summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
| * | build: fix macOS --enable-modules buildPaolo Bonzini2020-10-222-7/+6Star
| |/ | | | | | | | | | | | | | | | | | | | | | | Apple's nm implementation includes empty lines in the output that are not found in GNU binutils. This confuses scripts/undefsym.py, though it did not confuse the scripts/undefsym.sh script that it replaced. To fix this, ignore lines that do not have two fields. Reported-by: Emmanuel Blot <eblot.ml@gmail.com> Tested-by: Emmanuel Blot <eblot.ml@gmail.com> Fixes: 604f3e4e90 ("meson: Convert undefsym.sh to undefsym.py", 2020-09-08) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20201026' into stagingPeter Maydell2020-10-266-7/+15
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | some s390x fixes # gpg: Signature made Mon 26 Oct 2020 10:46:50 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20201026: s390x: pv: Fix diag318 PV fencing s390x: pv: Remove sclp boundary checks s390x/s390-virtio-ccw: Reset PCI devices during subsystem reset Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | s390x: pv: Fix diag318 PV fencingJanosch Frank2020-10-224-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Diag318 fencing needs to be determined on the current VM PV state and not on the state that the VM has when we create the CPU model. Fixes: fabdada935 ("s390: guest support for diagnose 0x318") Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Collin Walling <walling@linux.ibm.com> Acked-by: David Hildenbrand <david@redhat.com> Message-Id: <20201022103135.126033-3-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
| * | s390x: pv: Remove sclp boundary checksJanosch Frank2020-10-221-5/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The SCLP boundary cross check is done by the Ultravisor for a protected guest, hence we don't need to do it. As QEMU doesn't get a valid SCCB address in protected mode this is even problematic and can lead to QEMU reporting a false boundary cross error. Fixes: db13387ca0 ("s390/sclp: rework sclp boundary checks") Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Janosch Frank <frankja@linux.ibm.com> Tested-by: Marc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Collin Walling <walling@linux.ibm.com> Acked-by: Halil Pasic <pasic@linux.ibm.com> Acked-by: David Hildenbrand <david@redhat.com> Message-Id: <20201022103135.126033-2-frankja@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
| * | s390x/s390-virtio-ccw: Reset PCI devices during subsystem resetMatthew Rosato2020-10-221-0/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently, a subsystem reset event leaves PCI devices enabled, causing issues post-reset in the guest (an example would be after a kexec). These devices need to be reset during a subsystem reset, allowing them to be properly re-enabled afterwards. Add the S390 PCI host bridge to the list of qdevs to be reset during subsystem reset. Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com> Reviewed-by: Eric Farman <farman@linux.ibm.com> Acked-by: Halil Pasic <pasic@linux.ibm.com> Acked-by: Christian Borntraeger <borntraeger@de.ibm.com> Cc: qemu-stable@nongnu.org Message-Id: <1602767767-32713-1-git-send-email-mjrosato@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>
* | Merge remote-tracking branch ↵Peter Maydell2020-10-2631-65/+1550
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/huth-gitlab/tags/pull-request-2020-10-26' into staging * qtest fixes (e.g. memory leaks) * Fix for Xen dummy cpu loop (which happened due to qtest accel rework) * Introduction of the generic device fuzzer * Run more check-acceptance tests in the gitlab-CI # gpg: Signature made Mon 26 Oct 2020 09:34:04 GMT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * remotes/huth-gitlab/tags/pull-request-2020-10-26: (31 commits) tests/acceptance: Use .ppm extention for Portable PixMap files tests/acceptance: Remove unused import test/docker/dockerfiles: Add missing packages for acceptance tests tests/acceptance: Enable AVOCADO_ALLOW_UNTRUSTED_CODE in the gitlab-CI test/acceptance: Remove the CONTINUOUS_INTEGRATION tags tests/acceptance/ppc_prep_40p: Fix the URL to the NetBSD-4.0 archive scripts/oss-fuzz: ignore the generic-fuzz target scripts/oss-fuzz: use hardlinks instead of copying fuzz: register predefined generic-fuzz configs fuzz: add generic-fuzz configs for oss-fuzz fuzz: add an "opaque" to the FuzzTarget struct fuzz: Add instructions for using generic-fuzz scripts/oss-fuzz: Add crash trace minimization script scripts/oss-fuzz: Add script to reorder a generic-fuzzer trace fuzz: add a crossover function to generic-fuzzer fuzz: add a DISABLE_PCI op to generic-fuzzer fuzz: Add support for custom crossover functions fuzz: Add fuzzer callbacks to DMA-read functions fuzz: Declare DMA Read callback function fuzz: Add DMA support to the generic-fuzzer ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | tests/acceptance: Use .ppm extention for Portable PixMap filesPhilippe Mathieu-Daudé2020-10-261-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The HMP 'screendump' command generates Portable PixMap files. Make it obvious by using the .ppm file extention. Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201021105035.2477784-3-f4bug@amsat.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | tests/acceptance: Remove unused importPhilippe Mathieu-Daudé2020-10-261-1/+0Star
| | | | | | | | | | | | | | | | | | | | | Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201021105035.2477784-2-f4bug@amsat.org> Tested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | test/docker/dockerfiles: Add missing packages for acceptance testsThomas Huth2020-10-264-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Some of the "check-acceptance" tests are still skipped in the CI since the docker images do not provide the necessary packages, e.g. the netcat binary. Add them to get more test coverage. Message-Id: <20201023073351.251332-5-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | tests/acceptance: Enable AVOCADO_ALLOW_UNTRUSTED_CODE in the gitlab-CIThomas Huth2020-10-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | The tests are running in containers here, so it should be OK to run with AVOCADO_ALLOW_UNTRUSTED_CODE enabled in this case. Message-Id: <20201023073351.251332-4-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | test/acceptance: Remove the CONTINUOUS_INTEGRATION tagsThomas Huth2020-10-261-2/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | We are not running the acceptance tests on Travis anymore, so these checks can be removed now. Message-Id: <20201023073351.251332-3-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | tests/acceptance/ppc_prep_40p: Fix the URL to the NetBSD-4.0 archiveThomas Huth2020-10-261-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | The current URL on cdn.netbsd.org is failing - using archive.netbsd.org instead seems to be fine. Message-Id: <20201023073351.251332-2-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | scripts/oss-fuzz: ignore the generic-fuzz targetAlexander Bulekov2020-10-261-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | generic-fuzz is not a standalone fuzzer - it requires some env variables to be set. On oss-fuzz, we set these with some predefined generic-fuzz-{...} targets, that are thin wrappers around generic-fuzz. Do not make a link for the generic-fuzz from the oss-fuzz build, so oss-fuzz does not treat it as a standalone fuzzer. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-18-alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> [thuth: Reformatted one comment to stay within the 80 columns limit] Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | scripts/oss-fuzz: use hardlinks instead of copyingAlexander Bulekov2020-10-261-1/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this, fuzzers in the output oss-fuzz directory were exactly the same executable, with a different name to do argv[0]-based fuzz-target selection. This is a waste of space, especially since these binaries can weigh many MB. Instead of copying, use hard links, to cut down on wasted space. We need to place the primary copy of the executable into DEST_DIR, since this is a separate file-system on oss-fuzz. We should not place it directly into $DEST_DIR, since oss-fuzz will treat it as an independent fuzzer and try to run it for fuzzing. Instead, we create a DEST_DIR/bin directory to store the primary copy. Suggested-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-17-alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: register predefined generic-fuzz configsAlexander Bulekov2020-10-261-0/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We call get_generic_fuzz_configs, which fills an array with predefined {name, args, objects} triples. For each of these, we add a new FuzzTarget, that uses a small wrapper to set QEMU_FUZZ_{ARGS,OBJECTS} to the corresponding predefined values. Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-16-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: add generic-fuzz configs for oss-fuzzAlexander Bulekov2020-10-261-0/+121
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Predefine some generic-fuzz configs. For each of these, we will create a separate FuzzTarget that can be selected through argv0 and, therefore, fuzzed on oss-fuzz. Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-15-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: add an "opaque" to the FuzzTarget structAlexander Bulekov2020-10-261-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It can be useful to register FuzzTargets that have nearly-identical initialization handlers (e.g. for using the same fuzzing code, with different configuration options). Add an opaque pointer to the FuzzTarget struct, so that FuzzTargets can hold some data, useful for storing target-specific configuration options, that can be read by the get_init_cmdline function. Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-14-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: Add instructions for using generic-fuzzAlexander Bulekov2020-10-261-0/+39
| | | | | | | | | | | | | | | | | | | | | Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-13-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | scripts/oss-fuzz: Add crash trace minimization scriptAlexander Bulekov2020-10-261-0/+157
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Once we find a crash, we can convert it into a QTest trace. Usually this trace will contain many operations that are unneeded to reproduce the crash. This script tries to minimize the crashing trace, by removing operations and trimming QTest bufwrite(write addr len data...) commands. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-12-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | scripts/oss-fuzz: Add script to reorder a generic-fuzzer traceAlexander Bulekov2020-10-261-0/+103
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The generic-fuzzer uses hooks to fulfill DMA requests just-in-time. This means that if we try to use QTEST_LOG=1 to build a reproducer, the DMA writes will be logged _after_ the in/out/read/write that triggered the DMA read. To work work around this, the generic-fuzzer annotates these just-in time DMA fulfilments with a tag that we can use to discern them. This script simply iterates over a raw qtest trace (including log messages, errors, timestamps etc), filters it and re-orders it so that DMA fulfillments are placed directly _before_ the qtest command that will cause the DMA access. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-11-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: add a crossover function to generic-fuzzerAlexander Bulekov2020-10-261-0/+86
| | | | | | | | | | | | | | | | | | | | | Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-10-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: add a DISABLE_PCI op to generic-fuzzerAlexander Bulekov2020-10-261-2/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This new operation is used in the next commit, which concatenates two fuzzer-generated inputs. With this operation, we can prevent the second input from clobbering the PCI configuration performed by the first. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-9-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: Add support for custom crossover functionsAlexander Bulekov2020-10-262-0/+40
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | libfuzzer supports a "custom crossover function". Libfuzzer often tries to blend two inputs to create a new interesting input. Sometimes, we have a better idea about how to blend inputs together. This change allows fuzzers to specify a custom function for blending two inputs together. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-8-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: Add fuzzer callbacks to DMA-read functionsAlexander Bulekov2020-10-265-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should be careful to not call any functions besides fuzz_dma_read_cb. Without --enable-fuzzing, fuzz_dma_read_cb is an empty inlined function. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-7-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: Declare DMA Read callback functionAlexander Bulekov2020-10-262-0/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch declares the fuzz_dma_read_cb function and uses the preprocessor and linker(weak symbols) to handle these cases: When we build softmmu/all with --enable-fuzzing, there should be no strong symbol defined for fuzz_dma_read_cb, and we link against a weak stub function. When we build softmmu/fuzz with --enable-fuzzing, we link against the strong symbol in generic_fuzz.c When we build softmmu/all without --enable-fuzzing, fuzz_dma_read_cb is an empty, inlined function. As long as we don't call any other functions when building the arguments, there should be no overhead. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-6-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: Add DMA support to the generic-fuzzerAlexander Bulekov2020-10-262-0/+237
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When a virtual-device tries to access some buffer in memory over DMA, we add call-backs into the fuzzer(next commit). The fuzzer checks verifies that the DMA request maps to a physical RAM address and fills the memory with fuzzer-provided data. The patterns that we use to fill this memory are specified using add_dma_pattern and clear_dma_patterns operations. Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-5-alxndr@bu.edu> [thuth: Reformatted one comment according to the QEMU coding style] Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: Add PCI features to the generic fuzzerAlexander Bulekov2020-10-241-0/+81
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This patch compares TYPE_PCI_DEVICE objects against the user-provided matching pattern. If there is a match, we use some hacks and leverage QOS to map each possible BAR for that device. Now fuzzed inputs might be converted to pci_read/write commands which target specific. This means that we can fuzz a particular device's PCI configuration space, Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201023150746.107063-4-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | fuzz: Add generic virtual-device fuzzerAlexander Bulekov2020-10-242-0/+517
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is a generic fuzzer designed to fuzz a virtual device's MemoryRegions, as long as they exist within the Memory or Port IO (if it exists) AddressSpaces. The fuzzer's input is interpreted into a sequence of qtest commands (outb, readw, etc). The interpreted commands are separated by a magic seaparator, which should be easy for the fuzzer to guess. Without ASan, the separator can be specified as a "dictionary value" using the -dict argument (see libFuzzer documentation). Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-3-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | memory: Add FlatView foreach functionAlexander Bulekov2020-10-242-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201023150746.107063-2-alxndr@bu.edu> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | libqtest: fix memory leak in the qtest_qmp_event_refMaxim Levitsky2020-10-241-7/+4Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The g_list_remove_link doesn't free the link element, opposed to what I thought. Switch to g_list_delete_link that does free it. Also refactor the code a bit. Thanks for Max Reitz for helping me with this. Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20201019163702.471239-4-mlevitsk@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | libqtest: fix the order of buffered eventsMaxim Levitsky2020-10-241-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | By a mistake I added the pending events in a wrong order. Fix this by using g_list_append. Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20201019163702.471239-3-mlevitsk@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | tests/qtest: Make npcm7xx_timer-test conditional on CONFIG_NPCM7XXHavard Skinnemoen2020-10-241-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | This test won't work if qemu was compiled without CONFIG_NPCM7XX, as pointed out by Thomas Huth on a different patch. Signed-off-by: Havard Skinnemoen <hskinnemoen@google.com> Message-Id: <20201023210637.351238-2-hskinnemoen@google.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | accel: Add xen CpusAccel using dummy-cpusJason Andryuk2020-10-242-0/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Xen was broken by commit 1583a3898853 ("cpus: extract out qtest-specific code to accel/qtest"). Xen relied on qemu_init_vcpu() calling qemu_dummy_start_vcpu() in the default case, but that was replaced by g_assert_not_reached(). Add a minimal "CpusAccel" for Xen using the dummy-cpus implementation used by qtest. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Message-Id: <20201013140511.5681-4-jandryuk@gmail.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Claudio Fontana <cfontana@suse.de> Acked-by: Anthony PERARD <anthony.perard@citrix.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | accel: move qtest CpusAccel functions to a common locationJason Andryuk2020-10-246-37/+18Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Move and rename accel/qtest/qtest-cpus.c files to accel/dummy-cpus.c so it can be re-used by Xen. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Message-Id: <20201013140511.5681-3-jandryuk@gmail.com> Reviewed-by: Claudio Fontana <cfontana@suse.de> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | accel: Remove _WIN32 ifdef from qtest-cpus.cJason Andryuk2020-10-241-5/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | dummy-cpus.c is only compiled with CONFIG_POSIX, so the _WIN32 condition will never evaluate true. Remove it. Signed-off-by: Jason Andryuk <jandryuk@gmail.com> Message-Id: <20201013140511.5681-2-jandryuk@gmail.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | tests/qtest/libqtest: Fix detection of architecture for binaries without pathThomas Huth2020-10-241-2/+7
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The qtests can be run directly by specifying the QEMU binary with the QTEST_QEMU_BINARY environment variable, for example: $ QTEST_QEMU_BINARY=x86_64-softmmu/qemu-system-x86_64 tests/qtest/test-hmp However, if you specify a binary without a path, for example with QTEST_QEMU_BINARY=qemu-system-x86_64 if the QEMU binary is in your $PATH, then the test currently simply crashes. Let's try a little bit smarter here by looking for the final '-' instead of the slash. Message-Id: <20201012114816.43546-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | tests/migration: fix memleak in wait_command/wait_command_fdChen Qun2020-10-241-4/+12
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Properly free each command resp to avoid memory leak. ASAN shows memory leak stack: Indirect leak of 2352520 byte(s) in 571 object(s) allocated from: #0 0x7f6ca3308d4e in __interceptor_calloc (/lib64/libasan.so.5+0x112d4e) #1 0x7f6ca3127a50 in g_malloc0 (/lib64/libglib-2.0.so.0+0x55a50) #2 0x557bf3c71d2b in qdict_new ../qobject/qdict.c:29 #3 0x557bf3c9caba in parse_object ../qobject/json-parser.c:318 #4 0x557bf3c9ce75 in json_parser_parse ../qobject/json-parser.c:580 #5 0x557bf3c8c8cf in json_message_process_token ../qobject/json-streamer.c:92 #6 0x557bf3c9ea59 in json_lexer_feed_char ../qobject/json-lexer.c:313 #7 0x557bf3c9eeb5 in json_lexer_feed ../qobject/json-lexer.c:350 #8 0x557bf3c4793a in qmp_fd_receive ../tests/qtest/libqtest.c:608 #9 0x557bf3c47b58 in qtest_qmp_receive ../tests/qtest/libqtest.c:618 #10 0x557bf3c44245 in wait_command ../tests/qtest/migration-helpers.c:59 #11 0x557bf3c445cb in migrate_query_status ../tests/qtest/migration-helpers.c:108 #12 0x557bf3c44642 in check_migration_status ../tests/qtest/migration-helpers.c:124 #13 0x557bf3c447e7 in wait_for_migration_status ../tests/qtest/migration-helpers.c:148 #14 0x557bf3c43b8f in test_migrate_auto_converge ../tests/qtest/migration-test.c:1243 ...... Fix: 5e34005571af5 Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Message-Id: <20201023061218.2080844-2-kuhn.chenqun@huawei.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
* | Merge remote-tracking branch ↵Peter Maydell2020-10-2614-55/+238
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/alistair/tags/pull-riscv-to-apply-20201023' into staging A collection of RISC-V fixes for the next QEMU release. This includes: - Improvements to logging output - Hypervisor instruction fixups - The ability to load a noMMU kernel - SiFive OTP support # gpg: Signature made Fri 23 Oct 2020 16:13:57 BST # gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054 # gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [full] # Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054 * remotes/alistair/tags/pull-riscv-to-apply-20201023: hw/misc/sifive_u_otp: Add backend drive support hw/misc/sifive_u_otp: Add write function and write-once protection target/riscv: raise exception to HS-mode at get_physical_address hw/riscv: Load the kernel after the firmware hw/riscv: Add a riscv_is_32_bit() function hw/riscv: Return the end address of the loaded firmware hw/riscv: sifive_u: Allow specifying the CPU target/riscv: Fix implementation of HLVX.WU instruction target/riscv: Fix update of hstatus.GVA in riscv_cpu_do_interrupt target/riscv: Fix update of hstatus.SPVP hw/intc: Move sifive_plic.h to the include directory riscv: Convert interrupt logs to use qemu_log_mask() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/misc/sifive_u_otp: Add backend drive supportGreen Wan2020-10-222-0/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add '-drive' support to OTP device. Allow users to assign a raw file as OTP image. test commands for 16k otp.img filled with zero: $ dd if=/dev/zero of=./otp.img bs=1k count=16 $ ./qemu-system-riscv64 -M sifive_u -m 256M -nographic -bios none \ -kernel ../opensbi/build/platform/sifive/fu540/firmware/fw_payload.elf \ -d guest_errors -drive if=none,format=raw,file=otp.img Signed-off-by: Green Wan <green.wan@sifive.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201020033732.12921-3-green.wan@sifive.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| * | hw/misc/sifive_u_otp: Add write function and write-once protectionGreen Wan2020-10-222-1/+32
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | - Add write operation to update fuse data bit when PWE bit is on. - Add array, fuse_wo, to store the 'written' status for all bits of OTP to block the write operation. Signed-off-by: Green Wan <green.wan@sifive.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-id: 20201020033732.12921-2-green.wan@sifive.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| * | target/riscv: raise exception to HS-mode at get_physical_addressYifei Jiang2020-10-222-12/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | VS-stage translation at get_physical_address needs to translate pte address by G-stage translation. But the G-stage translation error can not be distinguished from VS-stage translation error in riscv_cpu_tlb_fill. On migration, destination needs to rebuild pte, and this G-stage translation error must be handled by HS-mode. So introduce TRANSLATE_STAGE2_FAIL so that riscv_cpu_tlb_fill could distinguish and raise it to HS-mode. Signed-off-by: Yifei Jiang <jiangyifei@huawei.com> Signed-off-by: Yipeng Yin <yinyipeng1@huawei.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201014101728.848-1-jiangyifei@huawei.com [ Change by AF: - Clarify the fault_pte_addr shift ] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| * | hw/riscv: Load the kernel after the firmwareAlistair Francis2020-10-227-15/+45
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of loading the kernel at a hardcoded start address, let's load the kernel at the next aligned address after the end of the firmware. This should have no impact for current users of OpenSBI, but will allow loading a noMMU kernel at the start of memory. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-id: 46c00c4f15b42feb792090e3d74359e180a6d954.1602634524.git.alistair.francis@wdc.com
| * | hw/riscv: Add a riscv_is_32_bit() functionAlistair Francis2020-10-222-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-id: 4c6a85dfb6dd470aa79356ebc1b02f479c2758e0.1602634524.git.alistair.francis@wdc.com
| * | hw/riscv: Return the end address of the loaded firmwareAlistair Francis2020-10-222-15/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Instead of returning the unused entry address from riscv_load_firmware() instead return the end address. Also return the end address from riscv_find_and_load_firmware(). This tells the caller if a firmware was loaded and how big it is. This can be used to determine the load address of the next image (usually the kernel). Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-id: 558cf67162342d65a23262248b040563716628b2.1602634524.git.alistair.francis@wdc.com
| * | hw/riscv: sifive_u: Allow specifying the CPUAlistair Francis2020-10-222-5/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Allow the user to specify the main application CPU for the sifive_u machine. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Palmer Dabbelt <palmerdabbelt@google.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-id: b8412086c8aea0eff30fb7a17f0acf2943381b6a.1602634524.git.alistair.francis@wdc.com
| * | target/riscv: Fix implementation of HLVX.WU instructionGeorg Kotheimer2020-10-221-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The HLVX.WU instruction is supposed to read a machine word, but prior to this change it read a byte instead. Fixes: 8c5362acb57 ("target/riscv: Allow generating hlv/hlvx/hsv instructions") Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201013172223.443645-1-georg.kotheimer@kernkonzept.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| * | target/riscv: Fix update of hstatus.GVA in riscv_cpu_do_interruptGeorg Kotheimer2020-10-221-1/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The hstatus.GVA bit was not set if the faulting guest virtual address was zero. Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201013173054.451135-1-georg.kotheimer@kernkonzept.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| * | target/riscv: Fix update of hstatus.SPVPGeorg Kotheimer2020-10-221-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When trapping from virt into HS mode, hstatus.SPVP was set to the value of sstatus.SPP, as according to the specification both flags should be set to the same value. However, the assignment of SPVP takes place before SPP itself is updated, which results in SPVP having an outdated value. Signed-off-by: Georg Kotheimer <georg.kotheimer@kernkonzept.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20201013151054.396481-1-georg.kotheimer@kernkonzept.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| * | hw/intc: Move sifive_plic.h to the include directoryBin Meng2020-10-221-0/+0
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since sifive_plic.h is used by hw/intc/sifive_plic.c, it has to be in the public include directory. Move it. Fixes: 84fcf3c15111 ("hw/riscv: Move sifive_plic model to hw/intc") Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 1602578033-68384-1-git-send-email-bmeng.cn@gmail.com Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
| * | riscv: Convert interrupt logs to use qemu_log_mask()Alistair Francis2020-10-222-2/+7
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | Currently we log interrupts and exceptions using the trace backend in riscv_cpu_do_interrupt(). We also log exceptions using the interrupt log mask (-d int) in riscv_raise_exception(). This patch converts riscv_cpu_do_interrupt() to log both interrupts and exceptions with the interrupt log mask, so that both are printed when a user runs QEMU with -d int. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 29a8c766c7c4748d0f2711c3a0abb81208138c5e.1601652179.git.alistair.francis@wdc.com