On 4/4/24 21:13, Philippe Mathieu-Daudé wrote:
Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
so the bus and device use the same guard. Otherwise the
DMA-reentrancy protection can be bypassed.
Cc: qemu-sta...@nongnu.org
Suggested-by: Alexander Bulekov
Signed-off-by: Philippe Mathieu-D
On Fri, Apr 5, 2024 at 7:22 PM Alexey Dobriyan wrote:
>
> Don't send zero length packets in virtio_net_flush_tx().
>
> Reproducer from https://gitlab.com/qemu-project/qemu/-/issues/1451
> creates small packet (1 segment, len = 10 == n->guest_hdr_len),
> destroys queue.
>
> "if (n->host_hdr_len !=
On Mon, Mar 18, 2024 at 8:41 PM Michael S. Tsirkin wrote:
>
> On Thu, Mar 14, 2024 at 11:24:33AM +0800, Jason Wang wrote:
> > On Thu, Mar 14, 2024 at 3:52 AM Michael S. Tsirkin wrote:
> > >
> > > On Wed, Mar 13, 2024 at 07:51:08PM +0100, Thomas Weißschuh wrote:
> > > > On 2024-02-21 15:38:02+0800
When conducting performance testing using testpmd in the guest os,
it was observed that the performance was lower compared to the
scenario of direct vfio-pci usage.
In the commit 96a3d98d2cdbd897ff5ab33427aa4cfb94077665, the author
provided a good solution. However, because the guest OS's
driver(e
Hi,
On Thu, Apr 4, 2024 at 9:13 PM Philippe Mathieu-Daudé wrote:
>
> Gerd suggested to use the transport guard to protect the
> device from DMA re-entrancy abuses.
This was assigned CVE-2024-3446.
> Philippe Mathieu-Daudé (4):
> hw/virtio: Introduce virtio_bh_new_guarded() helper
> hw/displ
On Mon, Apr 8, 2024 at 4:30 AM Akihiko Odaki wrote:
>
> On 2024/04/08 7:09, Yuri Benditovich wrote:
> > On Wed, Apr 3, 2024 at 2:12 PM Akihiko Odaki
> > wrote:
> >>
> >> The peer buffer is qualified with const and not meant to be modified.
> >
> > IMHO, this buffer is not so 'const' (although th
On Thu, Apr 04, 2024 at 04:00:38PM +0200, Philippe Mathieu-Daudé wrote:
Hi Stefano,
Hi Phil!
On 4/4/24 14:23, Stefano Garzarella wrote:
Let's make the code more portable by using the "qemu/bswap.h" API
and adding defines from block/file-posix.c to support O_DIRECT in
other systems (e.g. mac
On 2024/04/08 16:40, Yuri Benditovich wrote:
On Mon, Apr 8, 2024 at 4:30 AM Akihiko Odaki wrote:
On 2024/04/08 7:09, Yuri Benditovich wrote:
On Wed, Apr 3, 2024 at 2:12 PM Akihiko Odaki wrote:
The peer buffer is qualified with const and not meant to be modified.
IMHO, this buffer is not
On Mon, Apr 8, 2024 at 10:42 AM Akihiko Odaki wrote:
>
> On 2024/04/08 16:40, Yuri Benditovich wrote:
> > On Mon, Apr 8, 2024 at 4:30 AM Akihiko Odaki
> > wrote:
> >>
> >> On 2024/04/08 7:09, Yuri Benditovich wrote:
> >>> On Wed, Apr 3, 2024 at 2:12 PM Akihiko Odaki
> >>> wrote:
>
>
On Thu, Apr 4, 2024 at 10:55 AM Philippe Mathieu-Daudé
wrote:
>
> Per "SD Host Controller Standard Specification Version 3.00":
>
> * 1.7 Buffer Control
>
> - 1.7.1 Control of Buffer Pointer
>
> (3) Buffer Control with Block Size
>
> In case of write operation, the buffer accumulates t
On 2024/04/08 16:54, Yuri Benditovich wrote:
On Mon, Apr 8, 2024 at 10:42 AM Akihiko Odaki wrote:
On 2024/04/08 16:40, Yuri Benditovich wrote:
On Mon, Apr 8, 2024 at 4:30 AM Akihiko Odaki wrote:
On 2024/04/08 7:09, Yuri Benditovich wrote:
On Wed, Apr 3, 2024 at 2:12 PM Akihiko Odaki wrot
On Thu, Apr 04, 2024 at 04:09:34PM +0200, David Hildenbrand wrote:
On 04.04.24 14:23, Stefano Garzarella wrote:
shm_open() creates and opens a new POSIX shared memory object.
A POSIX shared memory object allows creating memory backend with an
associated file descriptor that can be shared with ex
FYI I'll be on PTO till May 2nd, I'll send the v4 when I'm back ASAP.
Thanks,
Stefano
On Thu, Apr 04, 2024 at 02:23:19PM +0200, Stefano Garzarella wrote:
v1: https://patchew.org/QEMU/20240228114759.44758-1-sgarz...@redhat.com/
v2: https://patchew.org/QEMU/20240326133936.125332-1-sgarz...@redhat
On 08.04.24 09:58, Stefano Garzarella wrote:
On Thu, Apr 04, 2024 at 04:09:34PM +0200, David Hildenbrand wrote:
On 04.04.24 14:23, Stefano Garzarella wrote:
shm_open() creates and opens a new POSIX shared memory object.
A POSIX shared memory object allows creating memory backend with an
associa
Queued, thanks.
Paolo
On Mon, Apr 8, 2024 at 10:57 AM Akihiko Odaki wrote:
>
> On 2024/04/08 16:54, Yuri Benditovich wrote:
> > On Mon, Apr 8, 2024 at 10:42 AM Akihiko Odaki
> > wrote:
> >>
> >> On 2024/04/08 16:40, Yuri Benditovich wrote:
> >>> On Mon, Apr 8, 2024 at 4:30 AM Akihiko Odaki
> >>> wrote:
>
> >>>
On 2024/04/08 17:06, Yuri Benditovich wrote:
On Mon, Apr 8, 2024 at 10:57 AM Akihiko Odaki wrote:
On 2024/04/08 16:54, Yuri Benditovich wrote:
On Mon, Apr 8, 2024 at 10:42 AM Akihiko Odaki wrote:
On 2024/04/08 16:40, Yuri Benditovich wrote:
On Mon, Apr 8, 2024 at 4:30 AM Akihiko Odaki wr
On Mon, Apr 08, 2024 at 10:03:15AM +0200, David Hildenbrand wrote:
On 08.04.24 09:58, Stefano Garzarella wrote:
On Thu, Apr 04, 2024 at 04:09:34PM +0200, David Hildenbrand wrote:
On 04.04.24 14:23, Stefano Garzarella wrote:
shm_open() creates and opens a new POSIX shared memory object.
A POSIX
Based on Joao's suggestion, the iommufd nesting prerequisite series [1]
is further splitted to host IOMMU device abstract part and vIOMMU
check part. This series implements the 1st part.
This split also faciliates the dirty tracking series [2] and virtio-iommu
series [3] to depend on 1st part.
Th
HIODIOMMUFD represents a host IOMMU device under iommufd backend.
Currently it includes only public iommufd handle and device id.
which could be used to get hw IOMMU information.
When nested translation is supported in future, vIOMMU is going
to have iommufd related operations like attaching/deta
HIODIOMMUFDVFIO represents a host IOMMU device under VFIO iommufd
backend. It will be created during VFIO device attaching and passed
to vIOMMU.
It includes a link to VFIODevice so that we can do VFIO device
specific hwpt attaching/detaching.
Signed-off-by: Zhenzhong Duan
---
include/hw/vfio/vf
Introduce a helper function iommufd_backend_get_device_info() to get
host IOMMU related information through iommufd uAPI.
Signed-off-by: Yi Liu
Signed-off-by: Yi Sun
Signed-off-by: Zhenzhong Duan
---
include/sysemu/iommufd.h | 4
backends/iommufd.c | 23 ++-
2 f
HIODLegacyVFIO represents a host IOMMU device under VFIO legacy
container backend.
It includes a link to VFIODevice.
Suggested-by: Eric Auger
Suggested-by: Cédric Le Goater
Signed-off-by: Zhenzhong Duan
---
include/hw/vfio/vfio-common.h | 11 +++
hw/vfio/container.c | 11 +++
With HostIOMMUDevice passed, vIOMMU can check compatibility with host
IOMMU, call into IOMMUFD specific methods, etc.
Originally-by: Yi Liu
Signed-off-by: Nicolin Chen
Signed-off-by: Yi Sun
Signed-off-by: Zhenzhong Duan
---
hw/vfio/pci.c | 20 +++-
1 file changed, 15 insertion
It calls iommufd_backend_get_device_info() to get host IOMMU
related information.
Define a common structure HIOD_IOMMUFD_INFO to describe the info
returned from kernel. Currently only vtd, but easy to add arm smmu
when kernel supports.
Signed-off-by: Zhenzhong Duan
---
include/sysemu/iommufd.h
Introduce HostIOMMUDevice as an abstraction of host IOMMU device.
get_host_iommu_info() is used to get host IOMMU info, different
backends can have different implementations and result format.
Introduce a macro CONFIG_HOST_IOMMU_DEVICE to define the usage
for VFIO, and VDPA in the future.
Sugges
Utilize iova_ranges to calculate host IOMMU address width and
package it in HIOD_LEGACY_INFO for vIOMMU usage.
HIOD_LEGACY_INFO will be used by both VFIO and VDPA so declare
it in host_iommu_device.h.
Signed-off-by: Zhenzhong Duan
---
include/sysemu/host_iommu_device.h | 10 ++
hw/vfio/
Create host IOMMU device instance and initialize it based on backend.
Signed-off-by: Zhenzhong Duan
---
include/hw/vfio/vfio-common.h | 1 +
hw/vfio/container.c | 5 +
hw/vfio/iommufd.c | 8
3 files changed, 14 insertions(+)
diff --git a/include/hw/vfio/vfio-c
From: Yi Liu
This adds pci_device_set/unset_iommu_device() to set/unset
HostIOMMUDevice for a given PCI device. Caller of set
should fail if set operation fails.
Extract out pci_device_get_iommu_bus_devfn() to facilitate
implementation of pci_device_set/unset_iommu_device().
Signed-off-by: Yi L
Signed-off-by: Philippe Mathieu-Daudé
---
hw/block/nand.c | 12 +---
1 file changed, 9 insertions(+), 3 deletions(-)
diff --git a/hw/block/nand.c b/hw/block/nand.c
index 6fa9038bb5..3627c799b5 100644
--- a/hw/block/nand.c
+++ b/hw/block/nand.c
@@ -84,7 +84,11 @@ struct NANDFlashState {
Fix for https://gitlab.com/qemu-project/qemu/-/issues/1446
Philippe Mathieu-Daudé (3):
hw/block/nand: Factor nand_load_iolen() method out
hw/block/nand: Have blk_load() return boolean indicating success
hw/block/nand: Fix out-of-bound access in NAND block buffer
hw/block/nand.c | 50 ++
nand_command() and nand_getio() don't check @offset points
into the block, nor the available data length (s->iolen) is
not negative.
In order to fix:
- check the offset is in range in nand_blk_load_NAND_PAGE_SIZE(),
- do not set @iolen if blk_load() failed.
Reproducer:
$ cat << EOF | qemu-sys
Signed-off-by: Philippe Mathieu-Daudé
---
hw/block/nand.c | 32 +++-
1 file changed, 19 insertions(+), 13 deletions(-)
diff --git a/hw/block/nand.c b/hw/block/nand.c
index d1435f2207..6fa9038bb5 100644
--- a/hw/block/nand.c
+++ b/hw/block/nand.c
@@ -243,9 +243,25 @@ s
On 8/4/24 10:36, Philippe Mathieu-Daudé wrote:
nand_command() and nand_getio() don't check @offset points
into the block, nor the available data length (s->iolen) is
not negative.
In order to fix:
- check the offset is in range in nand_blk_load_NAND_PAGE_SIZE(),
- do not set @iolen if blk_load(
Currently only stage-2 translation is supported which is backed by
shadow page table on host side. So we don't need exact matching of
each bit of cap/ecap between vIOMMU and host. However, we can still
ensure compatibility of host and vIOMMU's address width at least,
i.e., vIOMMU's aw-bits <= host
Hi,
Based on Joao's suggestion, the iommufd nesting prerequisite series [1]
is further splitted to host IOMMU device abstract part [2] and vIOMMU
check part. This series implements the 2nd part.
1st part implements get_host_iommu_info() callback which vIOMMU can call to
get host IOMMU info. For l
Extract cap/ecap initialization in vtd_cap_init() to make code
cleaner.
No functional change intended.
Reviewed-by: Eric Auger
Signed-off-by: Zhenzhong Duan
---
hw/i386/intel_iommu.c | 93 ---
1 file changed, 51 insertions(+), 42 deletions(-)
diff --git
From: Yi Liu
Implement set/unset_iommu_device() callback in Intel vIOMMU.
In set call, a new structure VTDHostIOMMUDevice which holds
a reference to HostIOMMUDevice is stored in hash table
indexed by PCI BDF.
Signed-off-by: Yi Liu
Signed-off-by: Yi Sun
Signed-off-by: Zhenzhong Duan
---
hw/i3
From: Yi Liu
If check fails, the host side device(either vfio or vdpa device) should not
be passed to guest.
Implementation details for different backends will be in following patches.
Signed-off-by: Yi Liu
Signed-off-by: Yi Sun
Signed-off-by: Zhenzhong Duan
---
hw/i386/intel_iommu.c | 35 +
Currently only stage-2 translation is supported which is backed by
shadow page table on host side. So we don't need exact matching of
each bit of cap/ecap between vIOMMU and host. However, we can still
ensure compatibility of host and vIOMMU's address width at least,
i.e., vIOMMU's aw-bits <= host
On 05.04.24 20:44, Eric Blake wrote:
From: Zhu Yangyang
Coroutines are not supposed to block. Instead, they should yield.
The client performs TLS upgrade outside of an AIOContext, during
synchronous handshake; this still requires g_main_loop. But the
server responds to TLS upgrade inside a co
On Thu, Apr 4, 2024 at 9:48 PM Philippe Mathieu-Daudé wrote:
>
> The yank feature is not used in user emulation.
But it is used in block layer tools. The simplest thing here is
probably to move it under have_block instead.
Paolo
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> util/meson.build
On Thu, Apr 4, 2024 at 9:48 PM Philippe Mathieu-Daudé wrote:
>
> QMP is irrelevant for user emulation. Extract the code
> related to QMP in a different source file, which won't
> be build for user emulation binaries. This avoid pulling
> pointless code.
>
> Signed-off-by: Philippe Mathieu-Daudé
>
On Sat, 06 Apr 2024 08:38:04 +0900,
Zack Buhman wrote:
>
> The saturation arithmetic logic in helper_macw is not correct.
>
> I tested and verified this behavior on a SH7091, the general pattern
> is a code sequence such as:
>
> sets
>
> mov.l _mach,r2
> lds r2,mach
> mo
On Fri, 05 Apr 2024 19:24:57 +0900,
Richard Henderson wrote:
>
> Cc: Yoshinori Sato
> Signed-off-by: Richard Henderson
> ---
> target/rx/translate.c | 27 ++-
> 1 file changed, 14 insertions(+), 13 deletions(-)
>
> diff --git a/target/rx/translate.c b/target/rx/translat
On Mon, 08 Apr 2024 00:07:05 +0900,
Zack Buhman wrote:
>
> CHECK_NOT_DELAY_SLOT is correctly applied to the branch-related
> instructions, but not to the PC-relative mov* instructions.
>
> I verified the existence of an illegal slot exception on a SH7091 when
> any of these instructions are attem
On 30/8/22 05:30, Qiang Liu wrote:
I found an assertion failure in usb_cancel_packet() and posted my analysis in
https://gitlab.com/qemu-project/qemu/-/issues/1180. I think this issue is
because the inconsistency when resetting ohci root hubs.
There are two ways to reset ohci root hubs: 1) throu
On 5/4/24 19:30, Michael Tokarev wrote:
01.04.2024 09:02, Michael Tokarev:
Anyone can guess why this rather trivial and obviously correct patch
causes segfaults
in a few tests in staging-7.2 - when run in tcg mode, namely:
pxe-test
migration-test
boot-serial-test
bios-tables-test
This reverts commit cd341fd1ffded978b2aa0b5309b00be7c42e347c.
The patch adds non-upstream code in
include/standard-headers/linux/virtio_pci.h
which would make maintainance harder.
Revert for now.
Suggested-by: Jason Wang
Signed-off-by: Michael S. Tsirkin
---
include/hw/virtio/virtio-pci.h
On Thu, Apr 4, 2024 at 9:48 PM Philippe Mathieu-Daudé wrote:
>
> Currently monitor stubs are scattered in 3 files.
>
> Merge these stubs in 2 files, a generic one (monitor-core)
> included in all builds (in particular user emulation), and
> a less generic one to be included by tools and system emu
On Mon, 8 Apr 2024 at 10:48, Michael S. Tsirkin wrote:
>
> This reverts commit cd341fd1ffded978b2aa0b5309b00be7c42e347c.
>
> The patch adds non-upstream code in
> include/standard-headers/linux/virtio_pci.h
> which would make maintainance harder.
>
> Revert for now.
>
> Suggested-by: Jason Wang
>
QDev core layer always call DeviceReset() after DeviceRealize(),
no need to do it manually. Remove the extra call.
Signed-off-by: Philippe Mathieu-Daudé
---
hw/misc/applesmc.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/hw/misc/applesmc.c b/hw/misc/applesmc.c
index 72300d0cbc..8e65816da6
AppleSMCData is allocated with g_new0() in applesmc_add_key():
release it with g_free().
Leaked since commit 1ddda5cd36 ("AppleSMC device emulation").
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2272
Reported-by: Zheyu Ma
Signed-off-by: Philippe Mathieu-Daudé
---
hw/misc/applesmc.c
Fix for https://gitlab.com/qemu-project/qemu/-/issues/2272
Philippe Mathieu-Daudé (2):
hw/misc/applesmc: Do not call DeviceReset() from DeviceRealize()
hw/misc/applesmc: Fix memory leak in reset() handler
hw/misc/applesmc.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--
2.41.0
On Mon, Apr 08 2024, "Michael S. Tsirkin" wrote:
> This reverts commit cd341fd1ffded978b2aa0b5309b00be7c42e347c.
>
> The patch adds non-upstream code in
> include/standard-headers/linux/virtio_pci.h
> which would make maintainance harder.
>
> Revert for now.
>
> Suggested-by: Jason Wang
> Signed
On Mon, Apr 08, 2024 at 09:14:39AM +0200, Philippe Mathieu-Daudé wrote:
> On 4/4/24 21:13, Philippe Mathieu-Daudé wrote:
> > Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
> > so the bus and device use the same guard. Otherwise the
> > DMA-reentrancy protection can be bypassed.
> >
> > C
On Thu, Apr 4, 2024 at 9:48 PM Philippe Mathieu-Daudé wrote:
>
> Headers in include/sysemu/ are specific to system
> emulation and should not be used in user emulation.
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> hw/core/reset.c | 4
> 1 file changed, 4 insertions(+)
>
> diff --git a/
On Tue, Mar 26, 2024 at 07:06:29PM +0900, Akihiko Odaki wrote:
> virtio_net_guest_notifier_pending() and virtio_net_guest_notifier_mask()
> checked VIRTIO_NET_F_MQ to know there are multiple queues, but
> VIRTIO_NET_F_RSS also enables multiple queues. Refer to n->multiqueue,
> which is set to true
On Mon, Apr 08, 2024 at 10:51:57AM +0100, Peter Maydell wrote:
> On Mon, 8 Apr 2024 at 10:48, Michael S. Tsirkin wrote:
> >
> > This reverts commit cd341fd1ffded978b2aa0b5309b00be7c42e347c.
> >
> > The patch adds non-upstream code in
> > include/standard-headers/linux/virtio_pci.h
> > which would
While the Packet Number Register is 6-bit wide and could hold
up to 64 packets [*] our implementation is clamped at 4 packets.
Reproducer:
$ cat << EOF | qemu-system-arm -display none \
-machine mainstone,accel=qtest \
-qtest std
On 8/4/24 12:27, Philippe Mathieu-Daudé wrote:
While the Packet Number Register is 6-bit wide and could hold
up to 64 packets [*] our implementation is clamped at 4 packets.
Reproducer:
$ cat << EOF | qemu-system-arm -display none \
-machine mainstone,accel=
On Mon, 8 Apr 2024 at 10:52, Philippe Mathieu-Daudé wrote:
>
> QDev core layer always call DeviceReset() after DeviceRealize(),
> no need to do it manually. Remove the extra call.
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> hw/misc/applesmc.c | 1 -
> 1 file changed, 1 deletion(-)
>
> diff
On Mon, 8 Apr 2024 at 10:53, Philippe Mathieu-Daudé wrote:
>
> AppleSMCData is allocated with g_new0() in applesmc_add_key():
> release it with g_free().
>
> Leaked since commit 1ddda5cd36 ("AppleSMC device emulation").
>
> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2272
> Reported-by
Fix for https://gitlab.com/qemu-project/qemu/-/issues/2267
Philippe Mathieu-Daudé (2):
hw/net/lan9118: Replace magic '2048' value by 'PKT_SIZE' definition
hw/net/lan9118: Fix overflow in TX FIFO
hw/net/lan9118.c | 13 +
1 file changed, 9 insertions(+), 4 deletions(-)
--
2.41.0
Signed-off-by: Philippe Mathieu-Daudé
---
hw/net/lan9118.c | 8 +---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/hw/net/lan9118.c b/hw/net/lan9118.c
index 47ff25b441..7be0430ac5 100644
--- a/hw/net/lan9118.c
+++ b/hw/net/lan9118.c
@@ -150,6 +150,8 @@ do { printf("lan9118: "
When the TX FIFO is full, raise the TX Status FIFO Overflow (TXSO)
flag, "Generated when the TX Status FIFO overflows" [*].
Broken since model introduction in commit 2a42499017
("LAN9118 emulation").
When using the reproducer from
https://gitlab.com/qemu-project/qemu/-/issues/2267 we get:
hw/n
On 8/4/24 11:50, Paolo Bonzini wrote:
On Thu, Apr 4, 2024 at 9:48 PM Philippe Mathieu-Daudé wrote:
Currently monitor stubs are scattered in 3 files.
Merge these stubs in 2 files, a generic one (monitor-core)
included in all builds (in particular user emulation), and
a less generic one to be i
On 8/4/24 12:08, Michael S. Tsirkin wrote:
On Mon, Apr 08, 2024 at 09:14:39AM +0200, Philippe Mathieu-Daudé wrote:
On 4/4/24 21:13, Philippe Mathieu-Daudé wrote:
Replace qemu_bh_new_guarded() by virtio_bh_new_guarded()
so the bus and device use the same guard. Otherwise the
DMA-reentrancy prote
subj is calling kvm_add_routing_entry() which simply extends
KVMState::irq_routes::entries[]
but doesn't check if number of routes goes beyond limit the kernel
is willing to accept. Which later leads toi the assert
qemu-kvm: ../accel/kvm/kvm-all.c:1833: kvm_irqchip_commit_routes: Assertion
`r
On 8/4/24 12:34, Peter Maydell wrote:
On Mon, 8 Apr 2024 at 10:53, Philippe Mathieu-Daudé wrote:
AppleSMCData is allocated with g_new0() in applesmc_add_key():
release it with g_free().
Leaked since commit 1ddda5cd36 ("AppleSMC device emulation").
Resolves: https://gitlab.com/qemu-project/qe
For quite a while I am experimenting with PCI Express setup on SBSA-Ref
system. And finally decided to write.
We want to play with NUMA setup and "pxb-pcie" can be assigned to NUMA
node other than cpu0 one. But adding it makes other cards dissapear...
When I boot sbsa-ref I have plain PCIe se
When configuring VMs with the CDROM device using the USB bus
in Libvirt, do as follows:
The destination Qemu process crashed, causing the VM migration
to fail; the backtrace reveals the following:
Program terminated with signal SIGSEGV, Segmentation fault.
0 __memmove_sse2_una
This patchset fixes the crash of VMs configured with the CDROM device
on the destination during live migration. See the commit message for
details.
The previous patchset does not show up at https://patchew.org/QEMU.
Just resend it to ensure the email gets to the inbox.
Please review.
Yong
Hyman
To indicate to the destination whether or not emulational SCSI
requests are sent, introduce the migrate_emulate_scsi_request
in struct SCSIDiskState. It seeks to achieve migration backend
compatibility.
This commit sets the stage for the next one, which addresses
the crash of a VM configured with
On Thu, 4 Apr 2024 at 09:56, Philippe Mathieu-Daudé wrote:
>
> Per "SD Host Controller Standard Specification Version 3.00":
>
> * 1.7 Buffer Control
>
> - 1.7.1 Control of Buffer Pointer
>
> (3) Buffer Control with Block Size
>
> In case of write operation, the buffer accumulates the
On Mon, 8 Apr 2024 at 11:53, Philippe Mathieu-Daudé wrote:
>
> Signed-off-by: Philippe Mathieu-Daudé
> ---
> hw/net/lan9118.c | 8 +---
> 1 file changed, 5 insertions(+), 3 deletions(-)
>
Reviewed-by: Peter Maydell
thanks
-- PMM
On Sat, Apr 6, 2024 at 11:58 AM Durrant, Paul wrote:
>
> On 04/04/2024 15:08, Ross Lagerwall wrote:
> > A malicious or buggy guest may generated buffered ioreqs faster than
> > QEMU can process them in handle_buffered_iopage(). The result is a
> > livelock - QEMU continuously processes ioreqs on t
On 08/04/2024 14:00, Ross Lagerwall wrote:
On Sat, Apr 6, 2024 at 11:58 AM Durrant, Paul wrote:
On 04/04/2024 15:08, Ross Lagerwall wrote:
A malicious or buggy guest may generated buffered ioreqs faster than
QEMU can process them in handle_buffered_iopage(). The result is a
livelock - QEMU co
On 04/04/2024 15:08, Ross Lagerwall wrote:
A malicious or buggy guest may generated buffered ioreqs faster than
QEMU can process them in handle_buffered_iopage(). The result is a
livelock - QEMU continuously processes ioreqs on the main thread without
iterating through the main loop which prevent
On 4/7/24 00:32, Richard Henderson wrote:
> We already attempted to set and clear can_do_io before the first
> and last insns, but only used the initial value of max_insns and
> the call to translator_io_start to find those insns.
>
> Now that we track insn_start in DisasContextBase, and now that
Hi Peter,
On Tue, Apr 2, 2024 at 11:24 PM Peter Xu wrote:
>
> On Mon, Apr 01, 2024 at 11:26:25PM +0200, Yu Zhang wrote:
> > Hello Peter und Zhjian,
> >
> > Thank you so much for letting me know about this. I'm also a bit surprised
> > at
> > the plan for deprecating the RDMA migration subsystem.
Currently, QEMU supports emulating either stage-1 or stage-2 SMMUs
but not nested instances.
This patch series adds support for nested translation in SMMUv3,
this is controlled by property “arm-smmuv3.stage=nested”, and
advertised to guests as (IDR0.S1P == 1 && IDR0.S2P == 2)
Main changes(architec
ASID and VMID used to be uint16_t in the translation config, however,
in other contexts they can be int as -1 in case of TLB invalidation,
to represent all(don’t care).
When stage-2 was added asid was set to -1 in stage-2 and vmid to -1
in stage-1 configs. However, that meant they were set as (6553
According to the user manual (ARM IHI 0070 F.b),
In "5.2 Stream Table Entry":
[51:6] S1ContextPtr
If Config[1] == 1 (stage 2 enabled), this pointer is an IPA translated by
stage 2 and the programmed value must be within the range of the IAS.
In "5.4.1 CD notes":
The translation table walks per
When nested translation is requested, do the following:
- Translate stage-1 IPA using stage-2 to a physical address.
- Translate stage-1 PTW walks using stage-2.
- Combine both to create a single TLB entry, for that we choose
the smallest entry to cache, which means that if the smallest
entry
QEMU doesn's support memory attributes, so FWB is NOP, this
might change in the future if memory attributre would be supported.
Signed-off-by: Mostafa Saleh
---
hw/arm/smmuv3.c | 8
1 file changed, 8 insertions(+)
diff --git a/hw/arm/smmuv3.c b/hw/arm/smmuv3.c
index da47411410..0e367c7
Currently, translation stage is represented as an int, where 1 is stage-1 and
2 is stage-2, when nested is added, 3 would be confusing to represent nesting,
so we use an enum instead.
While keeping the same values, this is useful for:
- Doing tricks with bit masks, where BIT(0) is stage-1 and BIT
Use the new SMMU property to make the SMMU OAS match the CPU PARANGE.
That's according to SMMU manual ARM IHI 0070F.b:
6.3.6 SMMU_IDR5, OAS must match the system physical address size.
Signed-off-by: Mostafa Saleh
---
hw/arm/virt.c | 14 --
target/arm/cpu.h | 2 ++
target
smmuv3_translate() does everything from STE/CD parsing to TLB lookup
and PTW.
Soon, when nesting is supported, stage-1 data (tt, CD) needs to be
translated using stage-2.
Split smmuv3_translate() to 3 functions:
- smmu_translate(): in smmu-common.c, which does the TLB lookup, PTW,
TLB insertio
IOMMUTLBEvent only understands IOVA, for stage-2 only SMMUs keep
the implementation, while only notify for stage-1 invalidation
in case of nesting.
Signed-off-by: Mostafa Saleh
---
hw/arm/smmuv3.c | 23 +++
hw/arm/trace-events | 2 +-
2 files changed, 16 insertions(+), 9
Some commands need rework for nesting, as they used to assume S1
and S2 are mutually exclusive:
- CMD_TLBI_NH_ASID: Consider VMID if stage-2 is supported
- CMD_TLBI_NH_ALL: Consider VMID if stage-2 is supported, otherwise
invalidate everything, this required a new vmid invalidation
function fo
Add property that sets the OAS of the SMMU, this in not used in this
patch.
Signed-off-by: Mostafa Saleh
---
hw/arm/smmuv3-internal.h | 3 ++-
hw/arm/smmuv3.c | 29 -
include/hw/arm/smmuv3.h | 1 +
3 files changed, 31 insertions(+), 2 deletions(-)
diff --
SMMUv3 OAS is hardcoded to 44 bits, for nested configurations that
can be a problem as stage-2 might be shared with the CPU which might
have different PARANGE, and according to SMMU manual ARM IHI 0070F.b:
6.3.6 SMMU_IDR5, OAS must match the system physical address size.
This patch doesn't cha
Everything is in place, add the last missing bits:
- Handle fault checking according to the actual PTW event and not the
the translation stage.
- Consolidate parsing of STE cfg and setting translation stage.
Advertise nesting if stage requested is "nested".
Signed-off-by: Mostafa Saleh
---
hw
With nesting, we would need to invalidate IPAs without
over-invalidating stage-1 IOVAs. This can be done by
distinguishing IPAs in the TLBs by having ASID=-1.
To achieve that, rework the invalidation for IPAs to have a
separate function, while for IOVA invalidation ASID=-1 means
invalidate for all
On Mon, Apr 08, 2024 at 11:46:39AM +0300, Vladimir Sementsov-Ogievskiy wrote:
> On 05.04.24 20:44, Eric Blake wrote:
> > From: Zhu Yangyang
> >
> > Coroutines are not supposed to block. Instead, they should yield.
> >
> > The client performs TLS upgrade outside of an AIOContext, during
> > synch
Since this is Fix day, I went over this old bug:
https://gitlab.com/qemu-project/qemu/-/issues/487
It happens to be a QEMU implementation detail not
really related to the spec.
Philippe Mathieu-Daudé (2):
hw/sd/sdcard: Avoid OOB in sd_read_byte() during unexpected CMD switch
hw/sd/sdcard: Asse
For multi-bytes commands, our implementation uses the @data_start
and @data_offset fields to track byte access. We initialize the
command start/offset in buffer once. Malicious guest might abuse
by switching command while staying in the 'transfer' state, switching
command buffer size, and our imple
Prevent out-of-bound access with assertions.
Signed-off-by: Philippe Mathieu-Daudé
---
hw/sd/sd.c | 14 ++
1 file changed, 14 insertions(+)
diff --git a/hw/sd/sd.c b/hw/sd/sd.c
index 16d8d52a78..c081211582 100644
--- a/hw/sd/sd.c
+++ b/hw/sd/sd.c
@@ -1875,6 +1875,7 @@ void sd_write_
On Mon, 8 Apr 2024 at 11:52, Philippe Mathieu-Daudé wrote:
>
> When the TX FIFO is full, raise the TX Status FIFO Overflow (TXSO)
> flag, "Generated when the TX Status FIFO overflows" [*].
This doesn't sound right. The TX Status FIFO and the
TX Data FIFO are separate FIFOs, and the TX FIFO has it
1 - 100 of 273 matches
Mail list logo
