On 9/4/24 15:37, Philippe Mathieu-Daudé wrote:
Fix for https://gitlab.com/qemu-project/qemu/-/issues/2267
Since v1:
- Renamed definition as MIL_TXFIFO_SIZE
- Addressed Peter review comments in patches 1 & 2
(add comment, return TXE INT)
- Trivial patches while digesting Peter's analysis [*]
On Tue, 9 Apr 2024 at 15:20, Ross Lagerwall wrote:
>
> On Tue, Apr 9, 2024 at 11:20 AM Anthony PERARD
> wrote:
> >
> > On Thu, Apr 04, 2024 at 03:08:33PM +0100, Ross Lagerwall wrote:
> > > diff --git a/hw/xen/xen-hvm-common.c b/hw/xen/xen-hvm-common.c
> > > index 1627da739822..1116b3978938 10064
On 9/4/24 13:33, Michael S. Tsirkin wrote:
On Tue, Apr 09, 2024 at 12:55:33PM +0200, Philippe Mathieu-Daudé wrote:
Fixes for CVE-2024-3446.
Gerd suggested to use the transport guard to protect the
device from DMA re-entrancy abuses.
Since v1:
- Take a DeviceState argument, not VirtIODevice, so
On 9/4/24 12:23, zhenwei pi wrote:
LGTM, thanks!
Reviewed-by: zhenwei pi
On 4/9/24 17:47, Philippe Mathieu-Daudé wrote:
Instead of aborting when a session ID is invalid,
return VIRTIO_CRYPTO_INVSESS ("Invalid session id").
Reproduced using:
$ cat << EOF | qemu-system-i386 -display none \
On 9/4/24 13:35, Peter Maydell wrote:
On Mon, 8 Apr 2024 at 17:42, Peter Maydell wrote:
So another approach here would be...
That said, this is all quite complicated looking, so
for 9.0 and backports at least this patch is fine.
Your patch looks like the correct fix, and doesn't seem that
c
Per "SD Host Controller Standard Specification Version 3.00":
* 2.2.5 Transfer Mode Register (Offset 00Ch)
Writes to this register shall be ignored when the Command
Inhibit (DAT) in the Present State register is 1.
Do not update the TRNMOD register when Command Inhibit (DAT)
bit is set
There is a small window at the end of block device migration when
devices are being re-activated. This includes a resetting of some
fields of BDRVQcow2State at qcow2_co_invalidate_cache(). A concurrent
QMP query-block command can call qcow2_get_specific_info() during this
window and see the cleared
The following patches will add co_wrapper annotations to functions
declared in qapi.h. Add that header to the set of files used by
block-coroutine-wrapper.py.
Reviewed-by: Hanna Czenczek
Signed-off-by: Fabiano Rosas
---
block/meson.build | 1 +
scripts/block-coroutine-wrapper.p
We're converting callers of bdrv_co_get_allocated_file_size() to run
in coroutines because that function will be made asynchronous when
called (indirectly) from the QMP dispatcher.
This function is a candidate because it calls bdrv_query_image_info()
-> bdrv_co_do_query_node_info() -> bdrv_co_get_
Hi, it's been a while since the last version, so a recap:
This series converts qmp_query_block() & qmp_query_named_block_nodes()
to coroutines so we can yield from them all the way back into the main
loop. This addresses a vcpu softlockup encountered when querying a
disk placed on NFS.
If the NFS
From: Lin Ma
Convert the remaining functions to make the QMP commands query-block
and query-named-block-nodes run in their entirety in a coroutine. With
this, any yield from those commands will return all the way back to
the main loop. This releases the BQL and the main loop and avoids
having the
Some callers of this function are about to be converted to run in
coroutines, so allow it to be executed both inside and outside a
coroutine while we convert all the callers.
This will be reverted once all callers of bdrv_do_query_node_info run
in a coroutine.
Signed-off-by: Fabiano Rosas
Review
On Tue, 9 Apr 2024 at 15:55, Philippe Mathieu-Daudé wrote:
>
> Per "SD Host Controller Standard Specification Version 3.00":
>
> * 2.2.5 Transfer Mode Register (Offset 00Ch)
>
> Writes to this register shall be ignored when the Command
> Inhibit (DAT) in the Present State register is 1.
This function has up until now always ran in the main loop, outside of
a coroutine. We're about to make it run inside a coroutine so start
actually taking the graph lock.
Signed-off-by: Fabiano Rosas
---
block/snapshot.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/block/s
This function is a caller of bdrv_do_query_node_info(), which have
been converted to a coroutine. Convert this function as well so we're
closer from having the whole qmp_query_block as a single coroutine.
Also remove the wrapper for bdrv_co_do_query_node_info() now that all
its callers are convert
On 7/4/24 00:32, Richard Henderson wrote:
When aborting translation of the current insn, restore the
previous value of insn_start.
Signed-off-by: Richard Henderson
---
target/i386/tcg/translate.c | 3 +++
1 file changed, 3 insertions(+)
@@ -3123,6 +3124,7 @@ static bool disas_insn(DisasC
On Tue, 9 Apr 2024 at 15:19, Peter Maydell wrote:
>
> On Tue, 9 Apr 2024 at 15:14, Gerd Hoffmann wrote:
> >
> > Hi,
> >
> > > > + --version-override "$(EDK2_STABLE)-for-qemu" \
> > > > + --release-date "$(EDK2_DATE)" \
> > >
> > > Hi -- I've just noticed that we neve
On 9/4/24 17:23, Philippe Mathieu-Daudé wrote:
On 7/4/24 00:32, Richard Henderson wrote:
When aborting translation of the current insn, restore the
previous value of insn_start.
Signed-off-by: Richard Henderson
---
target/i386/tcg/translate.c | 3 +++
1 file changed, 3 insertions(+)
@@ -
On 9/4/24 17:01, Peter Maydell wrote:
On Tue, 9 Apr 2024 at 15:55, Philippe Mathieu-Daudé wrote:
Per "SD Host Controller Standard Specification Version 3.00":
* 2.2.5 Transfer Mode Register (Offset 00Ch)
Writes to this register shall be ignored when the Command
Inhibit (DAT) in
On 6/4/24 00:00, Richard Henderson wrote:
The copy back to siginfo_t should be conditional only on arg3,
not the specific values that might have been written.
The copy back to rusage was missing entirely.
Signed-off-by: Alex Fan
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2262
S
We're currently doing a full query-block just to enumerate the devices
for qmp_nbd_server_add and then discarding the BlockInfoList
afterwards. Alter hmp_nbd_server_start to instead iterate explicitly
over the block_backends list.
This allows the removal of the dependency on qmp_query_block from
h
From: João Silva
The fstat call can take a long time to finish when running over
NFS. Add a version of it that runs in the thread pool.
Adapt one of its users, raw_co_get_allocated_file size to use the new
version. That function is called via QMP under the qemu_global_mutex
so it has a large cha
On Tue, Apr 09, 2024 at 09:30:39AM +0300, Vladimir Sementsov-Ogievskiy wrote:
> On 08.04.24 19:00, Eric Blake wrote:
> > nbd_negotiate() is already marked coroutine_fn. And given the fix in
> > the previous patch to have nbd_negotiate_handle_starttls not create
> > and wait on a g_main_loop (as th
On Mon, 8 Apr 2024 13:58:00 +0200
Marcin Juszkiewicz wrote:
> For quite a while I am experimenting with PCI Express setup on SBSA-Ref
> system. And finally decided to write.
>
> We want to play with NUMA setup and "pxb-pcie" can be assigned to NUMA
> node other than cpu0 one. But adding it mak
We're converting callers of bdrv_co_get_allocated_file_size() to run
in coroutines because that function will be made asynchronous when
called (indirectly) from the QMP dispatcher.
This function is a candidate because it calls bdrv_do_query_node_info(),
which in turn calls bdrv_co_get_allocated_fi
Move this function into a coroutine so we can convert the whole
qmp_query_block command into a coroutine in the next patches.
Placing the entire command in a coroutine allow us to yield all the
way back to the main loop, releasing the BQL and unblocking the main
loop.
When the whole conversion is
On Fri, 5 Apr 2024 14:09:23 -0400
Gregory Price wrote:
> On Fri, Apr 05, 2024 at 06:44:52PM +0100, Jonathan Cameron wrote:
> > On Fri, 5 Apr 2024 12:07:45 -0400
> > Gregory Price wrote:
> >
> > > 3. (C) Upon Device receiving Release Dynamic Capacity Request
> > >a. check for a pending rel
On Fri, 5 Apr 2024 15:43:47 -0700
"Ho-Ren (Jack) Chuang" wrote:
> On Fri, Apr 5, 2024 at 7:03 AM Jonathan Cameron
> wrote:
> >
> > On Fri, 5 Apr 2024 00:07:06 +
> > "Ho-Ren (Jack) Chuang" wrote:
> >
> > > The current implementation treats emulated memory devices, such as
> > > CXL1.1 typ
Bring a bit more consistency into the naming.
Reviewed-by: Peter Maydell
Signed-off-by: Gerd Hoffmann
Message-ID: <20240327102448.61877-4-kra...@redhat.com>
---
roms/Makefile | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/roms/Makefile b/roms/Makefile
index 783a5
Reviewed-by: Peter Maydell
Signed-off-by: Gerd Hoffmann
Message-ID: <20240327102448.61877-3-kra...@redhat.com>
---
roms/edk2-version | 2 ++
1 file changed, 2 insertions(+)
create mode 100644 roms/edk2-version
diff --git a/roms/edk2-version b/roms/edk2-version
new file mode 100644
index 00
The following changes since commit e5c6528dce86d7a9ada7ecf02fcb7b8560955131:
Update version for v9.0.0-rc2 release (2024-04-02 20:59:43 +0100)
are available in the Git repository at:
https://gitlab.com/kraxel/qemu.git tags/edk2-20240409-pull-request
for you to fetch changes up to
Turned out hard-coding version and date in the Makefile wasn't a bright
idea. Updating it on edk2 updates is easily forgotten. Fetch the info
from git instead. Store in edk2-version, so this can be committed to
the repo and is present in tarballs too.
Reviewed-by: Peter Maydell
Signed-off-by:
On Tue, Apr 09, 2024 at 04:13:34PM +0100, Peter Maydell wrote:
> On Tue, 9 Apr 2024 at 15:19, Peter Maydell wrote:
> >
> > On Tue, 9 Apr 2024 at 15:14, Gerd Hoffmann wrote:
> > >
> > > Hi,
> > >
> > > > > + --version-override "$(EDK2_STABLE)-for-qemu" \
> > > > > + -
On Tue, Apr 09, 2024 at 02:51:38AM -0400, Michael S. Tsirkin wrote:
> On Fri, Apr 05, 2024 at 02:20:15PM +0300, Alexey Dobriyan wrote:
> > Don't send zero length packets in virtio_net_flush_tx().
> >
> > Reproducer from https://gitlab.com/qemu-project/qemu/-/issues/1451
> > creates small packet (1
On Tue, Apr 09, 2024 at 07:37:04PM +0300, Alexey Dobriyan wrote:
> On Tue, Apr 09, 2024 at 02:51:38AM -0400, Michael S. Tsirkin wrote:
> > On Fri, Apr 05, 2024 at 02:20:15PM +0300, Alexey Dobriyan wrote:
> > > Don't send zero length packets in virtio_net_flush_tx().
> > >
> > > Reproducer from htt
This series includes changes to the x86 TCG decoder that switch the
1-byte opcodes to the table-driven decoder (except for x87). A few
easy 2-byte opcodes are also converted (BSWAP, SETcc, CMOVcc,
MOVZX/MOVSX and those that are extensions of 1-byte opcodes like PUSH/POP
FS/GS, LFS/LGS/LSS).
After
Extract the code into new functions, and swap T0/T1 so that T0 corresponds
to the first immediate in the instruction stream.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 93 +
1 file changed, 53 insertions(+), 40 deletions(-)
diff --git a/ta
With the introduction of TSTEQ and TSTNE the .mask field is always -1,
so remove all the now-unnecessary code.
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 81 +
1 file changed, 27 insertions(+), 54 deletions(-
Create a new temporary whenever flags have to use one, instead of using
s->tmp0 or s->tmp4. NULL can now be passed as the scratch register
to gen_prepare_*.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 54 +
1 file changed, 31 insertions(+),
When testing the sign bit or equality to zero of a partial register, it
is useful to use a single TSTEQ or TSTNE operation. It can also be used
to test the parity flag, using bit 0 of the population count.
Do not do this for target_ulong-sized values however; the optimizer would
produce a compari
These are unlikely to be converted to the table-based decoding
soon (perhaps there could be generic ESC decoding in decode-new.c.inc
for the Mod/RM byte, but not operand decoding), so keep them separate
from the remaining legacy-decoded instructions.
Signed-off-by: Paolo Bonzini
---
target/i386/
Since new opcodes are not going to be added in translate.c, round the
case labels that call to disas_insn_new(), including whole sets of
eight opcodes when possible.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --gi
A few two-byte opcodes are simple extensions of existing one-byte opcodes;
they are easy to decode and need no change to emit.c.inc. Port them to
the new decoder.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 1 +
target/i386/tcg/translate.c | 4
target/i386/tc
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 4 +++-
target/i386/tcg/decode-new.c.inc | 9 +
target/i386/tcg/emit.c.inc | 11 +++
3 files changed, 23 insertions(+), 1 deletion(-)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
Send all converted opcodes to disas_insn_new() directly from the big
decoding switch statement; once more, the debugging/bisecting logic
disappears.
Signed-off-by: Paolo Bonzini
---
target/i386/helper.h| 11 -
target/i386/tcg/shift_helper_template.h.inc | 108 -
target
The shift instructions are rewritten instead of reusing code from the old
decoder. Rotates use CC_OP_ADCOX more extensively and generally rely
more on the optimizer, so that the code generators are shared between
the immediate-count and variable-count cases.
In particular, this makes gen_RCL and
Move long-displacement Jcc, SETcc and CMOVcc to the new decoder.
While filling in the tables makes the code seem longer, the new
emitters are all just one line of code.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 1 +
target/i386/tcg/translate.c | 2 +-
target/i386
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 2 +-
target/i386/tcg/decode-new.c.inc | 120 ++
target/i386/tcg/emit.c.inc | 202 +++
3 files changed, 323 insertions(+), 1 deletion(-)
diff --git a/target/i386/tcg/translate.
While keeping decode->immediate for convenience and for 4-operand instructions,
store the immediate in X86DecodedOp as well. This enables instructions
with more than one immediate such as ENTER. It can also be used for far
calls and jumps.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decod
The new conditions obviously come in handy when testing individual bits
of EFLAGS, and they make it possible to remove the .mask field of
CCPrepare.
Lowering to shift+and is done by the optimizer if necessary.
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/tran
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 27 +++
target/i386/tcg/decode-new.c.inc | 3 +++
2 files changed, 30 insertions(+)
diff --git a/target/i386/tcg/translate.c b/target/i386/tcg/translate.c
index debc1b27283..2a372842db4 100644
--- a/targ
Split the bits that have some duplication with disas_insn_new, from
those that should be the main topic of the conversion. This is the
first step towards removing duplicate decoding of prefixes between
disas_insn and disas_insn_new.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c |
In the new decoder it is sometimes easier to put the segment
in T1 instead of T0, usually because another operand was loaded
by common code in T0. Genrealize gen_movl_seg_T0 to allow
using any source.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 16
1 file cha
Compared to the old decoder, the main differences in translation
are for the little-used ARPL instruction. IMUL is adjusted a bit
to share more code to produce flags, but is otherwise very similar.
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/decode-new.h | 2 +
target/i386/tcg/transl
Now that a bulk of opcodes go through the new decoder, it is sensible
to do some cleanup. Go immediately through disas_insn_new and only jump
back after parsing the prefixes.
disas_insn() now only contains the three sigsetjmp cases, and they
are more easily managed if they are inlined into i386_t
On Tue, Apr 09, 2024 at 12:41:39PM -0400, Michael S. Tsirkin wrote:
> On Tue, Apr 09, 2024 at 07:37:04PM +0300, Alexey Dobriyan wrote:
> > On Tue, Apr 09, 2024 at 02:51:38AM -0400, Michael S. Tsirkin wrote:
> > > On Fri, Apr 05, 2024 at 02:20:15PM +0300, Alexey Dobriyan wrote:
> > > > Don't send ze
On 9/4/24 18:43, Paolo Bonzini wrote:
Split the bits that have some duplication with disas_insn_new, from
those that should be the main topic of the conversion. This is the
first step towards removing duplicate decoding of prefixes between
disas_insn and disas_insn_new.
Signed-off-by: Paolo Bon
On 9/4/24 18:43, Paolo Bonzini wrote:
These are unlikely to be converted to the table-based decoding
soon (perhaps there could be generic ESC decoding in decode-new.c.inc
for the Mod/RM byte, but not operand decoding), so keep them separate
from the remaining legacy-decoded instructions.
Signed-
On 9/4/24 18:43, Paolo Bonzini wrote:
With the introduction of TSTEQ and TSTNE the .mask field is always -1,
so remove all the now-unnecessary code.
Reviewed-by: Richard Henderson
Signed-off-by: Paolo Bonzini
---
target/i386/tcg/translate.c | 81 +
1 file
04.04.2024 15:00, Zheyu Ma wrote:
This modification ensures that in scenarios where the buffer size is
insufficient for a zone report, the function will now properly set an
error status and proceed to a cleanup label, instead of merely
returning.
The following ASAN log reveals it:
==1767400==ER
09.04.2024 10:32, Michael S. Tsirkin wrote:
From: Wafer
In the event of writing many chains of descriptors, the device must
write just the id of the last buffer in the descriptor chain, skip
forward the number of descriptors in the chain, and then repeat the
operations for the rest of chains.
09.04.2024 10:32, Michael S. Tsirkin пишет:
From: lyx634449800
The set_config callback function vhost_vdpa_device_get_config in
vdpa-dev does not fetch the current device status from the hardware
device, causing the guest os to not receive the latest device status
information.
The hardware upd
25.03.2024 17:44, Gerd Hoffmann:
Turned out hard-coding version and date in the Makefile wasn't a bright
idea. Updating it on edk2 updates is easily forgotten. Fetch the info
from git instead.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/2233
Thanks,
/mjt
raise_mmu_exception(), as is today, is prioritizing guest page faults by
checking first if virt_enabled && !first_stage, and then considering the
regular inst/load/store faults.
There's no mention in the spec about guest page fault being a higher
priority that PMP faults. In fact, privileged spec
In this commit SPI shift engine and sequencer logic is implemented.
Shift engine performs serialization and de-serialization according to the
control by the sequencer and according to the setup defined in the
configuration registers. Sequencer implements the main control logic and
FSM to handle dat
-- Empty commit to align the patch numbers between PATCH v1 and PATCH v2.
SPI responder model is removed as pnv spi controller and seeprom is
implemented using QEMU SSI framework.
Signed-off-by: Chalapathi V
Hello,
Thank You so much for reviewing patchset V1.
In PATCHSET V2, removed the PNV_SPI_RESPONDER model and an existing
QEMU SSI framework is used to model SPI BUS and SEEPROM model and
also most of Steve's comments have been addressed.
Also added the pnv-spi-seeprom qtest is added to test to che
SPI controller device model supports a connection to a single SPI responder.
This provide access to SPI seeproms, TPM, flash device and an ADC controller.
All SPI function control is mapped into the SPI register space to enable full
control by firmware. In this commit SPI configuration component i
This commit implements a Serial EEPROM utilizing the Serial Peripheral
Interface (SPI) compatible bus.
Currently implemented SEEPROM is Microchip's 25CSM04 which provides 4 Mbits
of Serial EEPROM utilizing the Serial Peripheral Interface (SPI) compatible
bus. The device is organized as 524288 bytes
In this commit Write a qtest pnv-spi-seeprom-test to check the
SPI transactions between spi controller and seeprom device.
Signed-off-by: Chalapathi V
---
tests/qtest/pnv-spi-seeprom-test.c | 126 +
tests/qtest/meson.build| 1 +
2 files changed, 127 inse
In this commit
Creates SPI controller on p10 chip.
Create the keystore seeprom of type "seeprom-25csm04"
Connect the cs of seeprom to PIB_SPIC[2] cs irq.
The QOM tree of spi controller and seeprom are.
/machine (powernv10-machine)
/chip[0] (power10_v2.0-pnv-chip)
/pib_spic[2] (pnv-spi-contro
09.04.2024 19:29, Gerd Hoffmann:
Turned out hard-coding version and date in the Makefile wasn't a bright
idea. Updating it on edk2 updates is easily forgotten. Fetch the info
from git instead. Store in edk2-version, so this can be committed to
the repo and is present in tarballs too.
This to
If a fragmented packet size is too short, do not try to
calculate its checksum.
Reproduced using:
$ cat << EOF | qemu-system-i386 -display none -nodefaults \
-machine q35,accel=qtest -m 32M \
-device igb,netdev=net0 \
09.04.2024 20:43, Michael Tokarev:
09.04.2024 10:32, Michael S. Tsirkin:
From: lyx634449800
The set_config callback function vhost_vdpa_device_get_config in
vdpa-dev does not fetch the current device status from the hardware
device, causing the guest os to not receive the latest device status
On 4/8/24 21:44, Paolo Bonzini wrote:
+ /*
+ * Restore the features indicated in the frame, masked by
+ * those currently enabled. Re-check the frame size.
+ * ??? It is not clear where the kernel does this, but it
+ * is not in check_xstate_in_sigframe, an
09.04.2024 14:02, Paolo Bonzini wrote:
On Tue, Apr 9, 2024 at 12:59 PM Zhao Liu wrote:
Hi Michael & Paolo,
I debugged it manually, and found the problem occurs in tlb_index() with
mmu_idx=5.
For v7.2, the maximum mmu index supported by i386 is 4 (since
NB_MMU_MODES = 5 defined in target/i3
On Tue, 9 Apr 2024 at 19:02, Michael Tokarev wrote:
>
> 09.04.2024 19:29, Gerd Hoffmann:
> > +efi: edk2-version
> > $(PYTHON) edk2-build.py --config edk2-build.config \
> > - --version-override "edk2-stable202302-for-qemu" \
> > - --release-date "03/01/2023"
> > +
Hi Jonathan,
On Fri, Apr 5, 2024 at 6:56 AM Jonathan Cameron
wrote:
>
> On Fri, 5 Apr 2024 00:07:05 +
> "Ho-Ren (Jack) Chuang" wrote:
>
> > Since different memory devices require finding, allocating, and putting
> > memory types, these common steps are abstracted in this patch,
> > enhancin
Hi Jonathan,
On Tue, Apr 9, 2024 at 9:12 AM Jonathan Cameron
wrote:
>
> On Fri, 5 Apr 2024 15:43:47 -0700
> "Ho-Ren (Jack) Chuang" wrote:
>
> > On Fri, Apr 5, 2024 at 7:03 AM Jonathan Cameron
> > wrote:
> > >
> > > On Fri, 5 Apr 2024 00:07:06 +
> > > "Ho-Ren (Jack) Chuang" wrote:
> > >
>
Reproducer from https://gitlab.com/qemu-project/qemu/-/issues/1451
creates small packet (1 segment, len=10 == n->guest_hdr_len),
destroys queue.
"if (n->host_hdr_len != n->guest_hdr_len)" is triggered. There is
nothing after guest header, if body creates zero length/zero segment packet.
qemu_send
On Thu, Apr 04, 2024 at 01:32:23PM +, Jørgen Hansen wrote:
> On 3/25/24 20:02, nifan@gmail.com wrote:
> > From: Fan Ni
> >
> > Per CXL spec 3.1, two mailbox commands are implemented:
> > Add Dynamic Capacity Response (Opcode 4802h) 8.2.9.9.9.3, and
> > Release Dynamic Capacity (Opcode 480
From: Zack Buhman
The saturation arithmetic logic in helper_macl is not correct.
I tested and verified this behavior on a SH7091.
Signed-off-by: Zack Buhman
Message-Id: <20240404162641.27528-2-z...@buhman.org>
[rth: Reformat helper_macl, add a test case.]
Signed-off-by: Richard Henderson
Revie
Allow host access to the entire 64-bit accumulator.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
target/sh4/cpu.h | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a/target/sh4/cpu.h b/target/sh4/cpu.h
index 9211da6bde..d928bcf006 1006
We already attempted to set and clear can_do_io before the first
and last insns, but only used the initial value of max_insns and
the call to translator_io_start to find those insns.
Now that we track insn_start in DisasContextBase, and now that
we have emit_before_op, we can wait until we have fi
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
target/microblaze/translate.c | 8 ++--
1 file changed, 2 insertions(+), 6 deletions(-)
diff --git a/target/microblaze/translate.c b/target/microblaze/translate.c
index 4e52ef32db..fc451befae 100644
--- a/target/microb
To keep the multiple update check, replace insn_start
with insn_start_updated.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
target/arm/tcg/translate.h | 12 ++--
target/arm/tcg/translate-a64.c | 2 +-
target/arm/tcg/translate.c | 2 +-
3 files chang
From: Keith Packard
Add helpers for reading/writing the 68881 FPSR register so that
changes in floating point exception state can be seen by the
application.
Call these helpers in pre_load/post_load hooks to synchronize
exception state.
Signed-off-by: Keith Packard
Reviewed-by: Richard Henders
To keep the multiple update check, replace insn_start
with insn_start_updated.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
target/hppa/translate.c | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/target/hppa/translate.c b/target/hppa/tr
ository at:
https://gitlab.com/rth7680/qemu.git tags/pull-misc-20240409
for you to fetch changes up to 143bcc1d59f174b6c6743bd4ca8f99415ed1aba2:
linux-user: Preserve unswapped siginfo_t for strace (2024-04-09 07:47:11
-1000)
target/m6
From: Zack Buhman
Before this change, executing a code sequence such as:
mova tblm,r0
movr0,r1
mova tbln,r0
clrs
clrmac
mac.w @r0+,@r1+
mac.w @r0+,@r1+
.align 4
tblm:.word 0x1234
The copy back to siginfo_t should be conditional only on arg3,
not the specific values that might have been written.
The copy back to rusage was missing entirely.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2262
Signed-off-by: Richard Henderson
Tested-by: Alex Fan
Reviewed-by: Philip
From: Zack Buhman
CHECK_NOT_DELAY_SLOT is correctly applied to the branch-related
instructions, but not to the PC-relative mov* instructions.
I verified the existence of an illegal slot exception on a SH7091 when
any of these instructions are attempted inside a delay slot.
This also matches the
This is currently target-specific for many; begin making it
target independent.
Tested-by: Jørgen Hansen
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
include/exec/translator.h | 3 +++
accel/tcg/translator.c| 2 ++
2 files changed, 5 insertions(+)
diff --git a/
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
target/s390x/tcg/translate.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/target/s390x/tcg/translate.c b/target/s390x/tcg/translate.c
index 57b7db1ee9..90a74ee795 100644
--- a/target/s390x/tcg/tran
Allow operations to be emitted via normal expanders
into the middle of the opcode stream.
Tested-by: Jørgen Hansen
Reviewed-by: Philippe Mathieu-Daudé
Reviewed-by: Pierrick Bouvier
Signed-off-by: Richard Henderson
---
include/tcg/tcg.h | 6 ++
tcg/tcg.c | 14 --
2 fil
From: Zack Buhman
The saturation arithmetic logic in helper_macw is not correct.
I tested and verified this behavior on a SH7091.
Reviewd-by: Yoshinori Sato
Signed-off-by: Zack Buhman
Message-Id: <20240405233802.29128-3-z...@buhman.org>
[rth: Reformat helper_macw, add a test case.]
Signed-off-
When aborting translation of the current insn, restore the
previous value of insn_start.
Acked-by: Paolo Bonzini
Tested-by: Jørgen Hansen
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
target/i386/tcg/translate.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a
Passing the tswapped structure to strace means that
our internal si_type is also gone, which then aborts
in print_siginfo.
Fixes: 4d6d8a05a0a ("linux-user: Move tswap_siginfo out of target code")
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
linux-user/signal.c | 12 +
From: Nguyen Dinh Phi
Use glib allocation as recommended by the coding convention
Signed-off-by: Nguyen Dinh Phi
Message-Id: <20240317171747.1642207-1-phind@gmail.com>
Reviewed-by: Alex Bennée
Signed-off-by: Richard Henderson
---
linux-user/main.c | 6 +-
1 file changed, 1 insertion(
To keep the multiple update check, replace insn_start
with insn_start_updated.
Reviewed-by: Philippe Mathieu-Daudé
Signed-off-by: Richard Henderson
---
target/riscv/translate.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/target/riscv/translate.c b/target/risc
101 - 200 of 274 matches
Mail list logo
