summaryrefslogtreecommitdiffstats
path: root/include/qemu
Commit message (Collapse)AuthorAgeFilesLines
* accel/tcg: allow plugin instrumentation to be disable via cflagsAlex Bennée2021-02-181-0/+4
| | | | | | | | | | | | | | | | | | | When icount is enabled and we recompile an MMIO access we end up double counting the instruction execution. To avoid this we introduce the CF_MEMI cflag which only allows memory instrumentation for the next TB (which won't yet have been counted). As this is part of the hashed compile flags we will only execute the generated TB while coming out of a cpu_io_recompile. While we are at it delete the old TODO. We might as well keep the translation handy as it's likely you will repeatedly hit it on each MMIO access. Reported-by: Aaron Lindsay <aaron@os.amperecomputing.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Aaron Lindsay <aaron@os.amperecomputing.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210213130325.14781-21-alex.bennee@linaro.org>
* exec: Move TranslationBlock typedef to qemu/typedefs.hRichard Henderson2021-02-181-0/+1
| | | | | | | | | | | | This also means we don't need an extra declaration of the structure in hw/core/cpu.h. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20210208233906.479571-2-richard.henderson@linaro.org> Message-Id: <20210213130325.14781-11-alex.bennee@linaro.org>
* plugins: add API to return a name for a IO deviceAlex Bennée2021-02-181-0/+6
| | | | | | | | | | This may well end up being anonymous but it should always be unique. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Clement Deschamps <clement.deschamps@greensocs.com> Reviewed-by: Emilio G. Cota <cota@braap.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210213130325.14781-3-alex.bennee@linaro.org>
* bswap.h: Remove unused float-access functionsPeter Maydell2021-02-151-60/+0Star
| | | | | | | | | | | | | The float-access functions stfl_*, stfq*, ldfl* and ldfq* are now unused; remove them. (Accesses to float64 and float32 types can be made with the ldl/stl/ldq/stq functions, as float64 and float32 are guaranteed to be typedefs for normal integer types.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20210208113428.7181-6-peter.maydell@linaro.org> Message-Id: <20210211122750.22645-15-alex.bennee@linaro.org>
* job: add .cancel handler for the driverVladimir Sementsov-Ogievskiy2021-02-121-0/+5
| | | | | | | | | | To be used in mirror in the following commit to cancel in-flight io on target to not waste the time. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20210205163720.887197-5-vsementsov@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
* memory: alloc RAM from file at offsetJagannathan Raman2021-02-091-1/+3
| | | | | | | | | | | | | Allow RAM MemoryRegion to be created from an offset in a file, instead of allocating at offset of 0 by default. This is needed to synchronize RAM between QEMU & remote process. Signed-off-by: Jagannathan Raman <jag.raman@oracle.com> Signed-off-by: John G Johnson <john.g.johnson@oracle.com> Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 609996697ad8617e3b01df38accc5c208c24d74e.1611938319.git.jag.raman@oracle.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell2021-02-091-0/+1
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging * Fuzzing improvements (Qiuhao, Alexander) * i386: Fix BMI decoding for instructions with the 0x66 prefix (David) * initial attempt at fixing event_notifier emulation (Maxim) * i386: PKS emulation, fix for "qemu-system-i386 -cpu host" (myself) * meson: RBD test fixes (myself) * meson: TCI warnings (Philippe) * Leaner build for --disable-guest-agent, --disable-system and --disable-tools (Philippe, Stefan) * --enable-tcg-interpreter fix (Richard) * i386: SVM feature bits (Wei) * KVM bugfix (Thomas H.) * Add missing MemoryRegionOps callbacks (PJP) # gpg: Signature made Mon 08 Feb 2021 14:15:35 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (46 commits) target/i386: Expose VMX entry/exit load pkrs control bits target/i386: Add support for save/load IA32_PKRS MSR imx7-ccm: add digprog mmio write method tz-ppc: add dummy read/write methods spapr_pci: add spapr msi read method nvram: add nrf51_soc flash read method prep: add ppc-parity write method vfio: add quirk device write method pci-host: designware: add pcie-msi read method hw/pci-host: add pci-intack write method cpu-throttle: Remove timer_mod() from cpu_throttle_set() replay: rng-builtin support pc-bios/descriptors: fix paths in json files replay: fix replay of the interrupts accel/kvm/kvm-all: Fix wrong return code handling in dirty log code qapi/meson: Restrict UI module to system emulation and tools qapi/meson: Restrict system-mode specific modules qapi/meson: Remove QMP from user-mode emulation qapi/meson: Restrict qdev code to system-mode emulation meson: Restrict emulation code ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * event_notifier: handle initialization failure betterMaxim Levitsky2021-02-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | Add 'initialized' field and use it to avoid touching event notifiers which are either not initialized or if their initialization failed. This is somewhat a hack, but it seems the less intrusive way to make virtio code deal with event notifiers that failed initialization. Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com> Message-Id: <20201217150040.906961-4-mlevitsk@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Merge remote-tracking branch ↵Peter Maydell2021-02-081-0/+35
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/dgilbert/tags/pull-migration-20210208a' into staging Migration pull 2021-02-08 v2 Dropped vmstate: Fix memory leak in vmstate_handle_alloc Broke on Power Added migration: only check page size match if RAM postcopy is enabled # gpg: Signature made Mon 08 Feb 2021 11:28:14 GMT # gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full] # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20210208a: (27 commits) migration: only check page size match if RAM postcopy is enabled migration: introduce snapshot-{save, load, delete} QMP commands iotests: fix loading of common.config from tests/ subdir iotests: add support for capturing and matching QMP events migration: introduce a delete_snapshot wrapper migration: wire up support for snapshot device selection migration: control whether snapshots are ovewritten block: rename and alter bdrv_all_find_snapshot semantics block: allow specifying name of block device for vmstate storage block: add ability to specify list of blockdevs during snapshot migration: stop returning errno from load_snapshot() migration: Make save_snapshot() return bool, not 0/-1 block: push error reporting into bdrv_all_*_snapshot functions migration: Display the migration blockers migration: Add blocker information migration: Fix a few absurdly defective error messages migration: Fix cache_init()'s "Failed to allocate" error messages migration: Clean up signed vs. unsigned XBZRLE cache-size migration: Fix migrate-set-parameters argument validation migration: introduce 'userfaultfd-wrlat.py' script ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * migration: introduce UFFD-WP low-level interface helpersAndrey Gruzdev2021-02-081-0/+35
| | | | | | | | | | | | | | | | | | | | | | | | Glue code to the userfaultfd kernel implementation. Querying feature support, createing file descriptor, feature control, memory region registration, IOCTLs on registered registered regions. Signed-off-by: Andrey Gruzdev <andrey.gruzdev@virtuozzo.com> Reviewed-by: Peter Xu <peterx@redhat.com> Message-Id: <20210129101407.103458-3-andrey.gruzdev@virtuozzo.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Fixed up range.start casting for 32bit
* | Merge remote-tracking branch 'remotes/dg-gitlab/tags/cgs-pull-request' into ↵Peter Maydell2021-02-081-0/+1
|\ \ | |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging Generalize memory encryption models A number of hardware platforms are implementing mechanisms whereby the hypervisor does not have unfettered access to guest memory, in order to mitigate the security impact of a compromised hypervisor. AMD's SEV implements this with in-cpu memory encryption, and Intel has its own memory encryption mechanism. POWER has an upcoming mechanism to accomplish this in a different way, using a new memory protection level plus a small trusted ultravisor. s390 also has a protected execution environment. The current code (committed or draft) for these features has each platform's version configured entirely differently. That doesn't seem ideal for users, or particularly for management layers. AMD SEV introduces a notionally generic machine option "machine-encryption", but it doesn't actually cover any cases other than SEV. This series is a proposal to at least partially unify configuration for these mechanisms, by renaming and generalizing AMD's "memory-encryption" property. It is replaced by a "confidential-guest-support" property pointing to a platform specific object which configures and manages the specific details. Note to Ram Pai: the documentation I've included for PEF is very minimal. If you could send a patch expanding on that, it would be very helpful. Changes since v8: * Rebase * Fixed some cosmetic typos Changes since v7: * Tweaked and clarified meaning of the 'ready' flag * Polished the interface to the PEF internals * Shifted initialization for s390 PV later (I hope I've finally got this after apply_cpu_model() where it needs to be) Changes since v6: * Moved to using OBJECT_DECLARE_TYPE and OBJECT_DEFINE_TYPE macros * Assorted minor fixes Changes since v5: * Renamed from "securable guest memory" to "confidential guest support" * Simpler reworking of x86 boot time flash encryption * Added a bunch of documentation * Fixed some compile errors on POWER Changes since v4: * Renamed from "host trust limitation" to "securable guest memory", which I think is marginally more descriptive * Re-organized initialization, because the previous model called at kvm_init didn't work for s390 * Assorted fixes to the s390 implementation; rudimentary testing (gitlab CI) only Changes since v3: * Rebased * Added first cut at handling of s390 protected virtualization Changes since RFCv2: * Rebased * Removed preliminary SEV cleanups (they've been merged) * Changed name to "host trust limitation" * Added migration blocker to the PEF code (based on SEV's version) Changes since RFCv1: * Rebased * Fixed some errors pointed out by Dave Gilbert # gpg: Signature made Mon 08 Feb 2021 06:07:27 GMT # gpg: using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full] # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full] # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full] # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown] # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dg-gitlab/tags/cgs-pull-request: s390: Recognize confidential-guest-support option confidential guest support: Alter virtio default properties for protected guests spapr: PEF: prevent migration spapr: Add PEF based confidential guest support confidential guest support: Update documentation confidential guest support: Move SEV initialization into arch specific code confidential guest support: Introduce cgs "ready" flag sev: Add Error ** to sev_kvm_init() confidential guest support: Rework the "memory-encryption" property confidential guest support: Move side effect out of machine_set_memory_encryption() sev: Remove false abstraction of flash encryption confidential guest support: Introduce new confidential guest support class qom: Allow optional sugar props Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * confidential guest support: Introduce new confidential guest support classDavid Gibson2021-02-081-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Several architectures have mechanisms which are designed to protect guest memory from interference or eavesdropping by a compromised hypervisor. AMD SEV does this with in-chip memory encryption and Intel's TDX can do similar things. POWER's Protected Execution Framework (PEF) accomplishes a similar goal using an ultravisor and new memory protection features, instead of encryption. To (partially) unify handling for these, this introduces a new ConfidentialGuestSupport QOM base class. "Confidential" is kind of vague, but "confidential computing" seems to be the buzzword about these schemes, and "secure" or "protected" are often used in connection to unrelated things (such as hypervisor-from-guest or guest-from-guest security). The "support" in the name is significant because in at least some of the cases it requires the guest to take specific actions in order to protect itself from hypervisor eavesdropping. Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | utils/fifo8: add VMSTATE_FIFO8_TEST macroMark Cave-Ayland2021-02-071-6/+10
|/ | | | | | | | | Rewrite the existing VMSTATE_FIFO8 macro to use VMSTATE_FIFO8_TEST as per the standard pattern in include/migration/vmstate.h. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20210128221728.14887-3-mark.cave-ayland@ilande.co.uk>
* accel: replace struct CpusAccel with AccelOpsClassClaudio Fontana2021-02-051-0/+2
| | | | | | | | | | | | | | | This will allow us to centralize the registration of the cpus.c module accelerator operations (in accel/accel-softmmu.c), and trigger it automatically using object hierarchy lookup from the new accel_init_interfaces() initialization step, depending just on which accelerators are available in the code. Rename all tcg-cpus.c, kvm-cpus.c, etc to tcg-accel-ops.c, kvm-accel-ops.c, etc, matching the object type names. Signed-off-by: Claudio Fontana <cfontana@suse.de> Message-Id: <20210204163931.7358-18-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* accel: extend AccelState and AccelClass to user-modeClaudio Fontana2021-02-051-0/+79
| | | | | | | | | | | Signed-off-by: Claudio Fontana <cfontana@suse.de> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> [claudio: rebased on Richard's splitwx work] Signed-off-by: Claudio Fontana <cfontana@suse.de> Message-Id: <20210204163931.7358-17-cfontana@suse.de> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* util/iov: make qemu_iovec_init_extended() honestVladimir Sementsov-Ogievskiy2021-02-031-1/+1
| | | | | | | | | | | | | | | | Actually, we can't extend the io vector in all cases. Handle possible MAX_IOV and size_t overflows. For now add assertion to callers (actually they rely on success anyway) and fix them in the following patch. Add also some additional good assertions to qemu_iovec_init_slice() while being here. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20201211183934.169161-3-vsementsov@virtuozzo.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com>
* Merge remote-tracking branch ↵Peter Maydell2021-02-031-0/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/ehabkost-gl/tags/machine-next-pull-request' into staging Machine queue, 2021-02-02 Feature: * nvdimm: read-only file support (Stefan Hajnoczi) # gpg: Signature made Tue 02 Feb 2021 19:27:21 GMT # gpg: using RSA key 5A322FD5ABC4D3DBACCFD1AA2807936F984DC5A6 # gpg: issuer "ehabkost@redhat.com" # gpg: Good signature from "Eduardo Habkost <ehabkost@redhat.com>" [full] # Primary key fingerprint: 5A32 2FD5 ABC4 D3DB ACCF D1AA 2807 936F 984D C5A6 * remotes/ehabkost-gl/tags/machine-next-pull-request: nvdimm: check -object memory-backend-file, readonly=on option hostmem-file: add readonly=on|off option memory: add readonly support to memory_region_init_ram_from_file() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * memory: add readonly support to memory_region_init_ram_from_file()Stefan Hajnoczi2021-02-011-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is currently no way to open(O_RDONLY) and mmap(PROT_READ) when creating a memory region from a file. This functionality is needed since the underlying host file may not allow writing. Add a bool readonly argument to memory_region_init_ram_from_file() and the APIs it calls. Extend memory_region_init_ram_from_file() rather than introducing a memory_region_init_rom_from_file() API so that callers can easily make a choice between read/write and read-only at runtime without calling different APIs. No new RAMBlock flag is introduced for read-only because it's unclear whether RAMBlocks need to know that they are read-only. Pass a bool readonly argument instead. Both of these design decisions can be changed in the future. It just seemed like the simplest approach to me. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Liam Merwick <liam.merwick@oracle.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20210104171320.575838-2-stefanha@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
* | error: rename error_with_timestamp to message_with_timestampStefan Hajnoczi2021-02-011-1/+1
|/ | | | | | | | | | | | | | | The -msg timestamp=on|off option controls whether a timestamp is printed with error_report() messages. The "-msg" name suggests that this option has a wider effect than just error_report(). The next patch extends it to the 'log' trace backend, so rename the variable from error_with_timestamp to message_with_timestamp. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: BALATON Zoltan <balaton@eik.bme.hu> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20210125113507.224287-2-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* ptimer: Add new ptimer_set_period_from_clock() functionPeter Maydell2021-01-291-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | The ptimer API currently provides two methods for setting the period: ptimer_set_period(), which takes a period in nanoseconds, and ptimer_set_freq(), which takes a frequency in Hz. Neither of these lines up nicely with the Clock API, because although both the Clock and the ptimer track the frequency using a representation of whole and fractional nanoseconds, conversion via either period-in-ns or frequency-in-Hz will introduce a rounding error. Add a new function ptimer_set_period_from_clock() which takes the Clock object directly to avoid the rounding issues. This includes a facility for the user to specify that there is a frequency divider between the Clock proper and the timer, as some timer devices like the CMSDK APB dualtimer need this. To avoid having to drag in clock.h from ptimer.h we add the Clock type to typedefs.h. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Luc Michel <luc@lmichel.fr> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210128114145.20536-2-peter.maydell@linaro.org Message-id: 20210121190622.22000-2-peter.maydell@linaro.org
* osdep: build with non-working system() functionJoelle van Dyne2021-01-291-0/+12
| | | | | | | | | | Build without error on hosts without a working system(). If system() is called, return -1 with ENOSYS. Signed-off-by: Joelle van Dyne <j@getutm.app> Message-id: 20210126012457.39046-6-j@getutm.app Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Merge remote-tracking branch 'remotes/philmd-gitlab/tags/sdmmc-20210124' ↵Peter Maydell2021-01-251-0/+33
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging SD/MMC patches - Various improvements for SD cards in SPI mode (Bin Meng) # gpg: Signature made Sun 24 Jan 2021 19:16:55 GMT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/sdmmc-20210124: hw/sd: sd.h: Cosmetic change of using spaces hw/sd: ssi-sd: Use macros for the dummy value and tokens in the transfer hw/sd: ssi-sd: Fix the wrong command index for STOP_TRANSMISSION hw/sd: ssi-sd: Add a state representing Nac hw/sd: ssi-sd: Suffix a data block with CRC16 util: Add CRC16 (CCITT) calculation routines hw/sd: sd: Drop sd_crc16() hw/sd: sd: Support CMD59 for SPI mode hw/sd: ssi-sd: Fix incorrect card response sequence Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * util: Add CRC16 (CCITT) calculation routinesBin Meng2021-01-241-0/+33
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Import CRC16 calculation routines from Linux kernel v5.10: include/linux/crc-ccitt.h lib/crc-ccitt.c to QEMU: include/qemu/crc-ccitt.h util/crc-ccitt.c Signed-off-by: Bin Meng <bin.meng@windriver.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20210123104016.17485-7-bmeng.cn@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> [PMD: Restrict compilation to system emulation] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
* | tcg: Toggle page execution for Apple SiliconRoman Bolshakov2021-01-231-0/+28
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pages can't be both write and executable at the same time on Apple Silicon. macOS provides public API to switch write protection [1] for JIT applications, like TCG. 1. https://developer.apple.com/documentation/apple_silicon/porting_just-in-time_compilers_to_apple_silicon Tested-by: Alexander Graf <agraf@csgraf.de> Signed-off-by: Roman Bolshakov <r.bolshakov@yadro.com> Message-Id: <20210113032806.18220-1-r.bolshakov@yadro.com> [rth: Inline the qemu_thread_jit_* functions; drop the MAP_JIT change for a follow-on patch.] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* | qemu/compiler: Split out qemu_build_not_reached_alwaysRichard Henderson2021-01-221-2/+3
|/ | | | | | | | | Provide a symbol that can always be used to signal an error, regardless of optimization. Usage of this should be protected by e.g. __builtin_constant_p, which guards for optimization. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* osdep.h: Remove <sys/signal.h> includeMichael Forney2021-01-201-4/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | Prior to 2a4b472c3c, sys/signal.h was only included on OpenBSD (apart from two .c files). The POSIX standard location for this header is just <signal.h> and in fact, OpenBSD's signal.h includes sys/signal.h itself. Unconditionally including <sys/signal.h> on musl causes warnings for just about every source file: /usr/include/sys/signal.h:1:2: warning: #warning redirecting incorrect #include <sys/signal.h> to <signal.h> [-Wcpp] 1 | #warning redirecting incorrect #include <sys/signal.h> to <signal.h> | ^~~~~~~ Since there don't seem to be any platforms which require including <sys/signal.h> in addition to <signal.h>, and some platforms like Haiku lack it completely, just remove it. Tested building on OpenBSD after removing this include. Signed-off-by: Michael Forney <mforney@mforney.org> Tested-by: John Snow <jsnow@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20210113215600.16100-1-mforney@mforney.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
* target/arm: Implement an IMPDEF pauth algorithmRichard Henderson2021-01-191-0/+98
| | | | | | | | | | | | | | | | | Without hardware acceleration, a cryptographically strong algorithm is too expensive for pauth_computepac. Even with hardware accel, we are not currently expecting to link the linux-user binaries to any crypto libraries, and doing so would generally make the --static build fail. So choose XXH64 as a reasonably quick and decent hash. Tested-by: Mark Rutland <mark.rutland@arm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20210111235740.462469-2-richard.henderson@linaro.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* semihosting: Implement SYS_ELAPSED and SYS_TICKFREQKeith Packard2021-01-181-0/+2
| | | | | | | | | These are part of Semihosting for AArch32 and AArch64 Release 2.0 Signed-off-by: Keith Packard <keithp@keithp.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20210107170717.2098982-8-keithp@keithp.com> Message-Id: <20210108224256.2321-19-alex.bennee@linaro.org>
* Introduce yank featureLukas Straub2021-01-131-0/+97
| | | | | | | | | | | | | | | The yank feature allows to recover from hanging qemu by "yanking" at various parts. Other qemu systems can register themselves and multiple yank functions. Then all yank functions for selected instances can be called by the 'yank' out-of-band qmp command. Available instances can be queried by a 'query-yank' oob command. Signed-off-by: Lukas Straub <lukasstraub2@web.de> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Message-Id: <69934ceacfd33a7dfe53db145ecc630ad39ee47c.1609167865.git.lukasstraub2@web.de> Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com>
* util/qemu-timer: Make timer_free() imply timer_del()Peter Maydell2021-01-081-11/+13
| | | | | | | | | | | | | | | | | | | | | Currently timer_free() is a simple wrapper for g_free(). This means that the timer being freed must not be currently active, as otherwise QEMU might crash later when the active list is processed and still has a pointer to freed memory on it. As a result almost all calls to timer_free() are preceded by a timer_del() call, as can be seen in the output of git grep -B1 '\<timer_free\>' This is unfortunate API design as it makes it easy to accidentally misuse (by forgetting the timer_del()), and the correct use is annoyingly verbose. Make timer_free() imply a timer_del(). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201215154107.3255-2-peter.maydell@linaro.org
* util: Enhance flush_icache_range with separate data pointerRichard Henderson2021-01-071-2/+13
| | | | | | | | | | | | | We are shortly going to have a split rw/rx jit buffer. Depending on the host, we need to flush the dcache at the rw data pointer and flush the icache at the rx code pointer. For now, the two passed pointers are identical, so there is no effective change in behaviour. Reviewed-by: Joelle van Dyne <j@getutm.app> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* util: Extract flush_icache_range to cacheflush.cRichard Henderson2021-01-021-0/+24
| | | | | | | | | | | | This has been a tcg-specific function, but is also in use by hardware accelerators via physmem.c. This can cause link errors when tcg is disabled. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Joelle van Dyne <j@getutm.app> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20201214140314.18544-3-richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* cfi: Initial support for cfi-icall in QEMUDaniele Buono2021-01-021-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LLVM/Clang, supports runtime checks for forward-edge Control-Flow Integrity (CFI). CFI on indirect function calls (cfi-icall) ensures that, in indirect function calls, the function called is of the right signature for the pointer type defined at compile time. For this check to work, the code must always respect the function signature when using function pointer, the function must be defined at compile time, and be compiled with link-time optimization. This rules out, for example, shared libraries that are dynamically loaded (given that functions are not known at compile time), and code that is dynamically generated at run-time. This patch: 1) Introduces the CONFIG_CFI flag to support cfi in QEMU 2) Introduces a decorator to allow the definition of "sensitive" functions, where a non-instrumented function may be called at runtime through a pointer. The decorator will take care of disabling cfi-icall checks on such functions, when cfi is enabled. 3) Marks functions currently in QEMU that exhibit such behavior, in particular: - The function in TCG that calls pre-compiled TBs - The function in TCI that interprets instructions - Functions in the plugin infrastructures that jump to callbacks - Functions in util that directly call a signal handler Signed-off-by: Daniele Buono <dbuono@linux.vnet.ibm.com> Acked-by: Alex Bennée <alex.bennee@linaro.org Message-Id: <20201204230615.2392-3-dbuono@linux.vnet.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-12-19' into ↵Peter Maydell2021-01-011-2/+2
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging QAPI patches patches for 2020-12-19 # gpg: Signature made Sat 19 Dec 2020 09:40:05 GMT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qapi-2020-12-19: (33 commits) qobject: Make QString immutable block: Use GString instead of QString to build filenames keyval: Use GString to accumulate value strings json: Use GString instead of QString to accumulate strings migration: Replace migration's JSON writer by the general one qobject: Factor JSON writer out of qobject_to_json() qobject: Factor quoted_str() out of to_json() qobject: Drop qstring_get_try_str() qobject: Drop qobject_get_try_str() Revert "qobject: let object_property_get_str() use new API" block: Avoid qobject_get_try_str() qmp: Fix tracing of non-string command IDs qobject: Move internals to qobject-internal.h hw/rdma: Replace QList by GQueue Revert "qstring: add qstring_free()" qobject: Change qobject_to_json()'s value to GString qobject: Use GString instead of QString to accumulate JSON qobject: Make qobject_to_json_pretty() take a pretty argument monitor: Use GString instead of QString for output buffer hmp: Simplify how qmp_human_monitor_command() gets output ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * migration: Replace migration's JSON writer by the general oneMarkus Armbruster2020-12-191-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 8118f0950f "migration: Append JSON description of migration stream" needs a JSON writer. The existing qobject_to_json() wasn't a good fit, because it requires building a QObject to convert. Instead, migration got its very own JSON writer, in commit 190c882ce2 "QJSON: Add JSON writer". It tacitly limits numbers to int64_t, and strings contents to characters that don't need escaping, unlike qobject_to_json(). The previous commit factored the JSON writer out of qobject_to_json(). Replace migration's JSON writer by it. Cc: Juan Quintela <quintela@redhat.com> Cc: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20201211171152.146877-17-armbru@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
* | tcg/optimize: Add fallthrough annotationsThomas Huth2020-12-181-0/+11
|/ | | | | | | | | | | | | | | | To be able to compile this file with -Werror=implicit-fallthrough, we need to add some fallthrough annotations to the case statements that might fall through. Unfortunately, the typical "/* fallthrough */" comments do not work here as expected since some case labels are wrapped in macros and the compiler fails to match the comments in this case. But using __attribute__((fallthrough)) seems to work fine, so let's use that instead (by introducing a new QEMU_FALLTHROUGH macro in our compiler.h header file). Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20201211152426.350966-11-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
* compiler.h: remove QEMU_GNUC_PREREQMarc-André Lureau2020-12-151-11/+0Star
| | | | | | | | When needed, the G_GNUC_CHECK_VERSION() glib macro can be used instead. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201210134752.780923-14-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* compiler: remove GNUC checkMarc-André Lureau2020-12-151-7/+1Star
| | | | | | | | | QEMU requires Clang or GCC, that define and support __GNUC__ extensions. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20201210134752.780923-12-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* compiler.h: explicit case for Clang printf attributeMarc-André Lureau2020-12-151-12/+12
| | | | | | | | | | | | | | Since commit efc6c07 ("configure: Add a test for the minimum compiler version"), QEMU explicitely depends on GCC >= 4.8, we could thus drop earlier version checks. Except clang advertizes itself as GCC 4.2.1. Since clang doesn't support gnu_printf, make that case explicitely and drop GCC version check. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20201210134752.780923-8-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* qemu-plugin.h: remove GCC < 4Marc-André Lureau2020-12-151-7/+2Star
| | | | | | | | | | | | Since commit efc6c07 ("configure: Add a test for the minimum compiler version"), QEMU explicitely depends on GCC >= 4.8. (clang >= 3.4 advertizes itself as GCC >= 4.2 compatible) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Acked-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20201210134752.780923-5-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* compiler.h: remove GCC < 3 __builtin_expect fallbackMarc-André Lureau2020-12-151-4/+0Star
| | | | | | | | | | | | Since commit efc6c07 ("configure: Add a test for the minimum compiler version"), QEMU explicitely depends on GCC >= 4.8. (clang >= 3.4 advertizes itself as GCC >= 4.2 compatible and supports __builtin_expect too) Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201210134752.780923-4-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* qemu/atomic: Drop special case for unsupported compilerPhilippe Mathieu-Daudé2020-12-151-17/+0Star
| | | | | | | | | | | | | | | | | Since commit efc6c070aca ("configure: Add a test for the minimum compiler version") the minimum compiler version required for GCC is 4.8, which has the GCC BZ#36793 bug fixed. We can safely remove the special case introduced in commit a281ebc11a6 ("virtio: add missing mb() on notification"). With clang 3.4, __ATOMIC_RELAXED is defined, so the chunk to remove (which is x86-specific), isn't reached either. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201210134752.780923-2-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* plugin: propagate errorsPaolo Bonzini2020-12-151-2/+2
| | | | | | | | | | | | qemu_finish_machine_init currently can only exit QEMU if it fails. Prepare for giving it proper error propagation, and possibly for adding a plugin_add monitor command that calls an accelerator method. While at it, make all errors from plugin_load look the same. Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell2020-12-113-3/+29
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging * Fix for NULL segments (Bin Meng) * Support for 32768 CPUs on x86 without IOMMU (David) * PDEP/PEXT fix and testcase (myself) * Remove bios_name and ram_size globals (myself) * qemu_init rationalization (myself) * Update kernel-doc (myself + upstream patches) * Propagate MemTxResult across DMA and PCI functions (Philippe) * Remove master/slave when applicable (Philippe) * WHPX support for in-kernel irqchip (Sunil) # gpg: Signature made Thu 10 Dec 2020 17:21:50 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: (113 commits) scripts: kernel-doc: remove unnecessary change wrt Linux Revert "docs: temporarily disable the kernel-doc extension" scripts: kernel-doc: use :c:union when needed scripts: kernel-doc: split typedef complex regex scripts: kernel-doc: fix typedef parsing Revert "kernel-doc: Handle function typedefs that return pointers" Revert "kernel-doc: Handle function typedefs without asterisks" scripts: kernel-doc: try to use c:function if possible scripts: kernel-doc: fix line number handling scripts: kernel-doc: allow passing desired Sphinx C domain dialect scripts: kernel-doc: don't mangle with parameter list scripts: kernel-doc: fix typedef identification scripts: kernel-doc: reimplement -nofunction argument scripts: kernel-doc: fix troubles with line counts scripts: kernel-doc: use a less pedantic markup for funcs on Sphinx 3.x scripts: kernel-doc: make it more compatible with Sphinx 3.x Revert "kernel-doc: Use c:struct for Sphinx 3.0 and later" Revert "scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments" scripts: kernel-doc: add support for typedef enum kernel-doc: add support for ____cacheline_aligned attribute ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * config-file: move -set implementation to vl.cPaolo Bonzini2020-12-101-1/+0Star
| | | | | | | | | | | | | | | | We want to make it independent of QemuOpts. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * vl: extract softmmu/datadir.cPaolo Bonzini2020-12-101-0/+28
| | | | | | | | | | Reviewed-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * qemu-option: restrict qemu_opts_set to merge-lists QemuOptsPaolo Bonzini2020-12-101-2/+1Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | qemu_opts_set is used to create default network backends and to parse sugar options -kernel, -initrd, -append, -bios and -dtb. These are very different uses: I would *expect* a function named qemu_opts_set to set an option in a merge-lists QemuOptsList, such as -kernel, and possibly to set an option in a non-merge-lists QemuOptsList with non-NULL id, similar to -set. However, it wouldn't *work* to use qemu_opts_set for the latter because qemu_opts_set uses fail_if_exists==1. So, for non-merge-lists QemuOptsList and non-NULL id, the semantics of qemu_opts_set (fail if the (QemuOptsList, id) pair already exists) are debatable. On the other hand, I would not expect qemu_opts_set to create a non-merge-lists QemuOpts with a single option; which it does, though. For this case of non-merge-lists QemuOptsList and NULL id, qemu_opts_set hardly adds value over qemu_opts_parse. It does skip some parsing and unescaping, but that's not needed when creating default network backends. So qemu_opts_set has warty behavior for non-merge-lists QemuOptsList if id is non-NULL, and it's mostly pointless if id is NULL. My solution to keeping the API as simple as possible is to limit qemu_opts_set to merge-lists QemuOptsList. For them, it's useful (we don't want comma-unescaping for -kernel) *and* has sane semantics. Network backend creation is switched to qemu_opts_parse. qemu_opts_set is now only used on merge-lists QemuOptsList... except in the testcase, which is changed to use a merge-list QemuOptsList. With this change we can also remove the id parameter. With the parameter always NULL, we know that qemu_opts_create cannot fail and can pass &error_abort to it. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Clean up includesMarkus Armbruster2020-12-101-1/+0Star
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Clean up includes so that osdep.h is included first and headers which it implies are not included manually. This commit was created with scripts/clean-includes, with the changes to the following files manually reverted: contrib/libvhost-user/libvhost-user-glib.h contrib/libvhost-user/libvhost-user.c contrib/libvhost-user/libvhost-user.h contrib/plugins/hotblocks.c contrib/plugins/hotpages.c contrib/plugins/howvec.c contrib/plugins/lockstep.c linux-user/mips64/cpu_loop.c linux-user/mips64/signal.c linux-user/sparc64/cpu_loop.c linux-user/sparc64/signal.c linux-user/x86_64/cpu_loop.c linux-user/x86_64/signal.c target/s390x/gen-features.c tests/fp/platform.h tests/migration/s390x/a-b-bios.c tests/plugin/bb.c tests/plugin/empty.c tests/plugin/insn.c tests/plugin/mem.c tests/test-rcu-simpleq.c tests/test-rcu-slist.c tests/test-rcu-tailq.c tests/uefi-test-tools/UefiTestToolsPkg/BiosTablesTest/BiosTablesTest.c contrib/plugins/, tests/plugin/, and tests/test-rcu-slist.c appear not to include osdep.h intentionally. The remaining reverts are the same as in commit bbfff19688d. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20201113061216.2483385-1-armbru@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Alexander Bulekov <alxndr@bu.edu>
* libvhost-user: make it a meson subprojectMarc-André Lureau2020-12-081-1/+1
| | | | | | | | | | | | | By making libvhost-user a subproject, check it builds standalone (without the global QEMU cflags etc). Note that the library still relies on QEMU include/qemu/atomic.h and linux_headers/. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20201125100640.366523-6-marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* qemu/bswap: Remove unused qemu_bswap_len()Philippe Mathieu-Daudé2020-11-171-6/+0Star
| | | | | | | | | | Last use of qemu_bswap_len() has been removed in commit e5fd1eb05ec ("apb: add busA qdev property to PBM PCI bridge"). Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200928131934.739451-2-philmd@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>