A program might rely on functions implemented in vl.c, but implement its
own main(). By placing main into a separate source file, there are no
complaints about duplicate main()s when linking against vl.o. For
example, the virtual-device fuzzer uses a main() provided by libfuzzer,
and needs to perfo
The virtual-device fuzzer must initialize QOM, prior to running
vl:qemu_init, so that it can use the qos_graph to identify the arguments
required to initialize a guest for libqos-assisted fuzzing. This change
prevents errors when vl:qemu_init tries to (re)initialize the previously
initialized QOM m
This makes it simple to swap the transport functions for qtest commands
to and from the qtest client. For example, now it is possible to
directly pass qtest commands to a server handler that exists within the
same process, without the standard way of writing to a file descriptor.
Signed-off-by: Al
Signed-off-by: Alexander Oleinik
---
include/qemu/module.h | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/include/qemu/module.h b/include/qemu/module.h
index 65ba596e46..684753d808 100644
--- a/include/qemu/module.h
+++ b/include/qemu/module.h
@@ -46,6 +46,7 @@ typedef enu
Signed-off-by: Alexander Oleinik
---
tests/fuzz/qos_fuzz.c | 212 ++
tests/fuzz/qos_fuzz.h | 19
2 files changed, 231 insertions(+)
create mode 100644 tests/fuzz/qos_fuzz.c
create mode 100644 tests/fuzz/qos_fuzz.h
diff --git a/tests/fuzz/qos_fuzz.c
When using qtest "in-process" communication, qtest_sendf directly calls
a function in the server (qtest.c). Combining the contents of the
subsequent socket_sends into the qtest_sendf, makes it so the server can
immediately handle the command, without building a local buffer and
waiting for a newlin
Most qos-related objects were specified in the qos-test-obj-y variable.
qos-test-obj-y also included qos-test.o which defines a main().
This made it difficult to repurpose qos-test-obj-y to link anything
beside tests/qos-test against libqos. This change separates objects that
are libqos-specific an
qtest_server_send is a function pointer specifying the handler used to
transmit data to the qtest client. In the standard configuration, this
calls the CharBackend handler, but now it is possible for other types of
handlers, e.g direct-function calls if the qtest client and server
exist within the
This is needed for the qos-assisted fuzzers which walk the qos tree and
need a way to check if the current path matches the name of the fuzz
target.
Signed-off-by: Alexander Oleinik
---
tests/fuzz/fuzz.c | 3 +++
tests/fuzz/fuzz.h | 1 +
2 files changed, 4 insertions(+)
diff --git a/tests/fuzz/
Signed-off-by: Alexander Oleinik
---
Note that with this you cannot configure with --enable-fuzzing to build
/all targets. Even if you could, you would need to clean all of the *.o
between builds, since fuzzing adds instrumentation CFLAGS.
Makefile| 15 ++-
Makef
Signed-off-by: Alexander Oleinik
---
Makefile| 12 +++-
Makefile.objs | 6 +-
Makefile.target | 1 +
3 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/Makefile b/Makefile
index 3a43492340..5e5033a500 100644
--- a/Makefile
+++ b/Makefile
@@ -426,6 +426,7 @@ du
These three targets should simply fuzz reads/writes to a couple ioports,
but they mostly serve as examples of different ways to write targets.
They demonstrate using qtest and qos for fuzzing, as well as using
rebooting and forking to reset state, or not resetting it at all.
Signed-off-by: Alexand
Signed-off-by: Alexander Oleinik
---
configure | 13 +
1 file changed, 13 insertions(+)
diff --git a/configure b/configure
index 30aad233d1..775f46f55a 100755
--- a/configure
+++ b/configure
@@ -498,6 +498,7 @@ libxml2=""
debug_mutex="no"
libpmem=""
default_devices="yes"
+fuzzing=
The virtio-net fuzz target feeds inputs to all three virtio-net
virtqueues, and uses forking to avoid leaking state between fuzz runs.
Signed-off-by: Alexander Oleinik
---
tests/fuzz/Makefile.include | 1 +
tests/fuzz/virtio_net_fuzz.c | 120 +++
2 files change
Signed-off-by: Alexander Oleinik
---
docs/devel/fuzzing.txt | 114 +
1 file changed, 114 insertions(+)
create mode 100644 docs/devel/fuzzing.txt
diff --git a/docs/devel/fuzzing.txt b/docs/devel/fuzzing.txt
new file mode 100644
index 00..53a1f858f5
The handler allows a qtest client to send commands to the server by
directly calling a function, rather than using a file/CharBackend
Signed-off-by: Alexander Oleinik
---
include/sysemu/qtest.h | 1 +
qtest.c| 7 +++
2 files changed, 8 insertions(+)
diff --git a/include/syse
Before, when tests/Makefile.include was included, the contents would be
ignored if config-host.mak was defined. Moving the ifneq responsible for
this allows a target to depend on both testing-related and host-related
objects. For example the virtual-device fuzzer relies on both
libqtest/libqos obje
Signed-off-by: Alexander Oleinik
---
tests/libqtest.c | 46 ++
tests/libqtest.h | 5 +
2 files changed, 51 insertions(+)
diff --git a/tests/libqtest.c b/tests/libqtest.c
index d770462869..fc10322d52 100644
--- a/tests/libqtest.c
+++ b/tests/libqte
The moved functions are not specific to qos-test and might be useful
elsewhere. For example the virtual-device fuzzer makes use of them for
qos-assisted fuzz-targets.
Signed-off-by: Alexander Oleinik
---
tests/Makefile.include | 1 +
tests/libqos/qos_external.c | 151 +
fork() is a simple way to ensure that state does not leak in between
fuzzing runs. Unfortunately, the fuzzer mutation engine relies on
bitmaps which contain coverage information for each fuzzing run, and
these bitmaps should be copied from the child to the parent(where the
mutation occurs). These b
tests/fuzz/fuzz.c serves as the entry point for the virtual-device
fuzzer. Namely, libfuzzer invokes the LLVMFuzzerInitialize and
LLVMFuzzerTestOneInput functions, both of which are defined in this
file. This change adds a "FuzzTarget" struct, along with the
fuzz_add_target function, which should b
On Tue, Sep 17, 2019 at 7:00 PM Jonathan Behrens wrote:
>
> I went through the uses of mie in the entire hypervisor patch series and it
> seems like it would be much simpler to just have two non-pointer fields in
> the CPU struct: mie and vsie. To if an interrupt is pending, you are either
> ru
Please ignore this one, this qemu tag includes more than just a SLOF
update, I'll resend.
On 12/09/2019 11:36, Alexey Kardashevskiy wrote:
> The following changes since commit 0d0b906ae20d763db0f07fc74aef2c355b8474c7:
>
> spapr: Render full FDT on ibm,client-architecture-support (2019-09-11
>
On 2019/9/18 下午4:37, Tian, Kevin wrote:
From: Jason Wang [mailto:jasow...@redhat.com]
Sent: Wednesday, September 18, 2019 2:10 PM
Note that the HVA to GPA mapping is not an 1:1 mapping. One HVA
range
could be mapped to several GPA ranges.
This is fine. Currently vfio_dma maintains IOVA->HV
On Wed, Sep 18, 2019 at 05:16:54PM +1000, David Gibson wrote:
> Hi,
>
> I'm finding make check-acceptance is currently useless for me as a
> pre-pull test, because a bunch of the tests are not at all reliable.
> There are a bunch which I'm still investigating, but for now I'm
> looking at the MIPS
On Wed, Sep 18, 2019 at 02:49:25PM -0400, John Snow wrote:
> On 9/18/19 4:55 AM, Kevin Wolf wrote:
> > Running iotests is not required to build QEMU, so we can have stricter
> > version requirements for Python here and can make use of new features
> > and drop compatibility code earlier.
> >
> > T
On Wed, Sep 18, 2019 at 02:27:48PM +0200, Philippe Mathieu-Daudé wrote:
> Currently the Avocado framework does not distinct the time spent
> downloading assets vs. the time spent running a test. With big
> assets (like a full VM image) the tests likely fail.
>
> This is a limitation known by the A
On 9/13/19 10:49 AM, Peter Maydell wrote:
> The qemu-ga documentation is currently in qemu-ga.texi in
> Texinfo format, which we present to the user as:
> * a qemu-ga manpage
> * a section of the main qemu-doc HTML documentation
>
> Convert the documentation to rST format, and present it to
> th
On Wed, Sep 18, 2019 at 05:06:54PM +1000, David Gibson wrote:
> At the moment this test runs on whatever the host arch is. But it looks
> for 'unavailable-features' which is an x86 specific cpu property. Tag it
> to always use qemu-system-x86_64.
>
> Signed-off-by: David Gibson
> Reviewed-by: W
> -Original Message-
> From: Xu, Tao3
> Sent: Thursday, September 12, 2019 1:37 PM
> To: imamm...@redhat.com; ebl...@redhat.com; ehabk...@redhat.com
> Cc: Xu, Tao3 ; Liu, Jingqi ;
> Williams, Dan J ;
> jonathan.came...@huawei.com; Du, Fan ; qemu-devel@nongnu.org
> Subject: [PATCH v11 05/11
dule.c because of an illegal instruction:
[0.058685] VFP support v0.3:
[0.059159] Internal error: Oops - undefined instruction: 0 [#1] SMP ARM
[0.059525] CPU: 0 PID: 1 Comm: swapper/0 Not tainted
5.3.0-next-20190918-dirty #1
[0.059547] Hardware name: Generic DT based system
[
Patchew URL:
https://patchew.org/QEMU/20190918130244.24257-1-vsement...@virtuozzo.com/
Hi,
This series seems to have some coding style problems. See output below for
more information:
Subject: [Qemu-devel] [RFC] error: auto propagated local_err
Message-id: 20190918130244.24257-1-vsement...@vi
There is an extra line in comment of CPUID_8000_0008_EBX_WBNOINVD,
remove the extra enter and spaces.
Signed-off-by: Tao Xu
---
target/i386/cpu.h | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 5f6e3a029a..71b6193390 100644
--- a/
Patchew URL:
https://patchew.org/QEMU/20190918130633.4872-1-shameerali.kolothum.th...@huawei.com/
Hi,
This series failed the docker-quick@centos7 build test. Please find the testing
commands and
their output below. If you have Docker installed, you can probably reproduce it
locally.
=== TEST
On Thu, Sep 19, 2019 at 09:05:12AM +0800, Jason Wang wrote:
>
> On 2019/9/18 下午4:37, Tian, Kevin wrote:
> >> From: Jason Wang [mailto:jasow...@redhat.com]
> >> Sent: Wednesday, September 18, 2019 2:10 PM
> >>
> Note that the HVA to GPA mapping is not an 1:1 mapping. One HVA
> >> range
>
baiyao...@cmss.chinamobile.com
Bcc:
Subject: COMPARE_AND_WRITE support for rbd driver
Reply-To: baiyao...@cmss.chinamobile.com
Hey guys,
I noticed that COMPARE_AND_WRITE had been supported by CEPH/librbd since
v12.1.1. And in my company, we use this COMPARE_AND_WRITE support in
CEPH with the IS
Hello,
The series starts with a watchdog fix and a new model for the SDHCI
controller. Follows the code for the AST2600 SoC.
Most of the Aspeed models are reworked with an object class to
introduce the AST2600 variant. A model for the AST2600 SoC and a
simple AST2600 EVB machine is proposed at th
From: Joel Stanley
The SCU controller on the AST2600 SoC has extra registers. Increase
the number of regs of the model and introduce a new field in the class
to customize the MemoryRegion operations depending on the SoC model.
Signed-off-by: Joel Stanley
[clg: - improved commit log
- chan
From: Eddie James
The Aspeed SOCs have two SD/MMC controllers. Add a device that
encapsulates both of these controllers and models the Aspeed-specific
registers and behavior.
Tested by reading from mmcblk0 in Linux:
qemu-system-arm -machine romulus-bmc -nographic \
-drive file=flash-romulus,for
The AST2600 timer has a third control register that is used to
implement a set-to-clear feature for the main control register.
On the AST2600, it is not configurable via 0x38 (control register 3)
as it is on the AST2500.
Based on previous work from Joel Stanley.
Signed-off-by: Cédric Le Goater
From: Amithash Prasad
When WDT_RESTART is written, the data is not the contents
of the WDT_CTRL register. Hence ensure we are looking at
WDT_CTRL to check if bit WDT_CTRL_1MHZ_CLK is set or not.
Signed-off-by: Amithash Prasad
[clg: improved Suject prefix ]
Signed-off-by: Cédric Le Goater
---
The most important changes will be on the register range 0x34 - 0x3C
memops. Introduce class read/write operations to handle the
differences between SoCs.
Signed-off-by: Cédric Le Goater
---
include/hw/timer/aspeed_timer.h | 15 +
hw/arm/aspeed_soc.c | 3 +-
hw/timer/aspeed_ti
From: Joel Stanley
The AST2600 has four watchdogs, and they each have a 0x40 of registers.
When running as part of an ast2600 system we must check a different
offset for the system reset control register in the SCU.
Signed-off-by: Joel Stanley
[clg: - reworked model integration into new objet
From: Joel Stanley
Signed-off-by: Joel Stanley
Signed-off-by: Cédric Le Goater
---
include/hw/arm/aspeed_soc.h | 1 +
hw/arm/aspeed_ast2600.c | 5 +
hw/arm/aspeed_soc.c | 6 ++
3 files changed, 12 insertions(+)
diff --git a/include/hw/arm/aspeed_soc.h b/include/hw/arm/aspe
The AST2500 timer has a third control register that is used to
implement a set-to-clear feature for the main control register.
This models the behaviour expected by the AST2500 while maintaining
the same behaviour for the AST2400.
The vmstate version is not increased yet because the structure is
The AST2600 SoC SMC controller is a SPI only controller now and has a
few extensions which we will need to take into account when SW
requires it.
- 4BYTE mode
- HCLK divider has changed (SPI Training)
- CE0-2 Read Timing Compensation registers
This is enough to support u-boot.
Signed-off-by:
The AST2600 timer replaces control register 2 with a interrupt status
register. It is set by hardware when an IRQ occurs and cleared by
software.
Modify the vmstate version to take into account the new fields.
Based on previous work from Joel Stanley.
Signed-off-by: Cédric Le Goater
---
includ
From: Joel Stanley
The AST2600 SDMC controller is slightly different from its predecessor
(DRAM training). Max memory is now 2G on the AST2600.
Signed-off-by: Joel Stanley
[clg: - improved commit log
- reworked model integration into new objet class ]
Signed-off-by: Cédric Le Goater
---
Use class handlers and class constants to differentiate the
characteristics of the memory controller and remove the 'silicon_rev'
property.
Signed-off-by: Cédric Le Goater
---
include/hw/misc/aspeed_sdmc.h | 19 +++-
hw/arm/aspeed_soc.c | 5 +-
hw/misc/aspeed_sdmc.c | 168 ++
It prepares ground for register differences between SoCs.
Signed-off-by: Cédric Le Goater
---
include/hw/i2c/aspeed_i2c.h | 15 ++
hw/arm/aspeed_soc.c | 3 +-
hw/i2c/aspeed_i2c.c | 60 -
3 files changed, 69 insertions(+), 9 deletions(-
It cleanups the current models for the Aspeed AST2400 and AST2500 SoCs
and prepares ground for future SoCs. It removes the need of the
'silicon_rev' property.
Signed-off-by: Cédric Le Goater
---
include/hw/watchdog/wdt_aspeed.h | 18 -
hw/arm/aspeed_soc.c | 9 ++-
hw/watchdog
It prepares ground for the AST2600.
Signed-off-by: Cédric Le Goater
---
include/hw/arm/aspeed_soc.h | 9 +--
hw/arm/aspeed.c | 4 +-
hw/arm/aspeed_soc.c | 148 +++-
3 files changed, 84 insertions(+), 77 deletions(-)
diff --git a/include/hw
From: Rashmica Gupta
The AST2600 has the same sets of 3.6v gpios as the AST2400 plus an
addtional two sets of 1.8V gpios.
Signed-off-by: Rashmica Gupta
Reviewed-by: Cédric Le Goater
Signed-off-by: Cédric Le Goater
---
hw/gpio/aspeed_gpio.c | 142 --
1
The I2C controller of the AST2400 and AST2500 SoCs have one IRQ shared
by all I2C busses. The AST2600 SoC I2C controller has one IRQ per bus
and 16 busses.
Signed-off-by: Cédric Le Goater
---
include/hw/i2c/aspeed_i2c.h | 5 +++-
hw/i2c/aspeed_i2c.c | 46
Initial definitions for a simple machine using an AST2600 SoC (Cortex
CPU).
The Cortex CPU and its interrupt controller are too complex to handle
in the common Aspeed SoC framework. We introduce a new Aspeed SoC
class with instance_init and realize handlers to handle the differences
with the AST24
Signed-off-by: Cédric Le Goater
---
hw/arm/aspeed.c | 18 ++
1 file changed, 18 insertions(+)
diff --git a/hw/arm/aspeed.c b/hw/arm/aspeed.c
index 52993f84b461..4450e71e5547 100644
--- a/hw/arm/aspeed.c
+++ b/hw/arm/aspeed.c
@@ -88,6 +88,9 @@ struct AspeedBoardState {
/* Withers
On 2019/9/19 下午1:28, Yan Zhao wrote:
On Thu, Sep 19, 2019 at 09:05:12AM +0800, Jason Wang wrote:
On 2019/9/18 下午4:37, Tian, Kevin wrote:
From: Jason Wang [mailto:jasow...@redhat.com]
Sent: Wednesday, September 18, 2019 2:10 PM
Note that the HVA to GPA mapping is not an 1:1 mapping. One HVA
From: Joel Stanley
To support the ast2600's four MACs allow SoCs to specify the number
they have, and create that many.
Signed-off-by: Joel Stanley
[clg: included a check on sc->macs_num when realizing the macs ]
Signed-off-by: Cédric Le Goater
---
include/hw/arm/aspeed_soc.h | 5 -
hw/ar
The AST2600 SoC has an extra controller to set the PHY registers.
Signed-off-by: Cédric Le Goater
---
include/hw/arm/aspeed_soc.h | 5 ++
include/hw/net/ftgmac100.h | 17
hw/arm/aspeed_ast2600.c | 20 +
hw/net/ftgmac100.c | 162
4 f
On 19/09/2019 01.19, Oleinik, Alexander wrote:
> The names i2c_send and i2c_recv collide with functions defined in
> hw/i2c/core.c. This causes an error when linking against libqos and
> softmmu simultaneously (for example when using qtest inproc). Rename the
> libqos functions to avoid this.
>
>
On Thu, Sep 19, 2019 at 02:09:53PM +0800, Jason Wang wrote:
>
> On 2019/9/19 下午1:28, Yan Zhao wrote:
> > On Thu, Sep 19, 2019 at 09:05:12AM +0800, Jason Wang wrote:
> >> On 2019/9/18 下午4:37, Tian, Kevin wrote:
> From: Jason Wang [mailto:jasow...@redhat.com]
> Sent: Wednesday, September 1
On 2019/9/19 下午2:17, Yan Zhao wrote:
On Thu, Sep 19, 2019 at 02:09:53PM +0800, Jason Wang wrote:
On 2019/9/19 下午1:28, Yan Zhao wrote:
On Thu, Sep 19, 2019 at 09:05:12AM +0800, Jason Wang wrote:
On 2019/9/18 下午4:37, Tian, Kevin wrote:
From: Jason Wang [mailto:jasow...@redhat.com]
Sent: Wedne
On Thu, Sep 19, 2019 at 02:32:03PM +0800, Jason Wang wrote:
>
> On 2019/9/19 下午2:17, Yan Zhao wrote:
> > On Thu, Sep 19, 2019 at 02:09:53PM +0800, Jason Wang wrote:
> >> On 2019/9/19 下午1:28, Yan Zhao wrote:
> >>> On Thu, Sep 19, 2019 at 09:05:12AM +0800, Jason Wang wrote:
> On 2019/9/18 下午4:3
On Thu, Sep 19, 2019 at 02:29:54PM +0800, Yan Zhao wrote:
> On Thu, Sep 19, 2019 at 02:32:03PM +0800, Jason Wang wrote:
> >
> > On 2019/9/19 下午2:17, Yan Zhao wrote:
> > > On Thu, Sep 19, 2019 at 02:09:53PM +0800, Jason Wang wrote:
> > >> On 2019/9/19 下午1:28, Yan Zhao wrote:
> > >>> On Thu, Sep 19,
18.09.2019 21:32, Eric Blake wrote:
> On 9/18/19 1:05 PM, Eric Blake wrote:
>
#define MAKE_ERRP_SAFE() \
g_auto(ErrorPropagationStruct) (__auto_errp_prop) = {.errp = errp}; \
errp = &__auto_errp_prop.local_err
>
> I tried to see if this could be done with just a single declara
18.09.2019 22:57, John Snow wrote:
>
>
> On 9/17/19 12:07 PM, Vladimir Sementsov-Ogievskiy wrote:
>> Of course, QEMU_ALIGN_UP is a typo, it should be QEMU_ALIGN_DOWN, as we
>> are trying to find aligned size which satisfy both source and target.
>> Also, don't ignore too small max_transfer. In th
On Wed, Sep 18, 2019 at 09:31:21AM -0500, Paul A. Clarke wrote:
> From: "Paul A. Clarke"
>
> ISA 3.0B added a set of Floating-Point Status and Control Register (FPSCR)
> instructions: mffsce, mffscdrn, mffscdrni, mffscrn, mffscrni, mffsl.
> This patch adds support for 'mffscrn' and 'mffscrni' ins
On Wed, Sep 18, 2019 at 09:32:49AM -0500, Paul A. Clarke wrote:
> From: "Paul A. Clarke"
>
> There are FPSCR-related defines in target/ppc/cpu.h which can be used in
> place of constants and explicit shifts which arguably improve the code a
> bit in places.
>
> Signed-off-by: Paul A. Clarke
Ap
On Wed, Sep 18, 2019 at 09:31:22AM -0500, Paul A. Clarke wrote:
> From: "Paul A. Clarke"
>
> ISA 3.0B added a set of Floating-Point Status and Control Register (FPSCR)
> instructions: mffsce, mffscdrn, mffscdrni, mffscrn, mffscrni, mffsl.
> This patch adds support for 'mffsce' instruction.
>
> '
301 - 369 of 369 matches
Mail list logo
