When refactoring page_table_walk_refill() in commit 4e999bf419
we missed the indirect call to cpu_mmu_index() in get_pte():
page_table_walk_refill()
-> get_pte()
-> cpu_ld[lq]_code()
-> cpu_mmu_index()
Since we don't mask anymore the modes in hflags, cpu_mmu_index()
can return UM
In order to simplify the next commit, pass the PTE size as MemOp.
Rename:
native_shift -> native_op
directory_shift -> directory_mop
leaf_shift -> leaf_mop
Suggested-by: Richard Henderson
Reviewed-by: Richard Henderson
Signed-off-by: Philippe Mathieu-Daudé
Message-ID: <20240814090452.25
PTE is not CODE so load it as normal DATA access.
Fixes: 074cfcb4da ("Implement hardware page table walker for MIPS32")
Suggested-by: Richard Henderson
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Message-ID: <20240814090452.2591-4-phi...@linaro.org>
---
target/mips/tcg
R5900 emulation was removed in commit 823f2897bd.
Remove it from ELF parsing in order to avoid:
$ qemu-mipsn32 ./test5900
qemu-mipsn32: unable to find CPU model 'R5900'
This reverts commit 4d9e5a0eb7df6e98ac6cf5e16029f35dd05b9537.
Fixes: 823f2897bd ("target/mips: Disable R5900 support")
Sign
From: Nicholas Piggin
_console_interaction reads data from the console even when there is only
an input string to send, and no output data to wait on. This can cause
lines to be missed by wait_for_console_pattern calls that follows an
exec_command. Fix this by not reading the console if there is
From: Pierrick Bouvier
Found on debian stable.
../contrib/plugins/execlog.c: In function ‘vcpu_tb_trans’:
../contrib/plugins/execlog.c:236:22: error: declaration of ‘n’ shadows a
previous local [-Werror=shadow=local]
236 | for (int n = 0; n < all_reg_names->len; n++) {
|
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Message-Id: <20240814133928.6746-5-phi...@linaro.org>
---
linux-user/mips64/target_elf.h | 6 ++
1 file changed, 6 insertions(+)
diff --git a/linux-user/mips64/target_elf.h b/linux-user/mips64/target_elf.h
index a3a8b2e385
Cc: YunQiang Su
Reported-by: Jiaxun Yang
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Henderson
Message-Id: <20240814133928.6746-4-phi...@linaro.org>
---
linux-user/mips64/target_elf.h | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/linux-user/mips64/tar
From: Peter Maydell
When the creds->username property is set we allocate memory
for it in qcrypto_tls_creds_psk_prop_set_username(), but
we never free this when the QCryptoTLSCredsPSK is destroyed.
Free the memory in finalize.
This fixes a LeakSanitizer complaint in migration-test:
$ (cd build/
The Octeon68XX CPU is available since commit 9a6046a655
("target/mips: introduce Cavium Octeon CPU model").
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1722
Reported-by: Johnathan Hữu Trí
Suggested-by: Richard Henderson
Signed-off-by: Philippe Mathieu-Daudé
Reviewed-by: Richard Hend
From: Richard Henderson
Prior to sparcv9, the same encoding was STDFQ.
Cc: qemu-sta...@nongnu.org
Fixes: 06c060d9e5b ("target/sparc: Move simple fp load/store to decodetree")
Signed-off-by: Richard Henderson
Reviewed-by: Philippe Mathieu-Daudé
Message-ID: <20240816072311.353234-2-richard.hende
From: Bernhard Beschow
The machine calls serial_hds_isa_init() which is provided by serial-isa.c,
guarded by SERIAL_ISA.
Signed-off-by: Bernhard Beschow
Reviewed-by: Philippe Mathieu-Daudé
Message-ID: <20240814181534.218964-4-shen...@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé
---
hw/pp
From: Nicholas Piggin
Now that exec_command doesn't incorrectly consume console output,
and guest time is set correctly, ppc_hv_tests.py is working more
reliably. Try marking it non-flaky.
Signed-off-by: Nicholas Piggin
Message-ID: <20240805232814.267843-3-npig...@gmail.com>
Signed-off-by: Phil
From f155cbd57b37fa600c580ed30d593f47383ecd38 Mon Sep 17 00:00:00 2001
From: Carl Hauser
Date: Fri, 16 Aug 2024 09:20:36 -0700
Subject: [PATCH] hw/char: suppress sunmouse events with no changes
Sun optical mice circa 1993 were based on the Mouse Systems
Corp. optical mice. The technical manual f
v5 for riscv zicfilp and zicfiss extensions support in qemu.
Links for previous versions
[1] - v1 https://lists.nongnu.org/archive/html/qemu-devel/2024-07/msg06017.html
[2] - v2
https://lore.kernel.org/all/ed23bcbc-fdc4-4492-803c-daa958803...@linaro.org/T/
[3] - v3 https://lists.nongnu.org/arch
sw check exception support was recently added. This patch further augments
sw check exception by providing support for additional code which is
provided in *tval. Adds `sw_check_code` field in cpuarchstate. Whenever
sw check exception is raised *tval gets the value deposited in
`sw_check_code`.
Si
zicfiss introduces a new state ssp ("shadow stack register") in cpu.
ssp is expressed as a new unprivileged csr (CSR_SSP=0x11) and holds
virtual address for shadow stack as programmed by software.
Shadow stack (for each mode) is enabled via bit3 in *envcfg CSRs.
Shadow stack can be enabled for a m
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Shu
Co-developed-by: Andy Chiu
Reviewed-by: Richard Henderson
---
disas/riscv.c | 18 +-
disas/riscv.h | 2 ++
2 files changed, 19 insertions(+), 1 deletion(-)
diff --git a/disas/riscv.c b/disas/riscv.c
index c8364c2b07..c7c92a
Enable disassembly for sspush, sspopchk, ssrdp & ssamoswap.
Disasembly is only enabled if zimop and zicfiss ext is set to true.
Signed-off-by: Deepak Gupta
---
disas/riscv.c | 40 +++-
disas/riscv.h | 1 +
2 files changed, 40 insertions(+), 1 deletion(-)
dif
sspush/sspopchk have compressed encodings carved out of zcmops.
compressed sspush is designated as c.mop.1 while compressed sspopchk
is designated as c.mop.5.
Note that c.sspush x1 exists while c.sspush x5 doesn't. Similarly
c.sspopchk x5 exists while c.sspopchk x1 doesn't.
Signed-off-by: Deepak
zicfiss has following instructions
- sspopchk: pops a value from shadow stack and compares with x1/x5.
If they dont match, reports a sw check exception with tval = 3.
- sspush: pushes value in x1/x5 on shadow stack
- ssrdp: reads current shadow stack
- ssamoswap: swaps contents of shadow sta
zicfiss [1] riscv cpu extension enables backward control flow integrity.
This patch sets up space for zicfiss extension in cpuconfig. And imple-
ments dependency on A, zicsr, zimop and zcmop extensions.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepak Gupta
Co-developed-by: Jim Sh
zicfilp introduces a new state elp ("expected landing pad") in cpu.
During normal execution, elp is idle (NO_LP_EXPECTED) i.e not expecting
landing pad. On an indirect call, elp moves LP_EXPECTED. When elp is
LP_EXPECTED, only a subsquent landing pad instruction can set state back
to NO_LP_EXPECTED
zicfilp protects forward control flow (if enabled) by enforcing all
indirect call and jmp must land on a landing pad instruction `lpad`. If
target of an indirect call or jmp is not `lpad` then cpu/hart must raise
a sw check exception with tval = 2.
This patch implements the mechanism using TCG. Ta
sspush and sspopchk have equivalent compressed encoding taken from zcmop.
cmop.1 is sspush x1 while cmop.5 is sspopchk x5. Due to unusual encoding
for both rs1 and rs2 from space bitfield, this required a new codec.
Signed-off-by: Deepak Gupta
---
disas/riscv.c | 19 ++-
disas/ri
zicfilp [1] riscv cpu extension enables forward control flow integrity.
If enabled, all indirect calls must land on a landing pad instruction.
This patch sets up space for zicfilp extension in cpuconfig. zicfilp
is dependend on zicsr.
[1] - https://github.com/riscv/riscv-cfi
Signed-off-by: Deepa
Implements setting lp expected when `jalr` is encountered and implements
`lpad` instruction of zicfilp. `lpad` instruction is taken out of
auipc x0, . This is an existing HINTNOP space. If `lpad` is
target of an indirect branch, cpu checks for 20 bit value in x7 upper
with 20 bit value embedded in
Shadow stack instructions can be decoded as zimop / zcmop or shadow stack
instructions depending on whether shadow stack are enabled at current
privilege. This requires a TB flag so that correct TB generation and correct
TB lookup happens. `DisasContext` gets a field indicating whether bcfi is
enab
elp state is recorded in *status on trap entry (less privilege to higher
privilege) and restored in elp from *status on trap exit (higher to less
privilege).
Additionally this patch introduces a forward cfi helper function to
determine if current privilege has forward cfi is enabled or not based o
zicfiss protects shadow stack using new page table encodings PTE.W=0,
PTE.R=0 and PTE.X=0. This encoding is reserved if zicfiss is not
implemented or if shadow stack are not enabled.
Loads on shadow stack memory are allowed while stores to shadow stack
memory leads to access faults. Shadow stack ac
Hi Salil,
On 8/19/24 10:21 PM, Salil Mehta wrote:
From: Gavin Shan
Sent: Tuesday, August 13, 2024 2:17 AM
To: Salil Mehta ; qemu-devel@nongnu.org;
qemu-...@nongnu.org; m...@redhat.com
On 6/14/24 9:36 AM, Salil Mehta wrote:
> During `machvirt_init()`, QOM ARMCPU objects are pre-c
Hi Salil,
On 8/19/24 10:10 PM, Salil Mehta wrote:
From: Gavin Shan
Sent: Tuesday, August 13, 2024 2:05 AM
To: Salil Mehta ; qemu-devel@nongnu.org;
qemu-...@nongnu.org; m...@redhat.com
On 6/14/24 9:36 AM, Salil Mehta wrote:
> ACPI CPU hotplug state (is_present=_STA.PRESENT,
> i
typing.Match was removed in Python 3.13, so we need to use re.Match
instead. However, Python 3.8 doesn't support using re.Match as a type
hint directly, so we need a conditional for now.
The import is written oddly so that "Match" is explicitly re-exported
for re-use by other modules. mypy will co
Maybe temporary, I am not sure. Instead of disabling docstring checking
*globally* for all of our python files, just disable it for QAPI
modules.
Signed-off-by: John Snow
---
scripts/qapi/commands.py | 2 ++
scripts/qapi/common.py | 2 ++
scripts/qapi/events.py | 2 ++
scripts/qapi/exp
Move the QAPI generator module to python/qemu/qapi so that it's checked
by the same standard linter/static analysis regime as the other python
code.
This has the additional side-effect of marking me as a co-maintainer of
the QAPI generator.
John Snow (8):
python/qapi: correct re.Match type hint
Pylint >= 3.0.0 disabled this feature, but older pylint does not: allow
short names by default by using a regex to do so.
Incidentally, this removes the need for most of the allow list we had before, so
remove most of that, too.
Signed-off-by: John Snow
---
python/setup.cfg | 16 +--
Now that the qemu.qapi module is checked by the standard python tests,
we don't need separate configuration for it anymore.
Signed-off-by: John Snow
---
python/qemu/qapi/.flake8| 3 --
python/qemu/qapi/.isort.cfg | 7 -
python/qemu/qapi/mypy.ini | 4 ---
python/qemu/qapi/pylintrc
qemu.git/python/setup.cfg disallows checking in any code with "XXX",
"FIXME" or "TODO" in the comments. Soften the restriction to only
prohibit "FIXME", and change the two occurrences of "FIXME" in qapi to
read "TODO" instead.
Signed-off-by: John Snow
---
python/setup.cfg | 5 +
scri
We are preparing to move the QAPI generator code into
qemu.git/python/qemu/qapi.
The qemu.git/python pylint configuration is stricter than the current
qapi generator configuration. These additional pragmas bridge the gap
without requiring us to loosen the requirements in the python directory.
Sig
These pragmas are no longer neccessary under our current linter/static
analysis versions; they can be removed.
Signed-off-by: John Snow
---
scripts/qapi/gen.py | 2 --
1 file changed, 2 deletions(-)
diff --git a/scripts/qapi/gen.py b/scripts/qapi/gen.py
index 6a8abe00415..ce94aee8e70 100644
---
This is being done for the sake of unifying the linting and static type
analysis configurations between scripts/qapi and python/qemu/*.
With this change, the qapi module will now be checked by mypy, flake8,
pylint, isort etc under all python versions from 3.8 through 3.13 under
a variety of differ
On 2024/8/14 17:13, Richard Henderson wrote:
On 8/13/24 21:34, LIU Zhiwei wrote:
From: TANG Tiancheng
Signed-off-by: TANG Tiancheng
Reviewed-by: Liu Zhiwei
---
tcg/riscv/tcg-target-con-set.h | 1 +
tcg/riscv/tcg-target.c.inc | 33 +
2 files changed,
On 2024/8/14 17:17, Richard Henderson wrote:
On 8/13/24 21:34, LIU Zhiwei wrote:
+ OPC_VADD_VV = 0x57 | V_OPIVV,
+ OPC_VSUB_VV = 0x857 | V_OPIVV,
+ OPC_VAND_VV = 0x2457 | V_OPIVV,
+ OPC_VOR_VV = 0x2857 | V_OPIVV,
+ OPC_VXOR_VV = 0x2c57 | V_OPIVV,
Immediate oper
On 2024/8/19 17:57, Duan, Zhenzhong wrote:
-Original Message-
From: Liu, Yi L
Subject: Re: [PATCH v2 13/17] intel_iommu: piotlb invalidation should
notify unmap
On 2024/8/5 14:27, Zhenzhong Duan wrote:
This is used by some emulated devices which caches address
translation result. Wh
>-Original Message-
>From: Liu, Yi L
>Subject: Re: [PATCH v2 13/17] intel_iommu: piotlb invalidation should
>notify unmap
>
>On 2024/8/19 17:57, Duan, Zhenzhong wrote:
>>
>>
>>> -Original Message-
>>> From: Liu, Yi L
>>> Subject: Re: [PATCH v2 13/17] intel_iommu: piotlb invalida
ping.
> -Original Message-
> From: Yao Xingtao
> Sent: Thursday, July 25, 2024 1:55 PM
> To: qemu-devel@nongnu.org
> Cc: Yao, Xingtao/姚 幸涛
> Subject: [PATCH] scripts/coccinelle: New range.cocci
>
> This is the semantic patch from commit 7b3e371526 "cxl/mailbox: make
> range overlap chec
ping.
> -Original Message-
> From: Yao Xingtao
> Sent: Monday, July 22, 2024 12:08 PM
> To: qemu-devel@nongnu.org; Kevin Wolf ; Hanna Reitz
>
> Cc: Yao, Xingtao/姚 幸涛 ; qemu-bl...@nongnu.org
> Subject: [PATCH 13/13] block/qcow2-cluster: make range overlap check more
> readable
>
> use ra
ping.
> -Original Message-
> From: Yao Xingtao
> Sent: Thursday, July 25, 2024 5:38 PM
> To: m...@redhat.com; marcel.apfelb...@gmail.com
> Cc: qemu-devel@nongnu.org; Yao, Xingtao/姚 幸涛
> Subject: [PATCH v4] pci-bridge: avoid linking a single downstream port more
> than
> once
>
> Since
Hi Markus,
This seems to be ignored...
On 8/13/24 09:51, zhenwei pi wrote:
> On 8/12/24 14:14, Philippe Mathieu-Daudé wrote:
>> On 12/8/24 03:42, zhenwei pi wrote:
>>> QCryptodevBackendServiceType was introduced by
>>> bc304a6442e (cryptodev: Introduce server type in QAPI). However there
>>> is a
Hi Alistair,
> -Original Message-
> From: Alvin Che-Chia Chang(張哲嘉)
> Sent: Sunday, July 21, 2024 3:24 PM
> To: qemu-ri...@nongnu.org; qemu-devel@nongnu.org
> Cc: alistair.fran...@wdc.com; bin.m...@windriver.com;
> liwei1...@gmail.com; dbarb...@ventanamicro.com;
> zhiwei_...@linux.alibaba
From: Klaus Jensen
Hi,
The following changes since commit 48e4ba59a3756aad743982da16bf9b5120d91a0c:
Merge tag 'pull-riscv-to-apply-20240819-1' of
https://github.com/alistair23/qemu into staging (2024-08-19 14:55:23 +1000)
are available in the Git repository at:
https://
From: Klaus Jensen
Yutaro Shimizu from the Cyber Defense Institute discovered a bug in the
NVMe emulation that leaks contents of an uninitialized heap buffer if
subsystem and FDP emulation are enabled.
Cc: qemu-sta...@nongnu.org
Reported-by: Yutaro Shimizu
Signed-off-by: Klaus Jensen
---
hw/n
Changes for v2:
- Handle short reads from the mmap_frag subroutine.
- Update bsd-user as well.
r~
Richard Henderson (2):
linux-user: Handle short reads in mmap_h_gt_g
bsd-user: Handle short reads in mmap_h_gt_g
bsd-user/mmap.c | 38 --
linux-user/
In particular, if an image has a large bss, we can hit EOF before reading
all bytes of the mapping. Mirror the similar change to linux-user.
Signed-off-by: Richard Henderson
---
bsd-user/mmap.c | 38 --
1 file changed, 36 insertions(+), 2 deletions(-)
diff -
In particular, if an image has a large bss, we can hit
EOF before reading all host_len bytes of the mapping.
Create a helper, mmap_pread to handle the job for both
the larger block in mmap_h_gt_g itself, as well as the
smaller block in mmap_frag.
Cc: qemu-sta...@nongnu.org
Fixes: eb5027ac618 ("li
On 8/20/24 11:57, LIU Zhiwei wrote:
On 2024/8/14 17:17, Richard Henderson wrote:
On 8/13/24 21:34, LIU Zhiwei wrote:
+ OPC_VADD_VV = 0x57 | V_OPIVV,
+ OPC_VSUB_VV = 0x857 | V_OPIVV,
+ OPC_VAND_VV = 0x2457 | V_OPIVV,
+ OPC_VOR_VV = 0x2857 | V_OPIVV,
+ OPC_VXOR_VV = 0x
On 8/20/24 10:01, Deepak Gupta wrote:
zicfilp introduces a new state elp ("expected landing pad") in cpu.
During normal execution, elp is idle (NO_LP_EXPECTED) i.e not expecting
landing pad. On an indirect call, elp moves LP_EXPECTED. When elp is
LP_EXPECTED, only a subsquent landing pad instruct
On 8/20/24 10:01, Deepak Gupta wrote:
zicfilp protects forward control flow (if enabled) by enforcing all
indirect call and jmp must land on a landing pad instruction `lpad`. If
target of an indirect call or jmp is not `lpad` then cpu/hart must raise
a sw check exception with tval = 2.
This patc
On 8/20/24 10:01, Deepak Gupta wrote:
Implements setting lp expected when `jalr` is encountered and implements
`lpad` instruction of zicfilp. `lpad` instruction is taken out of
auipc x0, . This is an existing HINTNOP space. If `lpad` is
target of an indirect branch, cpu checks for 20 bit value in
On 8/20/24 10:01, Deepak Gupta wrote:
+/* shadow stack register for zicfiss extension */
+target_ulong ssp;
This will also require migration.
r~
On 8/20/24 08:50, Philippe Mathieu-Daudé wrote:
The following changes since commit ecdfa31beb1f7616091bedba79dfdf9ee525ed9d:
Merge tag 'pull-request-2024-08-16' ofhttps://gitlab.com/thuth/qemu into
staging (2024-08-16 18:18:27 +1000)
are available in the Git repository at:
https://githu
101 - 161 of 161 matches
Mail list logo
