-hea.patch b/target-arm-tcg-Including-missing-exec-exec-all.h-hea.patch new file mode 100644 index 0000000000000000000000000000000000000000..d6845e99dff6d056b9f68bb43ca04f77ed32d0c2 --- /dev/null +++ b/target-arm-tcg-Including-missing-exec-exec-all.h-hea.patch @@ -0,0 +1,41 @@ +From 5137f72204d34c8e9721e0f9c36a7cb70f04ea4b Mon Sep 17 00:00:00 2001 +From: Hao Chen +Date: Tue, 19 Dec 2023 17:57:49 +0000 +Subject: [PATCH] target/arm/tcg: Including missing 'exec/exec-all.h' header +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +translate_insn() ends up calling probe_access_full(), itself +declared in "exec/exec-all.h": + + TranslatorOps::translate_insn + -> aarch64_tr_translate_insn() + -> is_guarded_page() + -> probe_access_full() + +Backport from QEMU official community: 47eac5d4237f + +Signed-off-by: Philippe Mathieu-Daudé +Reviewed-by: Richard Henderson +Message-id: 20231130142519.28417-4-philmd@linaro.org +Signed-off-by: Peter Maydell +--- + target/arm/tcg/translate-a64.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/target/arm/tcg/translate-a64.c b/target/arm/tcg/translate-a64.c +index 5beac07b60..5db42c8083 100644 +--- a/target/arm/tcg/translate-a64.c ++++ b/target/arm/tcg/translate-a64.c +@@ -18,6 +18,7 @@ + */ + #include "qemu/osdep.h" + ++#include "exec/exec-all.h" + #include "translate.h" + #include "translate-a64.h" + #include "qemu/log.h" +-- +2.33.0 + diff --git a/target-i386-Add-AVX512-state-when-AVX10-is-supported.patch b/target-i386-Add-AVX512-state-when-AVX10-is-supported.patch new file mode 100644 index 0000000000000000000000000000000000000000..f3484ecc52b24941498852e2d532ab4657f4c37c --- /dev/null +++ b/target-i386-Add-AVX512-state-when-AVX10-is-supported.patch @@ -0,0 +1,54 @@ +From e7779ff69ad91af1ed5a31cb0e7fe054ab700b1a Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:32 +0800 +Subject: [PATCH 07/10] target/i386: Add AVX512 state when AVX10 is supported + +commit 0d7475be3b402c25d74c5a4573cbeb733c8f3559 upstream. + +AVX10 state enumeration in CPUID leaf D and enabling in XCR0 register +are identical to AVX512 state regardless of the supported vector lengths. + +Given that some E-cores will support AVX10 but not support AVX512, add +AVX512 state components to guest when AVX10 is enabled. + +Based on a patch by Tao Su + +Intel-SIG: commit 0d7475be3b40 target/i386: Add AVX512 state when AVX10 is supported. +GNR AVX10.1 backporting + +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241031085233.425388-8-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 10 +++++++++- + 1 file changed, 9 insertions(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index e93468a79e..e9244ab6b9 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -7265,7 +7265,15 @@ static bool cpuid_has_xsave_feature(CPUX86State *env, const ExtSaveArea *esa) + return false; + } + +- return (env->features[esa->feature] & esa->bits); ++ if (env->features[esa->feature] & esa->bits) { ++ return true; ++ } ++ if (esa->feature == FEAT_7_0_EBX && esa->bits == CPUID_7_0_EBX_AVX512F ++ && (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10)) { ++ return true; ++ } ++ ++ return false; + } + + static void x86_cpu_reset_hold(Object *obj) +-- +2.33.0 + diff --git a/target-i386-Add-feature-dependencies-for-AVX10.patch b/target-i386-Add-feature-dependencies-for-AVX10.patch new file mode 100644 index 0000000000000000000000000000000000000000..59fad1640c0b90688716b717f68bffe4372e1f13 --- /dev/null +++ b/target-i386-Add-feature-dependencies-for-AVX10.patch @@ -0,0 +1,87 @@ +From deb91de74ee55a37847336a3866beb24bed86188 Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:31 +0800 +Subject: [PATCH 06/10] target/i386: Add feature dependencies for AVX10 + +commit 150ab84b2d0083e6af344cca70290614d4fe568d upstream. + +Since the highest supported vector length for a processor implies that +all lesser vector lengths are also supported, add the dependencies of +the supported vector lengths. If all vector lengths aren't supported, +clear AVX10 enable bit as well. + +Note that the order of AVX10 related dependencies should be kept as: + CPUID_24_0_EBX_AVX10_128 -> CPUID_24_0_EBX_AVX10_256, + CPUID_24_0_EBX_AVX10_256 -> CPUID_24_0_EBX_AVX10_512, + CPUID_24_0_EBX_AVX10_VL_MASK -> CPUID_7_1_EDX_AVX10, + CPUID_7_1_EDX_AVX10 -> CPUID_24_0_EBX, +so that prevent user from setting weird CPUID combinations, e.g. 256-bits +and 512-bits are supported but 128-bits is not, no vector lengths are +supported but AVX10 enable bit is still set. + +Since AVX10_128 will be reserved as 1, adding these dependencies has the +bonus that when user sets -cpu host,-avx10-128, CPUID_7_1_EDX_AVX10 and +CPUID_24_0_EBX will be disabled automatically. + +Intel-SIG: commit 150ab84b2d00 target/i386: Add feature dependencies for AVX10. +GNR AVX10.1 backporting + +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241028024512.156724-5-tao1.su@linux.intel.com +Reviewed-by: Zhao Liu +Signed-off-by: Paolo Bonzini +Link: https://lore.kernel.org/r/20241031085233.425388-7-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 16 ++++++++++++++++ + target/i386/cpu.h | 4 ++++ + 2 files changed, 20 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index fed2ad058c..e93468a79e 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1586,6 +1586,22 @@ static FeatureDep feature_dependencies[] = { + .from = { FEAT_7_1_EAX, CPUID_7_1_EAX_WRMSRNS }, + .to = { FEAT_7_1_EAX, CPUID_7_1_EAX_FRED }, + }, ++ { ++ .from = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_128 }, ++ .to = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_256 }, ++ }, ++ { ++ .from = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_256 }, ++ .to = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_512 }, ++ }, ++ { ++ .from = { FEAT_24_0_EBX, CPUID_24_0_EBX_AVX10_VL_MASK }, ++ .to = { FEAT_7_1_EDX, CPUID_7_1_EDX_AVX10 }, ++ }, ++ { ++ .from = { FEAT_7_1_EDX, CPUID_7_1_EDX_AVX10 }, ++ .to = { FEAT_24_0_EBX, ~0ull }, ++ }, + }; + + typedef struct X86RegisterInfo32 { +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 7a1dfe004c..95fd226e49 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -1006,6 +1006,10 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + #define CPUID_24_0_EBX_AVX10_256 (1U << 17) + /* AVX10 512-bit vector support is present */ + #define CPUID_24_0_EBX_AVX10_512 (1U << 18) ++/* AVX10 vector length support mask */ ++#define CPUID_24_0_EBX_AVX10_VL_MASK (CPUID_24_0_EBX_AVX10_128 | \ ++ CPUID_24_0_EBX_AVX10_256 | \ ++ CPUID_24_0_EBX_AVX10_512) + + /* CLZERO instruction */ + #define CPUID_8000_0008_EBX_CLZERO (1U << 0) +-- +2.33.0 + diff --git a/target-i386-Introduce-GraniteRapids-v2-model.patch b/target-i386-Introduce-GraniteRapids-v2-model.patch new file mode 100644 index 0000000000000000000000000000000000000000..90e167c876ead3d0f7ce1f1b50453cd175b9256e --- /dev/null +++ b/target-i386-Introduce-GraniteRapids-v2-model.patch @@ -0,0 +1,57 @@ +From 49c9c29ae87ffc8a16c313d21eaf20c5949fa4f4 Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:33 +0800 +Subject: [PATCH 08/10] target/i386: Introduce GraniteRapids-v2 model + +commit 1a519388a882fbb352e49cbebb0ed8f62d05842d upstream. + +Update GraniteRapids CPU model to add AVX10 and the missing features(ss, +tsc-adjust, cldemote, movdiri, movdir64b). + +Intel-SIG: commit 1a519388a882 target/i386: Introduce GraniteRapids-v2 model. +GNR AVX10.1 backporting + +Tested-by: Xuelian Guo +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241028024512.156724-7-tao1.su@linux.intel.com +Reviewed-by: Zhao Liu +Signed-off-by: Paolo Bonzini +Link: https://lore.kernel.org/r/20241031085233.425388-9-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 17 +++++++++++++++++ + 1 file changed, 17 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index e9244ab6b9..7b969a4447 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -4226,6 +4226,23 @@ static const X86CPUDefinition builtin_x86_defs[] = { + .model_id = "Intel Xeon Processor (GraniteRapids)", + .versions = (X86CPUVersionDefinition[]) { + { .version = 1 }, ++ { ++ .version = 2, ++ .props = (PropValue[]) { ++ { "ss", "on" }, ++ { "tsc-adjust", "on" }, ++ { "cldemote", "on" }, ++ { "movdiri", "on" }, ++ { "movdir64b", "on" }, ++ { "avx10", "on" }, ++ { "avx10-128", "on" }, ++ { "avx10-256", "on" }, ++ { "avx10-512", "on" }, ++ { "avx10-version", "1" }, ++ { "stepping", "1" }, ++ { /* end of list */ } ++ } ++ }, + { /* end of list */ }, + }, + }, +-- +2.33.0 + diff --git a/target-i386-add-AVX10-feature-and-AVX10-version-prop.patch b/target-i386-add-AVX10-feature-and-AVX10-version-prop.patch new file mode 100644 index 0000000000000000000000000000000000000000..81d7715e29919d322410fc5e7f1987cbcc4fdd85 --- /dev/null +++ b/target-i386-add-AVX10-feature-and-AVX10-version-prop.patch @@ -0,0 +1,222 @@ +From 5d4c2e488ec5fc36bd0b9d53f6b60ccd9f613edc Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:29 +0800 +Subject: [PATCH 04/10] target/i386: add AVX10 feature and AVX10 version + property + +commit bccfb846fd52d6f20704ecfa4d01b60b43c6f640 upstream. + +When AVX10 enable bit is set, the 0x24 leaf will be present as "AVX10 +Converged Vector ISA leaf" containing fields for the version number and +the supported vector bit lengths. + +Introduce avx10-version property so that avx10 version can be controlled +by user and cpu model. Per spec, avx10 version can never be 0, the default +value of avx10-version is set to 0 to determine whether it is specified by +user. The default can come from the device model or, for the max model, +from KVM's reported value. + +Intel-SIG: commit bccfb846fd52 target/i386: add AVX10 feature and AVX10 version property. +GNR AVX10.1 backporting + +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241028024512.156724-3-tao1.su@linux.intel.com +Link: https://lore.kernel.org/r/20241028024512.156724-4-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +Tested-by: Xuelian Guo +Link: https://lore.kernel.org/r/20241031085233.425388-5-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 63 ++++++++++++++++++++++++++++++++++++++----- + target/i386/cpu.h | 4 +++ + target/i386/kvm/kvm.c | 3 ++- + 3 files changed, 63 insertions(+), 7 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 1313201f67..5b0d123e42 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -48,6 +48,9 @@ + #include "cpu-internal.h" + + static void x86_cpu_realizefn(DeviceState *dev, Error **errp); ++static void x86_cpu_get_supported_cpuid(uint32_t func, uint32_t index, ++ uint32_t *eax, uint32_t *ebx, ++ uint32_t *ecx, uint32_t *edx); + + /* Helpers for building CPUID[2] descriptors: */ + +@@ -985,7 +988,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + "avx-vnni-int8", "avx-ne-convert", NULL, NULL, + "amx-complex", NULL, NULL, NULL, + NULL, NULL, "prefetchiti", NULL, +- NULL, NULL, NULL, NULL, ++ NULL, NULL, NULL, "avx10", + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, + NULL, NULL, NULL, NULL, +@@ -1789,6 +1792,7 @@ typedef struct X86CPUDefinition { + int family; + int model; + int stepping; ++ uint8_t avx10_version; + FeatureWordArray features; + const char *model_id; + const CPUCaches *const cache_info; +@@ -6406,6 +6410,9 @@ static void x86_cpu_load_model(X86CPU *cpu, X86CPUModel *model) + */ + object_property_set_str(OBJECT(cpu), "vendor", def->vendor, &error_abort); + ++ object_property_set_uint(OBJECT(cpu), "avx10-version", def->avx10_version, ++ &error_abort); ++ + x86_cpu_apply_version_props(cpu, model); + + /* +@@ -6960,6 +6967,16 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, uint32_t count, + } + break; + } ++ case 0x24: { ++ *eax = 0; ++ *ebx = 0; ++ *ecx = 0; ++ *edx = 0; ++ if ((env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) && count == 0) { ++ *ebx = env->features[FEAT_24_0_EBX] | env->avx10_version; ++ } ++ break; ++ } + case 0x40000000: + /* + * CPUID code in kvm_arch_init_vcpu() ignores stuff +@@ -7559,6 +7576,12 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + ~env->user_features[w] & + ~feature_word_info[w].no_autoenable_flags; + } ++ ++ if ((env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) && !env->avx10_version) { ++ uint32_t eax, ebx, ecx, edx; ++ x86_cpu_get_supported_cpuid(0x24, 0, &eax, &ebx, &ecx, &edx); ++ env->avx10_version = ebx & 0xff; ++ } + } + + for (i = 0; i < ARRAY_SIZE(feature_dependencies); i++) { +@@ -7622,6 +7645,11 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x1F); + } + ++ /* Advanced Vector Extensions 10 (AVX10) requires CPUID[0x24] */ ++ if (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) { ++ x86_cpu_adjust_level(cpu, &env->cpuid_min_level, 0x24); ++ } ++ + /* SVM requires CPUID[0x8000000A] */ + if (env->features[FEAT_8000_0001_ECX] & CPUID_EXT3_SVM) { + x86_cpu_adjust_level(cpu, &env->cpuid_min_xlevel, 0x8000000A); +@@ -7672,6 +7700,10 @@ static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + CPUX86State *env = &cpu->env; + FeatureWord w; + const char *prefix = NULL; ++ bool have_filtered_features; ++ ++ uint32_t eax_0, ebx_0, ecx_0, edx_0; ++ uint32_t eax_1, ebx_1, ecx_1, edx_1; + + if (verbose) { + prefix = accel_uses_host_cpuid() +@@ -7688,13 +7720,11 @@ static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + } + + if (env->features[FEAT_7_0_EBX] & CPUID_7_0_EBX_INTEL_PT) { +- uint32_t eax_0, ebx_0, ecx_0, edx_0_unused; +- uint32_t eax_1, ebx_1, ecx_1_unused, edx_1_unused; + + x86_cpu_get_supported_cpuid(0x14, 0, +- &eax_0, &ebx_0, &ecx_0, &edx_0_unused); ++ &eax_0, &ebx_0, &ecx_0, &edx_0); + x86_cpu_get_supported_cpuid(0x14, 1, +- &eax_1, &ebx_1, &ecx_1_unused, &edx_1_unused); ++ &eax_1, &ebx_1, &ecx_1, &edx_1); + + if (!eax_0 || + ((ebx_0 & INTEL_PT_MINIMAL_EBX) != INTEL_PT_MINIMAL_EBX) || +@@ -7715,7 +7745,27 @@ static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + } + } + +- return x86_cpu_have_filtered_features(cpu); ++ have_filtered_features = x86_cpu_have_filtered_features(cpu); ++ ++ if (env->features[FEAT_7_1_EDX] & CPUID_7_1_EDX_AVX10) { ++ x86_cpu_get_supported_cpuid(0x24, 0, ++ &eax_0, &ebx_0, &ecx_0, &edx_0); ++ uint8_t version = ebx_0 & 0xff; ++ ++ if (version < env->avx10_version) { ++ if (prefix) { ++ warn_report("%s: avx10.%d. Adjust to avx10.%d", ++ prefix, env->avx10_version, version); ++ } ++ env->avx10_version = version; ++ have_filtered_features = true; ++ } ++ } else if (env->avx10_version && prefix) { ++ warn_report("%s: avx10.%d.", prefix, env->avx10_version); ++ have_filtered_features = true; ++ } ++ ++ return have_filtered_features; + } + + static void x86_cpu_hyperv_realize(X86CPU *cpu) +@@ -8469,6 +8519,7 @@ static Property x86_cpu_properties[] = { + DEFINE_PROP_UINT32("min-level", X86CPU, env.cpuid_min_level, 0), + DEFINE_PROP_UINT32("min-xlevel", X86CPU, env.cpuid_min_xlevel, 0), + DEFINE_PROP_UINT32("min-xlevel2", X86CPU, env.cpuid_min_xlevel2, 0), ++ DEFINE_PROP_UINT8("avx10-version", X86CPU, env.avx10_version, 0), + DEFINE_PROP_UINT64("ucode-rev", X86CPU, ucode_rev, 0), + DEFINE_PROP_BOOL("full-cpuid-auto-level", X86CPU, full_cpuid_auto_level, true), + DEFINE_PROP_STRING("hv-vendor-id", X86CPU, hyperv_vendor), +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index 4424e58d1b..fd048f9bda 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -977,6 +977,8 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + #define CPUID_7_1_EDX_AMX_COMPLEX (1U << 8) + /* PREFETCHIT0/1 Instructions */ + #define CPUID_7_1_EDX_PREFETCHITI (1U << 14) ++/* Support for Advanced Vector Extensions 10 */ ++#define CPUID_7_1_EDX_AVX10 (1U << 19) + + /* Indicate bit 7 of the IA32_SPEC_CTRL MSR is supported */ + #define CPUID_7_2_EDX_PSFD (1U << 0) +@@ -1877,6 +1879,8 @@ typedef struct CPUArchState { + uint32_t cpuid_vendor3; + uint32_t cpuid_version; + FeatureWordArray features; ++ /* AVX10 version */ ++ uint8_t avx10_version; + /* Features that were explicitly enabled/disabled */ + FeatureWordArray user_features; + uint32_t cpuid_model[12]; +diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c +index 2f379876e6..37e30d0194 100644 +--- a/target/i386/kvm/kvm.c ++++ b/target/i386/kvm/kvm.c +@@ -1978,7 +1978,8 @@ int kvm_arch_init_vcpu(CPUState *cs) + case 0x7: + case 0x14: + case 0x1d: +- case 0x1e: { ++ case 0x1e: ++ case 0x24: { + uint32_t times; + + c->function = i; +-- +2.33.0 + diff --git a/target-i386-add-CPUID.24-features-for-AVX10.patch b/target-i386-add-CPUID.24-features-for-AVX10.patch new file mode 100644 index 0000000000000000000000000000000000000000..73aa9869de0134ef99e5befd9fd798b91496e63f --- /dev/null +++ b/target-i386-add-CPUID.24-features-for-AVX10.patch @@ -0,0 +1,89 @@ +From 7e080e529d9e3b2954053a9826494be4e13847a1 Mon Sep 17 00:00:00 2001 +From: Tao Su +Date: Thu, 31 Oct 2024 16:52:30 +0800 +Subject: [PATCH 05/10] target/i386: add CPUID.24 features for AVX10 + +commit 2d055b8fe11ee567c2ae8047311fd83697e494b6 upstream. + +Introduce features for the supported vector bit lengths. + +Intel-SIG: commit 2d055b8fe11e target/i386: add CPUID.24 features for AVX10. +GNR AVX10.1 backporting + +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241028024512.156724-3-tao1.su@linux.intel.com +Link: https://lore.kernel.org/r/20241028024512.156724-4-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Tested-by: Xuelian Guo +Link: https://lore.kernel.org/r/20241031085233.425388-6-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 15 +++++++++++++++ + target/i386/cpu.h | 8 ++++++++ + 2 files changed, 23 insertions(+) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 5b0d123e42..fed2ad058c 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -754,6 +754,7 @@ void x86_cpu_vendor_words2str(char *dst, uint32_t vendor1, + #define TCG_SGX_12_0_EAX_FEATURES 0 + #define TCG_SGX_12_0_EBX_FEATURES 0 + #define TCG_SGX_12_1_EAX_FEATURES 0 ++#define TCG_24_0_EBX_FEATURES 0 + + #if defined CONFIG_USER_ONLY + #define CPUID_8000_0008_EBX_KERNEL_FEATURES (CPUID_8000_0008_EBX_IBPB | \ +@@ -1019,6 +1020,20 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + }, + .tcg_features = TCG_7_2_EDX_FEATURES, + }, ++ [FEAT_24_0_EBX] = { ++ .type = CPUID_FEATURE_WORD, ++ .feat_names = { ++ [16] = "avx10-128", ++ [17] = "avx10-256", ++ [18] = "avx10-512", ++ }, ++ .cpuid = { ++ .eax = 0x24, ++ .needs_ecx = true, .ecx = 0, ++ .reg = R_EBX, ++ }, ++ .tcg_features = TCG_24_0_EBX_FEATURES, ++ }, + [FEAT_8000_0007_EDX] = { + .type = CPUID_FEATURE_WORD, + .feat_names = { +diff --git a/target/i386/cpu.h b/target/i386/cpu.h +index fd048f9bda..7a1dfe004c 100644 +--- a/target/i386/cpu.h ++++ b/target/i386/cpu.h +@@ -651,6 +651,7 @@ typedef enum FeatureWord { + FEAT_XSAVE_XSS_HI, /* CPUID[EAX=0xd,ECX=1].EDX */ + FEAT_7_1_EDX, /* CPUID[EAX=7,ECX=1].EDX */ + FEAT_7_2_EDX, /* CPUID[EAX=7,ECX=2].EDX */ ++ FEAT_24_0_EBX, /* CPUID[EAX=0x24,ECX=0].EBX */ + FEATURE_WORDS, + } FeatureWord; + +@@ -999,6 +1000,13 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *cpu, FeatureWord w); + /* Packets which contain IP payload have LIP values */ + #define CPUID_14_0_ECX_LIP (1U << 31) + ++/* AVX10 128-bit vector support is present */ ++#define CPUID_24_0_EBX_AVX10_128 (1U << 16) ++/* AVX10 256-bit vector support is present */ ++#define CPUID_24_0_EBX_AVX10_256 (1U << 17) ++/* AVX10 512-bit vector support is present */ ++#define CPUID_24_0_EBX_AVX10_512 (1U << 18) ++ + /* CLZERO instruction */ + #define CPUID_8000_0008_EBX_CLZERO (1U << 0) + /* Always save/restore FP error pointers */ +-- +2.33.0 + diff --git a/target-i386-add-avx-vnni-int16-feature.patch b/target-i386-add-avx-vnni-int16-feature.patch new file mode 100644 index 0000000000000000000000000000000000000000..3432fe5a944a7c7631d88151949bd0c85d623c04 --- /dev/null +++ b/target-i386-add-avx-vnni-int16-feature.patch @@ -0,0 +1,37 @@ +From e711253e77b249686e5a4d3c15d474303de0cc99 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Wed, 3 Jul 2024 13:42:49 +0200 +Subject: [PATCH 10/10] target/i386: add avx-vnni-int16 feature + +commit 138c3377a9b27accec516b2c0da90dedef98a780 upstream. + +AVX-VNNI-INT16 (CPUID[EAX=7,ECX=1).EDX[10]) is supported by Clearwater +Forest processor, add it to QEMU as it does not need any specific +enablement. + +Intel-SIG: commit 138c3377a9b2 target/i386: add avx-vnni-int16 feature. +CWF ISA AVX_VNNI_INT16 backporting + +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index eff23af452..1e704558cd 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -987,7 +987,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .feat_names = { + NULL, NULL, NULL, NULL, + "avx-vnni-int8", "avx-ne-convert", NULL, NULL, +- "amx-complex", NULL, NULL, NULL, ++ "amx-complex", NULL, "avx-vnni-int16", NULL, + NULL, NULL, "prefetchiti", NULL, + NULL, NULL, NULL, "avx10", + NULL, NULL, NULL, NULL, +-- +2.33.0 + diff --git a/target-i386-cpu-set-correct-supported-XCR0-features-.patch b/target-i386-cpu-set-correct-supported-XCR0-features-.patch new file mode 100644 index 0000000000000000000000000000000000000000..b461fefb6b6c19ca8962b0ce6d698ec45d0a83fa --- /dev/null +++ b/target-i386-cpu-set-correct-supported-XCR0-features-.patch @@ -0,0 +1,48 @@ +From f795645ecbabcfe0f1edb9b80853f39572d8f2de Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 31 Oct 2024 16:52:26 +0800 +Subject: [PATCH 01/10] target/i386: cpu: set correct supported XCR0 features + for TCG + +commit 33098002a838a0450f243f5e17463aca700e923d upstream. + +Intel-SIG: commit 33098002a838 target/i386: cpu: set correct supported XCR0 features for TCG. +GNR AVX10.1 backporting + +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/20241031085233.425388-2-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 8360ea3d61..239629277e 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -1133,7 +1133,9 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .needs_ecx = true, .ecx = 0, + .reg = R_EAX, + }, +- .tcg_features = ~0U, ++ .tcg_features = XSTATE_FP_MASK | XSTATE_SSE_MASK | ++ XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK | ++ XSTATE_PKRU_MASK, + .migratable_flags = XSTATE_FP_MASK | XSTATE_SSE_MASK | + XSTATE_YMM_MASK | XSTATE_BNDREGS_MASK | XSTATE_BNDCSR_MASK | + XSTATE_OPMASK_MASK | XSTATE_ZMM_Hi256_MASK | XSTATE_Hi16_ZMM_MASK | +@@ -1146,7 +1148,7 @@ FeatureWordInfo feature_word_info[FEATURE_WORDS] = { + .needs_ecx = true, .ecx = 0, + .reg = R_EDX, + }, +- .tcg_features = ~0U, ++ .tcg_features = 0U, + }, + /*Below are MSR exposed features*/ + [FEAT_ARCH_CAPABILITIES] = { +-- +2.33.0 + diff --git a/target-i386-do-not-rely-on-ExtSaveArea-for-accelerat.patch b/target-i386-do-not-rely-on-ExtSaveArea-for-accelerat.patch new file mode 100644 index 0000000000000000000000000000000000000000..a76ea97278073d6fb60aa6ddd17477431070deb1 --- /dev/null +++ b/target-i386-do-not-rely-on-ExtSaveArea-for-accelerat.patch @@ -0,0 +1,115 @@ +From 034614cc369a463619d609106594d8d4a9402cf1 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 31 Oct 2024 16:52:27 +0800 +Subject: [PATCH 02/10] target/i386: do not rely on ExtSaveArea for + accelerator-supported XCR0 bits + +commit b888c7807049cc044d10d70139cb945202fb7cd2 upstream. + +Right now, QEMU is using the "feature" and "bits" fields of ExtSaveArea +to query the accelerator for the support status of extended save areas. +This is a problem for AVX10, which attaches two feature bits (AVX512F +and AVX10) to the same extended save states. + +To keep the AVX10 hacks to the minimum, limit usage of esa->features +and esa->bits. Instead, just query the accelerator for the 0xD leaf. +Do it in common code and clear esa->size if an extended save state is +unsupported. + +Intel-SIG: commit b888c7807049 target/i386: do not rely on ExtSaveArea for accelerator-supported XCR0 bits. +GNR AVX10.1 backporting + +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Link: https://lore.kernel.org/r/20241031085233.425388-3-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 33 +++++++++++++++++++++++++++++++-- + target/i386/kvm/kvm-cpu.c | 4 ---- + 2 files changed, 31 insertions(+), 6 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 239629277e..5b89643319 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -7211,6 +7211,15 @@ static void x86_cpu_set_sgxlepubkeyhash(CPUX86State *env) + #endif + } + ++static bool cpuid_has_xsave_feature(CPUX86State *env, const ExtSaveArea *esa) ++{ ++ if (!esa->size) { ++ return false; ++ } ++ ++ return (env->features[esa->feature] & esa->bits); ++} ++ + static void x86_cpu_reset_hold(Object *obj) + { + CPUState *s = CPU(obj); +@@ -7319,7 +7328,7 @@ static void x86_cpu_reset_hold(Object *obj) + if (!((1 << i) & CPUID_XSTATE_XCR0_MASK)) { + continue; + } +- if (env->features[esa->feature] & esa->bits) { ++ if (cpuid_has_xsave_feature(env, esa)) { + xcr0 |= 1ull << i; + } + } +@@ -7457,7 +7466,7 @@ static void x86_cpu_enable_xsave_components(X86CPU *cpu) + mask = 0; + for (i = 0; i < ARRAY_SIZE(x86_ext_save_areas); i++) { + const ExtSaveArea *esa = &x86_ext_save_areas[i]; +- if (env->features[esa->feature] & esa->bits) { ++ if (cpuid_has_xsave_feature(env, esa)) { + mask |= (1ULL << i); + } + } +@@ -8126,6 +8135,26 @@ static void x86_cpu_register_feature_bit_props(X86CPUClass *xcc, + + static void x86_cpu_post_initfn(Object *obj) + { ++ static bool first = true; ++ uint64_t supported_xcr0; ++ int i; ++ ++ if (first) { ++ first = false; ++ ++ supported_xcr0 = ++ ((uint64_t) x86_cpu_get_supported_feature_word(NULL, FEAT_XSAVE_XCR0_HI) << 32) | ++ x86_cpu_get_supported_feature_word(NULL, FEAT_XSAVE_XCR0_LO); ++ ++ for (i = XSTATE_SSE_BIT + 1; i < XSAVE_STATE_AREA_COUNT; i++) { ++ ExtSaveArea *esa = &x86_ext_save_areas[i]; ++ ++ if (!(supported_xcr0 & (1 << i))) { ++ esa->size = 0; ++ } ++ } ++ } ++ + accel_cpu_instance_init(CPU(obj)); + } + +diff --git a/target/i386/kvm/kvm-cpu.c b/target/i386/kvm/kvm-cpu.c +index a3bc8d8f83..5df8a01313 100644 +--- a/target/i386/kvm/kvm-cpu.c ++++ b/target/i386/kvm/kvm-cpu.c +@@ -137,10 +137,6 @@ static void kvm_cpu_xsave_init(void) + if (!esa->size) { + continue; + } +- if ((x86_cpu_get_supported_feature_word(NULL, esa->feature) & esa->bits) +- != esa->bits) { +- continue; +- } + host_cpuid(0xd, i, &eax, &ebx, &ecx, &edx); + if (eax != 0) { + assert(esa->size == eax); +-- +2.33.0 + diff --git a/target-i386-return-bool-from-x86_cpu_filter_features.patch b/target-i386-return-bool-from-x86_cpu_filter_features.patch new file mode 100644 index 0000000000000000000000000000000000000000..419b1d45e902f5b63ab49610ea2f838681b1c3f6 --- /dev/null +++ b/target-i386-return-bool-from-x86_cpu_filter_features.patch @@ -0,0 +1,81 @@ +From 89d9a44a5c792c548ffcf0b8ae96a6af37286cf8 Mon Sep 17 00:00:00 2001 +From: Paolo Bonzini +Date: Thu, 31 Oct 2024 16:52:28 +0800 +Subject: [PATCH 03/10] target/i386: return bool from x86_cpu_filter_features + +commit 3507c6f04606593711408a6d26141bdbceff9377 upstream. + +Prepare for filtering non-boolean features such as AVX10 version. + +Intel-SIG: commit 3507c6f04606 target/i386: return bool from x86_cpu_filter_features. +GNR AVX10.1 backporting + +Signed-off-by: Paolo Bonzini +Reviewed-by: Zhao Liu +Signed-off-by: Tao Su +Link: https://lore.kernel.org/r/20241031085233.425388-4-tao1.su@linux.intel.com +Signed-off-by: Paolo Bonzini +[ Quanxian Wang: amend commit log ] +Signed-off-by: Quanxian Wang +--- + target/i386/cpu.c | 20 +++++++++++--------- + 1 file changed, 11 insertions(+), 9 deletions(-) + +diff --git a/target/i386/cpu.c b/target/i386/cpu.c +index 5b89643319..1313201f67 100644 +--- a/target/i386/cpu.c ++++ b/target/i386/cpu.c +@@ -5944,7 +5944,7 @@ static void x86_cpu_parse_featurestr(const char *typename, char *features, + } + } + +-static void x86_cpu_filter_features(X86CPU *cpu, bool verbose); ++static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose); + + /* Build a list with the name of all features on a feature word array */ + static void x86_cpu_list_feature_names(FeatureWordArray features, +@@ -7665,9 +7665,9 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **errp) + * Finishes initialization of CPUID data, filters CPU feature + * words based on host availability of each feature. + * +- * Returns: 0 if all flags are supported by the host, non-zero otherwise. ++ * Returns: true if any flag is not supported by the host, false otherwise. + */ +-static void x86_cpu_filter_features(X86CPU *cpu, bool verbose) ++static bool x86_cpu_filter_features(X86CPU *cpu, bool verbose) + { + CPUX86State *env = &cpu->env; + FeatureWord w; +@@ -7714,6 +7714,8 @@ static void x86_cpu_filter_features(X86CPU *cpu, bool verbose) + mark_unavailable_features(cpu, FEAT_7_0_EBX, CPUID_7_0_EBX_INTEL_PT, prefix); + } + } ++ ++ return x86_cpu_have_filtered_features(cpu); + } + + static void x86_cpu_hyperv_realize(X86CPU *cpu) +@@ -7812,14 +7814,14 @@ static void x86_cpu_realizefn(DeviceState *dev, Error **errp) + } + } + +- x86_cpu_filter_features(cpu, cpu->check_cpuid || cpu->enforce_cpuid); +- +- if (cpu->enforce_cpuid && x86_cpu_have_filtered_features(cpu)) { +- error_setg(&local_err, +- accel_uses_host_cpuid() ? ++ if (x86_cpu_filter_features(cpu, cpu->check_cpuid || cpu->enforce_cpuid)) { ++ if (cpu->enforce_cpuid) { ++ error_setg(&local_err, ++ accel_uses_host_cpuid() ? + "Host doesn't support requested features" : + "TCG doesn't support requested features"); +- goto out; ++ goto out; ++ } + } + + /* On AMD CPUs, some CPUID[8000_0001].EDX bits must match the bits on +-- +2.33.0 +