Commit Graph

76313 Commits

Author SHA1 Message Date
Peter Maydell
2025fc6766 hw/ppc/ppc440_uc.c: Remove incorrect iothread locking from dcr_write_pcie()
In dcr_write_pcie() we take the iothread lock around a call to
pcie_host_mmcfg_udpate().  This is an incorrect attempt to deal with
the bug fixed in commit 235352ee6e, where we were not taking
the iothread lock before calling device dcr read/write functions.
(It's not sufficient locking, because although the other cases in the
switch statement won't assert, there is no locking which prevents
multiple guest CPUs from trying to access the PPC460EXPCIEState
struct at the same time and corrupting data.)

Unfortunately with commit 235352ee6e we are now trying
to recursively take the iothread lock, which will assert:

  $ qemu-system-ppc -M sam460ex --display none
  **
  ERROR:/home/petmay01/linaro/qemu-from-laptop/qemu/cpus.c:1830:qemu_mutex_lock_iothread_impl: assertion failed: (!qemu_mutex_iothread_locked())
  Aborted (core dumped)

Remove the locking within dcr_write_pcie().

Fixes: 235352ee6e
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200330125228.24994-1-peter.maydell@linaro.org>
Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:11 +10:00
David Gibson
7aab589976 spapr: Fix failure path for attempting to hot unplug PCI bridges
For various technical reasons we can't currently allow unplug a PCI to PCI
bridge on the pseries machine.  spapr_pci_unplug_request() correctly
generates an error message if that's attempted.

But.. if the given errp is not error_abort or error_fatal, it doesn't
actually stop trying to unplug the bridge anyway.

Fixes: 14e714900f "spapr: Allow hot plug/unplug of PCI bridges and devices under PCI bridges"
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Reviewed-by: Greg Kurz <groug@kaod.org>
2020-04-07 08:55:11 +10:00
Nicholas Piggin
4f7a11f93f ppc/spapr: Don't kill the guest if a recovered FWNMI machine check delivery fails
Try to be tolerant of FWNMI delivery errors if the machine check had been
recovered by the host.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-5-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
[dwg: Updated comment at Greg's suggestion]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
b90b9ecb12 ppc/spapr: Add FWNMI machine check delivery warnings
Add some messages which explain problems and guest misbehaviour that
may be difficult to diagnose in rare cases of machine checks.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-4-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
6c3dd24c05 ppc/spapr: Improve FWNMI machine check delivery corner case comments
Some of the conditions are not as clearly documented as they could be.
Also the non-FWNMI case does not need a large comment.

Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-3-npiggin@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Nicholas Piggin
ec010c0066 ppc/spapr: KVM FWNMI should not be enabled until guest requests it
The KVM FWNMI capability should be enabled with the "ibm,nmi-register"
rtas call. Although MCEs from KVM will be delivered as architected
interrupts to the guest before "ibm,nmi-register" is called, KVM has
different behaviour depending on whether the guest has enabled FWNMI
(it attempts to do more recovery on behalf of a non-FWNMI guest).

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20200325142906.221248-2-npiggin@gmail.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Alexey Kardashevskiy
79178edd2a vfio/spapr: Fix page size calculation
Coverity detected an issue (CID 1421903) with potential call of clz64(0)
which returns 64 which make it do "<<" with a negative number.

This checks the mask and avoids undefined behaviour.

In practice pgsizes and memory_region_iommu_get_min_page_size() always
have some common page sizes and even if they did not, the resulting page
size would be 0x8000.0000.0000.0000 (gcc 9.2) and
ioctl(VFIO_IOMMU_SPAPR_TCE_CREATE) would fail anyway.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20200324063912.25063-1-aik@ozlabs.ru>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Peter Maydell
3b4f50bd7d hw/ppc/e500.c: Handle qemu_find_file() failure
If qemu_find_file() doesn't find the BIOS it returns NULL; we were
passing that unchecked through to load_elf(), which assumes a non-NULL
pointer and may misbehave. In practice it fails with a weird message:

  $ qemu-system-ppc -M ppce500 -display none -kernel nonesuch
  Bad address
  qemu-system-ppc: could not load firmware '(null)'

Handle the failure case better:

  $ qemu-system-ppc -M ppce500 -display none -kernel nonesuch
  qemu-system-ppc: could not find firmware/kernel file 'nonesuch'

Spotted by Coverity (CID 1238954).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20200324121216.23899-1-peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
2020-04-07 08:55:10 +10:00
Peter Maydell
53ef8a92eb target-arm queue:
* don't expose "ieee_half" via gdbstub (prevents gdb crashes or errors
    with older GDB versions)
  * hw/arm/collie: Put StrongARMState* into a CollieMachineState struct
  * PSTATE.PAN should not clear exec bits
  * hw/gpio/aspeed_gpio.c: Don't directly include assert.h
    (fixes compilation on some Windows build scenarios)
  * dump: Fix writing of ELF section
  * dma/xlnx-zdma: various bug fixes
  * target/arm/helperc. delete obsolete TODO comment
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl6K/pEZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3iIkD/4xLIib97Ts4iXB3ReCjUpZ
 5l1Exb9Rp+r1MSTK3F7UgcI7MT/1MIh/IPkWYdG2Fwh4BAw+aQNQrLqjT9sDLeLK
 YZzEj97H4ZEFwJnj/OL/j3AfG+vnQdQ0Uj+xac3c1Nx0Isy7vGbG1cG5pIrVOWFM
 0rtLH8SdO2G1VUMnPG0Y6sf8vdCXQmJpdI8QS2FmulP0atgJmbLdmaXmZgOn5Dfx
 Y+L7v9E6aV3el1v905dt0iZhs4qcJc27SzFuT0SoGzCMS65fBpRKenCwUbxteLkU
 ItCFY5dx2IpyLuI/TS8X1UN335Mlnz3AGdlZdtm644BpxvuOMIqkVjY6di2WH02X
 etb78rLY4EKUwI/wTPueN57M5FoZRKkQkO1XvrBv2NPkyz1sFU4pI2cMfSQVQAI7
 azVKCdZuHv88raZ3tqdnPKsujyrc9pWX3HSD3Bsh+IcMqhBDBCt+pGbg352pw12E
 KT9xuIEpiEtkb/x4jShwezXKXbUbg62RNZTLyw5PmhKbWsc14ALXD75SXMXBlk9a
 Qkd3Rp3xQML6HO7qhOAxQQw1WAX1c/x4P/X6c2+lMyuorL6jByhSKgM7HxAw4XKa
 yo3ZSWc9bMl8vPkfxG+0vUe/cHtooSQYpGBlgSoxqwBpSIVAJeY7BdSgYAuJ8L5x
 y+dQHc/Zp2qk2VbFLjrdmw==
 =QEcM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200406' into staging

target-arm queue:
 * don't expose "ieee_half" via gdbstub (prevents gdb crashes or errors
   with older GDB versions)
 * hw/arm/collie: Put StrongARMState* into a CollieMachineState struct
 * PSTATE.PAN should not clear exec bits
 * hw/gpio/aspeed_gpio.c: Don't directly include assert.h
   (fixes compilation on some Windows build scenarios)
 * dump: Fix writing of ELF section
 * dma/xlnx-zdma: various bug fixes
 * target/arm/helperc. delete obsolete TODO comment

# gpg: Signature made Mon 06 Apr 2020 11:04:01 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200406:
  dma/xlnx-zdma: Reorg to fix CUR_DSCR
  dma/xlnx-zdma: Advance the descriptor address when stopping
  dma/xlnx-zdma: Clear DMA_DONE when halting
  dma/xlnx-zdma: Populate DBG0.CMN_BUF_FREE
  dma/xlnx-zdma: Remove comment
  dump: Fix writing of ELF section
  hw/gpio/aspeed_gpio.c: Don't directly include assert.h
  target/arm: Remove obsolete TODO note from get_phys_addr_lpae()
  target/arm: PSTATE.PAN should not clear exec bits
  hw/arm/collie: Put StrongARMState* into a CollieMachineState struct
  target/arm: don't expose "ieee_half" via gdbstub

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 12:36:45 +01:00
Edgar E. Iglesias
8893790966 dma/xlnx-zdma: Reorg to fix CUR_DSCR
Reorganize the descriptor handling so that CUR_DSCR always
points to the next descriptor to be processed.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20200402134721.27863-6-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 10:59:56 +01:00
Edgar E. Iglesias
4ec037f1dd dma/xlnx-zdma: Advance the descriptor address when stopping
Advance the descriptor address when stopping the channel.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200402134721.27863-5-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 10:59:56 +01:00
Edgar E. Iglesias
4fc4678c60 dma/xlnx-zdma: Clear DMA_DONE when halting
Clear DMA_DONE when halting the DMA channel.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20200402134721.27863-4-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 10:59:56 +01:00
Edgar E. Iglesias
28009852aa dma/xlnx-zdma: Populate DBG0.CMN_BUF_FREE
Populate DBG0.CMN_BUF_FREE so that SW can see some free space.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20200402134721.27863-3-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 10:59:56 +01:00
Edgar E. Iglesias
12ba36d910 dma/xlnx-zdma: Remove comment
Remove comment.

Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20200402134721.27863-2-edgar.iglesias@gmail.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-06 10:59:56 +01:00
Peter Maydell
547522cd3d Error reporting patches for 2020-04-04
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl6Ie1wSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTXugQAIMTSWP+zbM11Ofnip3RR60k08PNCDAb
 IjUMjzmRYKzANy4R2nNP4tA+V2dD8kCSu8UrxQOpiBWsTJbRNSFUygPudjQvkSKR
 QarP0S1eKtq2+dqkOpVdbg6aI/GCtane3X18GwSesnuu9WmOREtnqw+GJkft17Hb
 OLGZwPWmnMRhwBPNS6xUscAdmTz003LEYrOeUIIuuZbi7aSdeDsGgWpVMbwKI1FI
 Z6p3yHzHLQQhR49Ezy+MglLYg+ecvlZxbf94qRqqKMzU8QYrtbjoahCSxCMRLIDO
 3FLjtez+p/9gNS6exD9k4uj5MPFzkORumJn7xi1ehaNA+T0+t6Ku+fxR/n/mjm9L
 P8fDOLc2v/YPTKu3J/o8T41G8oBdujAyaxvMey1iGpLg5xlRIK8nPs9Sai2UAmxy
 Vv0DbSViviQA599rkDATjbes6E0ohINhlYa3+kDznriH3t336COn83xyoMuvEREu
 4ZoYsa7xp6bHpooGXmda2uf9VC3a2+ftEQriXZkeAy4HZEm/mcFPl+aYu/bolCM+
 ji/v5CpNtef5QRq9aZqK1qPw6f1xscQQmmQUtxLLxF+hXqlM6MwYNbEyRxvBgQ0+
 6vy90Pttdn/WnfuJI4OEtuifD3y/c4bqr0g2h9dVd4Kw4KAWVVW5MDNcCKMAdXbh
 NMYjuv1RCtbr
 =G7MR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-error-2020-04-04' into staging

Error reporting patches for 2020-04-04

# gpg: Signature made Sat 04 Apr 2020 13:19:40 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-error-2020-04-04:
  qga/commands-posix: fix use after free of local_err
  dump/win_dump: fix use after free of err
  scripts/coccinelle: add error-use-after-free.cocci

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-05 18:28:17 +01:00
Vladimir Sementsov-Ogievskiy
6a4a38530e qga/commands-posix: fix use after free of local_err
local_err is used several times in guest_suspend(). Setting non-NULL
local_err will crash, so let's zero it after freeing. Also fix possible
leak of local_err in final if().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200324153630.11882-7-vsementsov@virtuozzo.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-04-04 14:15:24 +02:00
Vladimir Sementsov-Ogievskiy
b0e709503c dump/win_dump: fix use after free of err
It's possible that we'll try to set err twice (or more). It's bad, it
will crash.

Instead, use warn_report().

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200324153630.11882-4-vsementsov@virtuozzo.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-04-04 14:15:14 +02:00
Vladimir Sementsov-Ogievskiy
d1d3a99795 scripts/coccinelle: add error-use-after-free.cocci
Add script to find and fix trivial use-after-free of Error objects.
How to use:
spatch --sp-file scripts/coccinelle/error-use-after-free.cocci \
 --macro-file scripts/cocci-macro-file.h --in-place \
 --no-show-diff ( FILES... | --use-gitgrep . )

Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
Message-Id: <20200324153630.11882-2-vsementsov@virtuozzo.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Pastos in commit message and comment fixed, globbing in MAINTAINERS
expanded]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2020-04-04 14:14:09 +02:00
Peter Maydell
174d2d6856 dump: Fix writing of ELF section
In write_elf_section() we set the 'shdr' pointer to point to local
structures shdr32 or shdr64, which we fill in to be written out to
the ELF dump.  Unfortunately the address we pass to fd_write_vmcore()
has a spurious '&' operator, so instead of writing out the section
header we write out the literal pointer value followed by whatever is
on the stack after the 'shdr' local variable.

Pass the correct address into fd_write_vmcore().

Spotted by Coverity: CID 1421970.

Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200324173630.12221-1-peter.maydell@linaro.org
2020-04-03 19:26:41 +01:00
Peter Maydell
c88311f272 hw/gpio/aspeed_gpio.c: Don't directly include assert.h
Remove a direct include of assert.h -- this is already
provided by qemu/osdep.h, and it breaks our rule that the
first include must always be osdep.h.

In particular we must get the assert() macro via osdep.h
to avoid compile failures on mingw (see the comment in
osdep.h where we redefine assert() for that platform).

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Message-id: 20200403124712.24826-1-peter.maydell@linaro.org
2020-04-03 19:24:53 +01:00
Peter Maydell
07d1be3b3a target/arm: Remove obsolete TODO note from get_phys_addr_lpae()
An old comment in get_phys_addr_lpae() claims that the code does not
support the different format TCR for VTCR_EL2.  This used to be true
but it is not true now (in particular the aa64_va_parameters() and
aa32_va_parameters() functions correctly handle the different
register format by checking whether the mmu_idx is Stage2).
Remove the out of date parts of the comment.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200331143407.3186-1-peter.maydell@linaro.org
2020-04-03 19:24:20 +01:00
Peter Maydell
f4e1dbc578 target/arm: PSTATE.PAN should not clear exec bits
Our implementation of the PSTATE.PAN bit incorrectly cleared all
access permission bits for privileged access to memory which is
user-accessible.  It should only affect the privileged read and write
permissions; execute permission is dealt with via XN/PXN instead.

Fixes: 81636b70c2
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200330170651.20901-1-peter.maydell@linaro.org
2020-04-03 19:23:53 +01:00
Peter Maydell
8a2b76ffc9 hw/arm/collie: Put StrongARMState* into a CollieMachineState struct
Coverity complains that the collie_init() function leaks the memory
allocated in sa1110_init().  This is true but not significant since
the function is called only once on machine init and the memory must
remain in existence until QEMU exits anyway.

Still, we can avoid the technical memory leak by keeping the pointer
to the StrongARMState inside the machine state struct.  Switch from
the simple DEFINE_MACHINE() style to defining a subclass of
TYPE_MACHINE which extends the MachineState struct, and keep the
pointer there.

Fixes: CID 1421921
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20200326204919.22006-1-peter.maydell@linaro.org
2020-04-03 19:23:37 +01:00
Alex Bennée
9231951aa5 target/arm: don't expose "ieee_half" via gdbstub
While support for parsing ieee_half in the XML description was added
to gdb in 2019 (a6d0f249) there is no easy way for the gdbstub to know
if the gdb end will understand it. Disable it for now and allow older
gdbs to successfully connect to the default -cpu max SVE enabled
QEMUs.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200402143913.24005-1-alex.bennee@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-03 19:20:42 +01:00
Peter Maydell
146aa0f104 Pull request
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAl6HIyEACgkQnKSrs4Gr
 c8gfKgf9H2wBGsMA2l7wN5MKMw8R7/vTzTAnrW8prCbiioSQdpqOdmzif0nr0JvA
 +ck09eRMKrzdL4HQjJ4Hjj+o+FOq86jO4aMWdWLNY92LfvjHvXGzl/DQCdRy6d+3
 IjutR+PzSh5rfQcHbD+Za9YrRV5docsvVhvYqbvC6KWG8IAZWKpTMS+KTGp4OV9E
 yq2fQY4IQZJi6522aym9YYDw+CESqD6CbKHmv4NjLxlSQaZWZi1iJGYiXp+iQ4JH
 Yh+xEKd7YPhJgZ9ZKVMTa3+VlpfqzwcjBATAqHpQzhl2yTZHzKU4uynKcuWYrOML
 TJAbebXtJ/9keJ22PBG6XIaZ+duwTg==
 =ICDI
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stefanha/tags/block-pull-request' into staging

Pull request

# gpg: Signature made Fri 03 Apr 2020 12:50:57 BST
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha/tags/block-pull-request:
  aio-posix: fix test-aio /aio/event/wait with fdmon-io_uring

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-03 15:30:11 +01:00
Peter Maydell
64a3b4d53d - fix cpu number reporting in the stsi 3.2.2 block for kvm
- fix migration for old machines with odd ram sizes
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAl6G/aoSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vm1cQAKOa3GS6l61yHhRMYc0RkhK12iOnAkpX
 FRFSob8vY5WXnfRke2peVQnRt8nqzKFSVzYUai55k/qX7XgmEFe6HRX1sMNV6Gx+
 jBnucJUgvOYQR5gfqvl20oxlUMC9aXmdLZS+Bb4wCcunfdQieyIn68sJevxBUZr5
 43nO3eLqU4Cx39I3C4BkcuoWddTCiMaYX0FOAgI1HyPuuoez5yG/kTTESJyrWGgn
 I0pLVwP4ouDigbyc5T83wlK/pa3u4uJvjAq+pR6wVKQcVj9Zc0Vunivil0h5s1dH
 dQEjH87oeGRvcY3oTVXfEBFB2+kQfsFMh4VTVpSZGbePGDYqupySVAXwnCdqVNwk
 HKLICzP8jbK0B/e5oqjMXAa74kXXpktL7/WXmEe50LZPxlxLgXY/emLI5+DM5zsv
 XYy95nWHaH0e4xpXACrGSSwOwnmMpj64KxWqi2RJeTmONDVwGUQA/goxuhQ0YPRL
 8XjhIkYeKVCaTVHauFvrMzQuN2IntadiyJnSum5jCaR6G0T4VH0ni4J+9tr8296E
 cUr1tJYVCgBUYkE0bLIEo5OlL+1INg3EfmIQ4dWo7NKVNe8pygP+54G8jH6LSLIN
 bY9rf/JptcsBZVMSiakteFL7FoBE+zWz6BLfDPoQpDSYMkG/g2NlEJ6Kknt47vet
 uoPSDzdjrMdw
 =XPeE
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20200403' into staging

- fix cpu number reporting in the stsi 3.2.2 block for kvm
- fix migration for old machines with odd ram sizes

# gpg: Signature made Fri 03 Apr 2020 10:11:06 BST
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [marginal]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [marginal]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [marginal]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20200403:
  vl/s390x: fixup ram sizes for compat machines
  s390x: kvm: Fix number of cpu reports for stsi 3.2.2

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-03 12:59:29 +01:00
Stefan Hajnoczi
ae60ab7eb2 aio-posix: fix test-aio /aio/event/wait with fdmon-io_uring
When a file descriptor becomes ready we must re-arm POLL_ADD.  This is
done by adding an sqe to the io_uring sq ring.  The ->need_wait()
function wasn't taking pending sqes into account and therefore
io_uring_submit_and_wait() was not being called.  Polling for cqes
failed to detect fd readiness since we hadn't submitted the sqe to
io_uring.

This patch fixes the following tests/test-aio -p /aio/event/wait
failure:

  ok 11 /aio/event/wait
  **
  ERROR:tests/test-aio.c:374:test_flush_event_notifier: assertion failed: (aio_poll(ctx, false))

Reported-by: Cole Robinson <crobinso@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Tested-by: Cole Robinson <crobinso@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20200402145434.99349-1-stefanha@redhat.com
Fixes: 73fd282e7b
       ("aio-posix: add io_uring fd monitoring implementation")
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2020-04-03 12:42:40 +01:00
Peter Maydell
f2a8261110 x86 queue for -rc2
Fixes:
 * EPYC CPU model APIC ID topology fixes (Babu Moger)
 * Fix crash when enabling intel-pt on older machine types
   (Luwei Kang)
 * Add missing ARCH_CAPABILITIES bits to Icelake-Server CPU model
   (Xiaoyao Li)
 -----BEGIN PGP SIGNATURE-----
 
 iQJIBAABCAAyFiEEWjIv1avE09usz9GqKAeTb5hNxaYFAl6GZLYUHGVoYWJrb3N0
 QHJlZGhhdC5jb20ACgkQKAeTb5hNxaax6w/+KHD4spxGmKP7EhI2Kp+Jj4IGZHho
 jkqZAO0npJKGA30bOurHD/wYoBMavBSFPLGtU3TEPnpQunTVdBU0EMlL1wfHSSD4
 VzpIaFZVgfpqg8hibvFlcqUkLBfVuZBDJnPR4yPwbcqPlUrfMp/TO0QsP5Ob6r0X
 0SNNU6Rr9+XnLRGIALVKLidayjaer/I2tnL3esIxaYKs1g/qZtnQbfSEEI56dlJZ
 UlyOzmdKJIFWvl/X6N3nshxIS3S/RIh0oMVBlQF3aKRd99KLejaxEkpRl/zzzUJV
 MOANk6oXQ2XENmKsfNuMPmvMv3ytL/h3ui0/mDUM5yYm/NGFo871h5loybTXm/+F
 mtaZVf7yJtLtIshuMXeDNiT6McSpWfOguAJL6Vng+tKTNJYDVGPtha05jsuO0/NU
 3H4zj7jonUOc7Xmx1EVupOGjwUqfBOYL1MiPQqJmqRtGOxv/C0fNlrEWYkAIKrPH
 UFGkAaUV2r4mMxQ9fiWeLC/rVN3F7G4iO8Z/ml1IdTt2UcHbdw1y28CNesNZFRfz
 n11GDW5zrGXPs6LggKvd8iANqXjSmXFbbI1zLvtrIMMX1KeyvstRZXru3WJgXAiW
 XgyKCCUwaVix27JBBNUQ6GEjBtriP/4ldyCmRRTUjBCSuZQWkqCX59BCP1M9QJgN
 B9rnT8xelsWTm2I=
 =o7ft
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/ehabkost/tags/x86-next-pull-request' into staging

x86 queue for -rc2

Fixes:
* EPYC CPU model APIC ID topology fixes (Babu Moger)
* Fix crash when enabling intel-pt on older machine types
  (Luwei Kang)
* Add missing ARCH_CAPABILITIES bits to Icelake-Server CPU model
  (Xiaoyao Li)

# gpg: Signature made Thu 02 Apr 2020 23:18:30 BST
# gpg:                using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6
# gpg:                issuer "ehabkost@redhat.com"
# gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full]
# Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF  D1AA 2807 936F 984D C5A6

* remotes/ehabkost/tags/x86-next-pull-request:
  target/i386: Add ARCH_CAPABILITIES related bits into Icelake-Server CPU model
  target/i386: set the CPUID level to 0x14 on old machine-type
  i386: Fix pkg_id offset for EPYC cpu models
  target/i386: Enable new apic id encoding for EPYC based cpus models
  hw/i386: Move arch_id decode inside x86_cpus_init
  i386: Introduce use_epyc_apic_id_encoding in X86CPUDefinition
  hw/i386: Introduce apicid functions inside X86MachineState
  target/i386: Cleanup and use the EPYC mode topology functions
  hw/386: Add EPYC mode topology decoding functions

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-03 10:07:27 +01:00
Peter Maydell
5142ca078d Bugfixes for 5.0-rc2.
-----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAl6GNasUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroNHzwf/Vc9i0os2WogOq7FADfAl+Sw9Y/nM
 n0dyuuYDCNIajh0hVkOBtzTRnDVPMbleSMf+jDbqs4Lk+LHZAe3jyEPyY9NgnuuZ
 xDymrSm4HWJJhLWPTLdkAOdN61D4qTUODLuSPTML90EBABYFETaUXpx0ZReg+btS
 hpEepCNUXWzYlV5tf2oO7kilfK34QkcJt5DuIeeHOKzC/bGdrH9dYSl58bFxMxOu
 z8c/rk7XFXFcvgiQIOeuiRchseMjK3yDouS0PDQQiaFSquKb+uE18c/zaKrVUf6h
 +hpveoma3iIIqGaNqyLomu4gsprBtRU++NWgIvyAMTrgj85na0J0OXyDEA==
 =laXu
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

Bugfixes for 5.0-rc2.

# gpg: Signature made Thu 02 Apr 2020 19:57:47 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  xen: fixup RAM memory region initialization
  object-add: don't create return value if failed
  qmp: fix leak on callbacks that return both value and error
  migration: fix cleanup_bh leak on resume
  target/i386: do not set unsupported VMX secondary execution controls
  serial: Fix double migration data
  i386: hvf: Reset IRQ inhibition after moving RIP
  vl: fix broken IPA range for ARM -M virt with KVM enabled
  util/bufferiszero: improve avx2 accelerator
  util/bufferiszero: assign length_to_accel value for each accelerator case
  MAINTAINERS: Add an entry for the HVF accelerator
  softmmu: fix crash with invalid -M memory-backend=
  virtio-iommu: depend on PCI
  hw/isa/superio: Correct the license text
  hw/scsi/vmw_pvscsi: Remove assertion for kick after reset

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-04-02 20:18:25 +01:00
Igor Mammedov
0dc0389fa5 xen: fixup RAM memory region initialization
Since bd457782b3 ("x86/pc: use memdev for RAM") Xen
machine fails to start with:
   qemu-system-i386: xen: failed to populate ram at 0

The reason is that xen_ram_alloc() which is called by
memory_region_init_ram(), compares memory region with
statically allocated 'global' ram_memory memory region
that it uses for RAM, and does nothing in case it matches.

While it's possible feed machine->ram to xen_ram_alloc()
in the same manner to keep that hack working, I'd prefer
not to keep that circular dependency and try to untangle that.

However it doesn't look trivial to fix, so as temporary
fixup opt out Xen machine from memdev based RAM allocation,
and let xen_ram_alloc() do its trick for now.

Reported-by: Anthony PERARD <anthony.perard@citrix.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20200402145418.5139-1-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-02 14:56:29 -04:00
Paolo Bonzini
7f5d9b206d object-add: don't create return value if failed
No need to return an empty value from object-add (it would also leak
if the command failed).  While at it, remove the "if" around object_unref
since object_unref handles NULL arguments just fine.

Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20200325184723.2029630-4-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-02 14:56:10 -04:00
Marc-André Lureau
b3fbb32812 qmp: fix leak on callbacks that return both value and error
Direct leak of 4120 byte(s) in 1 object(s) allocated from:
    #0 0x7fa114931887 in __interceptor_calloc (/lib64/libasan.so.6+0xb0887)
    #1 0x7fa1144ad8f0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x588f0)
    #2 0x561e3c9c8897 in qmp_object_add /home/elmarco/src/qemu/qom/qom-qmp-cmds.c:291
    #3 0x561e3cf48736 in qmp_dispatch /home/elmarco/src/qemu/qapi/qmp-dispatch.c:155
    #4 0x561e3c8efb36 in monitor_qmp_dispatch /home/elmarco/src/qemu/monitor/qmp.c:145
    #5 0x561e3c8f09ed in monitor_qmp_bh_dispatcher /home/elmarco/src/qemu/monitor/qmp.c:234
    #6 0x561e3d08c993 in aio_bh_call /home/elmarco/src/qemu/util/async.c:136
    #7 0x561e3d08d0a5 in aio_bh_poll /home/elmarco/src/qemu/util/async.c:164
    #8 0x561e3d0a535a in aio_dispatch /home/elmarco/src/qemu/util/aio-posix.c:380
    #9 0x561e3d08e3ca in aio_ctx_dispatch /home/elmarco/src/qemu/util/async.c:298
    #10 0x7fa1144a776e in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x5276e)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20200325184723.2029630-3-marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-02 14:55:46 -04:00
Marc-André Lureau
9cbc36497c migration: fix cleanup_bh leak on resume
Since commit 8c6b0356b5 ("util/async:
make bh_aio_poll() O(1)"), migration-test reveals a leak:

QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64
tests/qtest/migration-test  -p /x86_64/migration/postcopy/recovery
tests/qtest/libqtest.c:140: kill_qemu() tried to terminate QEMU
process but encountered exit status 1 (expected 0)

=================================================================
==2082571==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f25971dfc58 in __interceptor_malloc (/lib64/libasan.so.5+0x10dc58)
    #1 0x7f2596d08358 in g_malloc (/lib64/libglib-2.0.so.0+0x57358)
    #2 0x560970d006f8 in qemu_bh_new /home/elmarco/src/qemu/util/main-loop.c:532
    #3 0x5609704afa02 in migrate_fd_connect
/home/elmarco/src/qemu/migration/migration.c:3407
    #4 0x5609704b6b6f in migration_channel_connect
/home/elmarco/src/qemu/migration/channel.c:92
    #5 0x5609704b2bfb in socket_outgoing_migration
/home/elmarco/src/qemu/migration/socket.c:108
    #6 0x560970b9bd6c in qio_task_complete /home/elmarco/src/qemu/io/task.c:196
    #7 0x560970b9aa97 in qio_task_thread_result
/home/elmarco/src/qemu/io/task.c:111
    #8 0x7f2596cfee3a  (/lib64/libglib-2.0.so.0+0x4de3a)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20200325184723.2029630-2-marcandre.lureau@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-02 14:55:45 -04:00
Vitaly Kuznetsov
4a910e1f6a target/i386: do not set unsupported VMX secondary execution controls
Commit 048c95163b ("target/i386: work around KVM_GET_MSRS bug for
secondary execution controls") added a workaround for KVM pre-dating
commit 6defc591846d ("KVM: nVMX: include conditional controls in /dev/kvm
KVM_GET_MSRS") which wasn't setting certain available controls. The
workaround uses generic CPUID feature bits to set missing VMX controls.

It was found that in some cases it is possible to observe hosts which
have certain CPUID features but lack the corresponding VMX control.

In particular, it was reported that Azure VMs have RDSEED but lack
VMX_SECONDARY_EXEC_RDSEED_EXITING; attempts to enable this feature
bit result in QEMU abort.

Resolve the issue but not applying the workaround when we don't have
to. As there is no good way to find out if KVM has the fix itself, use
95c5c7c77c ("KVM: nVMX: list VMX MSRs in KVM_GET_MSR_INDEX_LIST") instead
as these [are supposed to] come together.

Fixes: 048c95163b ("target/i386: work around KVM_GET_MSRS bug for secondary execution controls")
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20200331162752.1209928-1-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-02 14:55:45 -04:00
Dr. David Alan Gilbert
f602d047ac serial: Fix double migration data
After c9808d6028 we have both an object representing the serial-isa
device and a separate object representing the underlying common serial
uart.  Both of these have vmsd's associated with them and thus the
migration stream ends up with two copies of the migration data - the
serial-isa includes the vmstate of the core serial.   Besides
being wrong, it breaks backwards migration compatibility.

Fix this by removing the dc->vmsd from the core device, so it only
gets migrated by any parent devices including it.
Add a vmstate_serial_mm so that any device that uses serial_mm_init
rather than creating a device still gets migrated.
(That doesn't fix backwards migration for serial_mm_init users,
but does seem to work forwards for ppce500).

Fixes: c9808d6028 ('serial: realize the serial device')
Buglink: https://bugs.launchpad.net/qemu/+bug/1869426
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200330164712.198282-1-dgilbert@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-02 14:55:45 -04:00
Roman Bolshakov
ddd31732a7 i386: hvf: Reset IRQ inhibition after moving RIP
The sequence of instructions exposes an issue:
  sti
  hlt

Interrupts cannot be delivered to hvf after hlt instruction cpu because
HF_INHIBIT_IRQ_MASK is set just before hlt is handled and never reset
after moving instruction pointer beyond hlt.

So, after hvf_vcpu_exec() returns, CPU thread gets locked up forever in
qemu_wait_io_event() (cpu_thread_is_idle() evaluates inhibition
flag and considers the CPU idle if the flag is set).

Cc: Cameron Esfahani <dirty@apple.com>
Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200328174411.51491-1-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-02 14:55:45 -04:00
Igor Mammedov
622e99c5cf vl: fix broken IPA range for ARM -M virt with KVM enabled
Commit a1b18df9a4, broke virt_kvm_type() logic, which depends on
maxram_size, ram_size, ram_slots being parsed/set on machine instance
at the time accelerator (KVM) is initialized.

set_memory_options() part was already reverted by commit 2a7b18a320,
so revert remaining initialization of above machine fields to make
virt_kvm_type() work as it used to.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Auger Eric <eric.auger@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <20200326112829.19989-1-imammedo@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-02 14:55:45 -04:00
Christian Borntraeger
5c30ef937f vl/s390x: fixup ram sizes for compat machines
Older QEMU versions did fixup the ram size to match what can be reported
via sclp. We need to mimic this behaviour for machine types 4.2 and
older to not fail on inbound migration for memory sizes that do not fit.
Old machines with proper aligned memory sizes are not affected.

Alignment table:
 VM size (<=) | Alignment
--------------------------
      1020M   |     1M
      2040M   |     2M
      4080M   |     4M
      8160M   |     8M
     16320M   |    16M
     32640M   |    32M
     65280M   |    64M
    130560M   |   128M
    261120M   |   256M
    522240M   |   512M
   1044480M   |     1G
   2088960M   |     2G
   4177920M   |     4G
   8355840M   |     8G

Suggested action is to replace unaligned -m value with a suitable
aligned one or if a change to a newer machine type is possible, use a
machine version >= 5.0.

A future version might remove the compatibility handling.

For machine types >= 5.0 we can simply use an increment size of 1M and
use the full range of increment number which allows for all possible
memory sizes. The old limitation of having a maximum of 1020 increments
was added for standby memory, which we no longer support. With that we
can now support even weird memory sizes like 10001234 MB.

As we no longer fixup maxram_size as well, make other users use ram_size
instead. Keep using maxram_size when setting the maximum ram size in KVM,
as that will come in handy in the future when supporting memory hotplug
(in contrast, storage keys and storage attributes for hotplugged memory
will have to be migrated per RAM block in the future).

Fixes: 3a12fc61af ("390x/s390-virtio-ccw: use memdev for RAM")
Reported-by: Lukáš Doktor <ldoktor@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20200401123754.109602-1-borntraeger@de.ibm.com>
[CH: fixed up message on memory size fixup]
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-04-02 17:10:09 +02:00
Janosch Frank
edd075ae2b s390x: kvm: Fix number of cpu reports for stsi 3.2.2
The cpu number reporting is handled by KVM and QEMU only fills in the
VM name, uuid and other values.

Unfortunately KVM doesn't report reserved cpus and doesn't even know
they exist until the are created via the ioctl.

So let's fix up the cpu values after KVM has written its values to the
3.2.2 sysib. To be consistent, we use the same code to retrieve the cpu
numbers as the STSI TCG code in target/s390x/misc_helper.c:HELPER(stsi).

Signed-off-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20200331110123.3774-1-frankja@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2020-04-02 11:44:17 +02:00
Robert Hoo
8f13a39dc0 util/bufferiszero: improve avx2 accelerator
By increasing avx2 length_to_accel to 128, we can simplify its logic and reduce a
branch.

The authorship of this patch actually belongs to Richard Henderson
<richard.henderson@linaro.org>, I just fixed a boundary case on his
original patch.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
Message-Id: <1585119021-46593-2-git-send-email-robert.hu@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-01 14:24:03 -04:00
Robert Hoo
b87c99d073 util/bufferiszero: assign length_to_accel value for each accelerator case
Because in unit test, init_accel() will be called several times, each with
different accelerator type.

Signed-off-by: Robert Hoo <robert.hu@linux.intel.com>
Message-Id: <1585119021-46593-1-git-send-email-robert.hu@linux.intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-01 14:24:03 -04:00
Roman Bolshakov
674fc21ff6 MAINTAINERS: Add an entry for the HVF accelerator
Cc: Nikita Leshenko <nikita.leshchenko@oracle.com>
Cc: Sergio Andres Gomez Del Real <sergio.g.delreal@gmail.com>
Cc: Patrick Colp <patrick.colp@oracle.com>
Cc: Cameron Esfahani <dirty@apple.com>
Cc: Liran Alon <liran.alon@oracle.com>
Cc: Heiher <r@hev.cc>

Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com>
Message-Id: <20200316171825.42544-1-r.bolshakov@yadro.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-01 14:24:03 -04:00
Marc-André Lureau
4951247d8b softmmu: fix crash with invalid -M memory-backend=
Fixes: fe64d06afc ("vl.c: ensure that
ram_size matches size of machine.memory-backend")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200309145155.168942-1-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-01 14:24:03 -04:00
Paolo Bonzini
3b703feaf8 virtio-iommu: depend on PCI
The virtio-iommu device attaches itself to a PCI bus, so it makes
no sense to include it unless PCI is supported---and in fact
compilation fails without this change.

Reported-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-01 19:00:16 +02:00
Philippe Mathieu-Daudé
b822dfaecd hw/isa/superio: Correct the license text
The license is the 'GNU General Public License v2.0 or later',
not 'and':

  This program is free software; you can redistribute it and/ori
  modify it under the terms of the GNU General Public License as
  published by the Free Software Foundation; either version 2 of
  the License, or (at your option) any later version.

Fix the license comment.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20200312213712.16671-1-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-01 19:00:16 +02:00
Elazar Leibovich
e7ebf057e6 hw/scsi/vmw_pvscsi: Remove assertion for kick after reset
When running Ubuntu 3.13.0-65-generic guest, QEMU sometimes crashes
during guest ACPI reset. It crashes on assert(s->rings_info_valid)
in pvscsi_process_io().

Analyzing the crash revealed that it happens when userspace issues
a sync during a reboot syscall.

Below are backtraces we gathered from the guests.

Guest backtrace when issuing PVSCSI_CMD_ADAPTER_RESET:
    pci_device_shutdown
    device_shutdown
    init_pid_ns
    init_pid_ns
    kernel_power_off
    SYSC_reboot

Guest backtrace when issuing PVSCSI_REG_OFFSET_KICK_RW_IO:
    scsi_done
    scsi_dispatch_cmd
    blk_add_timer
    scsi_request_fn
    elv_rb_add
    __blk_run_queue
    queue_unplugged
    blk_flush_plug_list
    blk_finish_plug
    ext4_writepages
    set_next_entity
    do_writepages
    __filemap_fdatawrite_range
    filemap_write_and_wait_range
    ext4_sync_file
    ext4_sync_file
    do_fsync
    sys_fsync

Since QEMU pvscsi should imitate VMware pvscsi device emulation,
we decided to imitate VMware's behavior in this case.

To check VMware behavior, we wrote a kernel module that issues
a reset to the pvscsi device and then issues a kick. We ran it on
VMware ESXi 6.5 and it seems that it simply ignores the kick.
Hence, we decided to ignore the kick as well.

Signed-off-by: Elazar Leibovich <elazar.leibovich@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Message-Id: <20200315132634.113632-1-liran.alon@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-04-01 19:00:16 +02:00
Xiaoyao Li
d965dc3559 target/i386: Add ARCH_CAPABILITIES related bits into Icelake-Server CPU model
Current Icelake-Server CPU model lacks all the features enumerated by
MSR_IA32_ARCH_CAPABILITIES.

Add them, so that guest of "Icelake-Server" can see all of them.

Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-Id: <20200316095605.12318-1-xiaoyao.li@intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-03-31 19:13:32 -03:00
Luwei Kang
ddc2fc9e4e target/i386: set the CPUID level to 0x14 on old machine-type
The CPUID level need to be set to 0x14 manually on old
machine-type if Intel PT is enabled in guest. E.g. the
CPUID[0].EAX(level)=7 and CPUID[7].EBX[25](intel-pt)=1 when the
Qemu with "-machine pc-i440fx-3.1 -cpu qemu64,+intel-pt" parameter.

Some Intel PT capabilities are exposed by leaf 0x14 and the
missing capabilities will cause some MSRs access failed.
This patch add a warning message to inform the user to extend
the CPUID level.

Suggested-by: Eduardo Habkost <ehabkost@redhat.com>
Signed-off-by: Luwei Kang <luwei.kang@intel.com>
Message-Id: <1584031686-16444-1-git-send-email-luwei.kang@intel.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-03-31 19:13:32 -03:00
Babu Moger
7b225762c8 i386: Fix pkg_id offset for EPYC cpu models
If the system is numa configured the pkg_offset needs
to be adjusted for EPYC cpu models. Fix it calling the
model specific handler.

Signed-off-by: Babu Moger <babu.moger@amd.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <158396725589.58170.16424607815207074485.stgit@naples-babu.amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-03-31 19:13:32 -03:00
Babu Moger
247b18c593 target/i386: Enable new apic id encoding for EPYC based cpus models
The APIC ID is decoded based on the sequence sockets->dies->cores->threads.
This works fine for most standard AMD and other vendors' configurations,
but this decoding sequence does not follow that of AMD's APIC ID enumeration
strictly. In some cases this can cause CPU topology inconsistency.

When booting a guest VM, the kernel tries to validate the topology, and finds
it inconsistent with the enumeration of EPYC cpu models. The more details are
in the bug https://bugzilla.redhat.com/show_bug.cgi?id=1728166.

To fix the problem we need to build the topology as per the Processor
Programming Reference (PPR) for AMD Family 17h Model 01h, Revision B1
Processors. The documentation is available from the bugzilla Link below.

Link: https://bugzilla.kernel.org/show_bug.cgi?id=206537
It is also available at
https://www.amd.com/system/files/TechDocs/55570-B1_PUB.zip

Here is the text from the PPR.
Operating systems are expected to use Core::X86::Cpuid::SizeId[ApicIdSize], the
number of least significant bits in the Initial APIC ID that indicate core ID
within a processor, in constructing per-core CPUID masks.
Core::X86::Cpuid::SizeId[ApicIdSize] determines the maximum number of cores
(MNC) that the processor could theoretically support, not the actual number of
cores that are actually implemented or enabled on the processor, as indicated
by Core::X86::Cpuid::SizeId[NC].
Each Core::X86::Apic::ApicId[ApicId] register is preset as follows:
• ApicId[6] = Socket ID.
• ApicId[5:4] = Node ID.
• ApicId[3] = Logical CCX L3 complex ID
• ApicId[2:0]= (SMT) ? {LogicalCoreID[1:0],ThreadId} : {1'b0,LogicalCoreID[1:0]}

The new apic id encoding is enabled for EPYC and EPYC-Rome models.

Signed-off-by: Babu Moger <babu.moger@amd.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <158396724913.58170.3539083528095710811.stgit@naples-babu.amd.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-03-31 19:13:32 -03:00