Re: [PATCH 27/36] next-cube: QOMify NeXTRTC

2024-11-09 Thread Thomas Huth
Am Wed, 23 Oct 2024 09:58:43 +0100 schrieb Mark Cave-Ayland : > This is to allow the RTC functionality to be maintained within its own > separate > device. > > Signed-off-by: Mark Cave-Ayland > --- > hw/m68k/next-cube.c | 66 - > 1 file changed, 48 i

Re: [PATCH 28/36] next-cube: move reset of next-rtc fields from next-pc to next-rtc

2024-11-09 Thread Thomas Huth
Am Wed, 23 Oct 2024 09:58:44 +0100 schrieb Mark Cave-Ayland : > Signed-off-by: Mark Cave-Ayland > --- > hw/m68k/next-cube.c | 17 - > 1 file changed, 12 insertions(+), 5 deletions(-) Reviewed-by: Thomas Huth

Re: [PATCH v2 2/3] qdev-properties: Add DEFINE_PROP_ON_OFF_AUTO_BIT64()

2024-11-09 Thread Akihiko Odaki
On 2024/11/01 20:44, Daniel P. Berrangé wrote: On Thu, Oct 31, 2024 at 04:21:53PM +0900, Akihiko Odaki wrote: On 2024/10/29 1:50, Daniel P. Berrangé wrote: On Tue, Oct 22, 2024 at 01:50:39PM +0900, Akihiko Odaki wrote: DEFINE_PROP_ON_OFF_AUTO_BIT64() corresponds to DEFINE_PROP_ON_OFF_AUTO() as

Re: xlnx-versal-virt smmu

2024-11-09 Thread Edgar E. Iglesias
On Fri, Nov 08, 2024 at 04:26:20PM +, Ho, Nelson via wrote: > Hi Edgar, > > I am working on bringing up the Wind River Helix hypervisor on the > xlnx-versal-virt machine, which expects to find MMU-500 SMMU where it lives > on the Versal SoC. I understand the -virt machine is not intended to

[Stable-8.2.8 25/49] linux-user: Emulate /proc/self/maps under mmap_lock

2024-11-09 Thread Michael Tokarev
From: Ilya Leoshkevich If one thread modifies the mappings and another thread prints them, a situation may occur that the printer thread sees a guest mapping without a corresponding host mapping, leading to a crash in open_self_maps_2(). Cc: qemu-sta...@nongnu.org Fixes: 7b7a3366e142 ("linux-use

Re: [PATCH 34/36] next-cube: rename old_scr2 and scr2_2 in next_scr2_rtc_update()

2024-11-09 Thread Thomas Huth
Am Wed, 23 Oct 2024 09:58:50 +0100 schrieb Mark Cave-Ayland : > Rename them to old_scr2_rtc and scr2_rtc to reflect that they contain the > previous > and current values of the SCR2 RTC bits. > > Signed-off-by: Mark Cave-Ayland > --- > hw/m68k/next-cube.c | 14 +++--- > 1 file changed,

Re: [PATCH 35/36] next-cube: add my copyright to the top of the file

2024-11-09 Thread Thomas Huth
Am Wed, 23 Oct 2024 09:58:51 +0100 schrieb Mark Cave-Ayland : > This series has involved rewriting and/or updating a considerable part of the > next-cube emulation so update the copyright in next-cube.c to reflect this. > > Signed-off-by: Mark Cave-Ayland > --- > hw/m68k/next-cube.c | 1 + > 1

Re: [PATCH 33/36] next-cube: move next_rtc_cmd_is_write() and next_rtc_data_in_irq() functions

2024-11-09 Thread Thomas Huth
Am Wed, 23 Oct 2024 09:58:49 +0100 schrieb Mark Cave-Ayland : > Move these functions in next-cube.c so that they are with the rest of the > next-rtc functions. > > Signed-off-by: Mark Cave-Ayland > --- > hw/m68k/next-cube.c | 172 ++-- > 1 file changed, 8

Re: [PATCH 29/36] next-cube: move rtc-data-in gpio from next-pc to next-rtc device

2024-11-09 Thread Thomas Huth
Am Wed, 23 Oct 2024 09:58:45 +0100 schrieb Mark Cave-Ayland : > Add a new rtc-data-out gpio to the next-pc device and wire it up to the > next-rtc > rtc-data-in gpio using the standard qdev gpio APIs. > > Signed-off-by: Mark Cave-Ayland > --- > hw/m68k/next-cube.c | 26 +---

Re: [PATCH 31/36] next-cube: add rtc-cmd-reset named gpio to reset the rtc state machine

2024-11-09 Thread Thomas Huth
Am Wed, 23 Oct 2024 09:58:47 +0100 schrieb Mark Cave-Ayland : > This allows us to decouple the next-pc and next-rtc devices from each > other in next_scr2_rtc_update(). > > Signed-off-by: Mark Cave-Ayland > --- > hw/m68k/next-cube.c | 23 +++ > 1 file changed, 19 insertions(

[Stable-8.2.8 01/49] softmmu/physmem.c: Keep transaction attribute in address_space_map()

2024-11-09 Thread Michael Tokarev
From: "Fea.Wang" The follow-up transactions may use the data in the attribution, so keep the value of attribution from the function parameter just as flatview_translate() above. Signed-off-by: Fea.Wang Cc: qemu-sta...@nongnu.org Fixes: f26404fbee ("Make address_space_map() take a MemTxAttrs arg

[Stable-8.2.8 v1 00/49] Patch Round-up for stable 8.2.8, freeze on 2024-11-18

2024-11-09 Thread Michael Tokarev
The following patches are queued for QEMU stable v8.2.8: https://gitlab.com/qemu-project/qemu/-/commits/staging-8.2 Patch freeze is 2024-11-18, and the release is planned for 2024-11-20: https://wiki.qemu.org/Planning/8.2 Please respond here or CC qemu-sta...@nongnu.org on any additional pa

Re: [PATCH v3 2/6] ui/sdl2: Implement dpy dmabuf functions

2024-11-09 Thread Akihiko Odaki
On 2024/11/09 15:52, Dmitry Osipenko wrote: Accidentally missed this email a week ago. Thanks again for all the reviews! On 10/31/24 10:32, Akihiko Odaki wrote: ...   +# libx11 presents together with SDL or GTK libs on systems that support X11 +xlib = dependency('x11', required: false) There

[Stable-8.2.8 05/49] block/reqlist: allow adding overlapping requests

2024-11-09 Thread Michael Tokarev
From: Fiona Ebner Allow overlapping request by removing the assert that made it impossible. There are only two callers: 1. block_copy_task_create() It already asserts the very same condition before calling reqlist_init_req(). 2. cbw_snapshot_read_lock() There is no need to have read requests

[Stable-8.2.8 04/49] target/ppc: Fix lxvx/stxvx facility check

2024-11-09 Thread Michael Tokarev
From: Fabiano Rosas The XT check for the lxvx/stxvx instructions is currently inverted. This was introduced during the move to decodetree. >From the ISA: Chapter 7. Vector-Scalar Extension Facility Load VSX Vector Indexed X-form lxvx XT,RA,RB if TX=0 & MSR.VSX=0 then VSX_Unavailable()

Re: [PATCH v10 0/8] memory: prevent dma-reentracy issues

2024-11-09 Thread Akihiko Odaki
On 2024/11/09 4:56, Alexander Bulekov wrote: On 230427 1710, Alexander Bulekov wrote: These patches aim to solve two types of DMA-reentrancy issues: 1.) mmio -> dma -> mmio case To solve this, we track whether the device is engaged in io by checking/setting a reentrancy-guard within APIs used

[Stable-8.2.8 03/49] tcg: Fix iteration step in 32-bit gvec operation

2024-11-09 Thread Michael Tokarev
From: TANG Tiancheng The loop in the 32-bit case of the vector compare operation was incorrectly incrementing by 8 bytes per iteration instead of 4 bytes. This caused the function to process only half of the intended elements. Cc: qemu-sta...@nongnu.org Fixes: 9622c697d1 (tcg: Add gvec compare w

[Stable-8.2.8 02/49] target/arm: Correct ID_AA64ISAR1_EL1 value for neoverse-v1

2024-11-09 Thread Michael Tokarev
From: Peter Maydell The Neoverse-V1 TRM is a bit confused about the layout of the ID_AA64ISAR1_EL1 register, and so its table 3-6 has the wrong value for this ID register. Trust instead section 3.2.74's list of which fields are set. This means that we stop incorrectly reporting FEAT_XS as prese

[Stable-8.2.8 09/49] linux-user/flatload: Take mmap_lock in load_flt_binary()

2024-11-09 Thread Michael Tokarev
From: Philippe Mathieu-Daudé load_flt_binary() calls load_flat_file() -> page_set_flags(). page_set_flags() must be called with the mmap_lock held, otherwise it aborts: $ qemu-arm -L stm32/lib/ stm32/bin/busybox qemu-arm: ../accel/tcg/user-exec.c:505: page_set_flags: Assertion `have_mmap_l

[Stable-8.2.8 08/49] testing: bump mips64el cross to bookworm and fix package list

2024-11-09 Thread Michael Tokarev
From: Alex Bennée The mips64el cross setup is very broken for bullseye which has now entered LTS support so is unlikely to be fixed. While we still can't build the container with all packages for bookworm due to a single missing dependency that will hopefully get fixed in due course. For the sake

[Stable-8.2.8 13/49] target/m68k: Always return a temporary from gen_lea_mode

2024-11-09 Thread Michael Tokarev
From: Richard Henderson Returning a raw areg does not preserve the value if the areg is subsequently modified. Fixes, e.g. "jsr (sp)", where the return address is pushed before the branch. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2483 Signed-off-by: Richard Henderson Message-Id:

[Stable-8.2.8 06/49] target/arm: Avoid target_ulong for physical address lookups

2024-11-09 Thread Michael Tokarev
From: Ard Biesheuvel target_ulong is typedef'ed as a 32-bit integer when building the qemu-system-arm target, and this is smaller than the size of an intermediate physical address when LPAE is being used. Given that Linux may place leaf level user page tables in high memory when built for LPAE,

[Stable-8.2.8 14/49] hw/intc/arm_gicv3_cpuif: Add cast to match the documentation

2024-11-09 Thread Michael Tokarev
From: Alexandra Diupina The result of 1 << regbit with regbit==31 has a 1 in the 32nd bit. When cast to uint64_t (for further bitwise OR), the 32 most significant bits will be filled with 1s. However, the documentation states that the upper 32 bits of ICH_AP[0/1]R_EL2 are reserved. Add an explic

[Stable-8.2.8 12/49] tcg/ppc: Use TCG_REG_TMP2 for scratch index in prepare_host_addr

2024-11-09 Thread Michael Tokarev
From: Richard Henderson In tcg_out_qemu_ldst_i128, we need a non-zero index register, which we then use as a base register in several address modes. Since we always have TCG_REG_TMP2 available, use that. Cc: qemu-sta...@nongnu.org Fixes: 526cd4ec01f ("tcg/ppc: Support 128-bit load/store") Resolv

[Stable-8.2.8 10/49] linux-user: Fix parse_elf_properties GNU0_MAGIC check

2024-11-09 Thread Michael Tokarev
From: Richard Henderson Comparing a string of 4 bytes only works in little-endian. Adjust bulk bswap to only apply to the note payload. Perform swapping of the note header manually; the magic is defined so that it does not need a runtime swap. Fixes: 83f990eb5adb ("linux-user/elfload: Parse NT_

[Stable-8.2.8 11/49] tcg/ppc: Use TCG_REG_TMP2 for scratch tcg_out_qemu_st

2024-11-09 Thread Michael Tokarev
From: Richard Henderson In the fallback when STDBRX is not available, avoid clobbering TCG_REG_TMP1, which might be h.base, which is still in use. Use TCG_REG_TMP2 instead. Cc: qemu-sta...@nongnu.org Fixes: 01a112e2e9 ("tcg/ppc: Reorg tcg_out_tlb_read") Signed-off-by: Richard Henderson Tested-B

[Stable-8.2.8 16/49] ui/win32: fix potential use-after-free with dbus shared memory

2024-11-09 Thread Michael Tokarev
From: Marc-André Lureau DisplaySurface may be free before the pixman image is freed, since the image is refcounted and used by different objects, including pending dbus messages. Furthermore, setting the destroy function in create_displaysurface_from() isn't appropriate, as it may not be used, a

[Stable-8.2.8 07/49] fuzz: disable leak-detection for oss-fuzz builds

2024-11-09 Thread Michael Tokarev
From: Alexander Bulekov When we are building for OSS-Fuzz, we want to ensure that the fuzzer targets are actually created, regardless of leaks. Leaks will be detected by the subsequent tests of the individual fuzz-targets. Signed-off-by: Alexander Bulekov Reviewed-by: Philippe Mathieu-Daudé Me

[Stable-8.2.8 19/49] tests: Wait for migration completion on destination QEMU to avoid failures

2024-11-09 Thread Michael Tokarev
From: Stefan Berger Rather than waiting for the completion of migration on the source side, wait for it on the destination QEMU side to avoid accessing the TPM TIS memory mapped registers before QEMU could restore their state. This error condition could be triggered on busy systems where the dest

[Stable-8.2.8 17/49] KVM: Dynamic sized kvm memslots array

2024-11-09 Thread Michael Tokarev
From: Peter Xu Zhiyi reported an infinite loop issue in VFIO use case. The cause of that was a separate discussion, however during that I found a regression of dirty sync slowness when profiling. Each KVMMemoryListerner maintains an array of kvm memslots. Currently it's statically allocated to

[Stable-8.2.8 33/49] target/arm: Don't assert in regime_is_user() for E10 mmuidx values

2024-11-09 Thread Michael Tokarev
From: Peter Maydell In regime_is_user() we assert if we're passed an ARMMMUIdx_E10_* mmuidx value. This used to make sense because we only used this function in ptw.c and would never use it on this kind of stage 1+2 mmuidx, only for an individual stage 1 or stage 2 mmuidx. However, when we imple

[Stable-8.2.8 18/49] accel/kvm: check for KVM_CAP_READONLY_MEM on VM

2024-11-09 Thread Michael Tokarev
From: Tom Dohrmann KVM_CAP_READONLY_MEM used to be a global capability, but with the introduction of AMD SEV-SNP confidential VMs, this extension is not always available on all VM types [1,2]. Query the extension on the VM level instead of on the KVM level. [1] https://patchwork.kernel.org/pro

[Stable-8.2.8 32/49] net/tap-win32: Fix gcc 14 format truncation errors

2024-11-09 Thread Michael Tokarev
From: Bernhard Beschow The patch fixes the following errors generated by GCC 14.2: ../src/net/tap-win32.c:343:19: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 176 [-Werror=format-truncation=] 343 | "%s\\%s\\Connection", |

[Stable-8.2.8 34/49] target/arm: Fix arithmetic underflow in SETM instruction

2024-11-09 Thread Michael Tokarev
From: Ido Plat Pass the stage size to step function callback, otherwise do_setm would hang when size is larger then page size because stage size would underflow. This fix changes do_setm to be more inline with do_setp. Cc: qemu-sta...@nongnu.org Fixes: 0e92818887dee ("target/arm: Implement the

[Stable-8.2.8 27/49] vfio/migration: Report only stop-copy size in vfio_state_pending_exact()

2024-11-09 Thread Michael Tokarev
From: Avihai Horon vfio_state_pending_exact() is used to update migration core how much device data is left for the device migration. Currently, the sum of pre-copy and stop-copy sizes of the VFIO device are reported. The pre-copy size is obtained via the VFIO_MIG_GET_PRECOPY_INFO ioctl, which r

[Stable-8.2.8 20/49] tests/qemu-iotests/211.out: Update to expect MapEntry 'compressed' field

2024-11-09 Thread Michael Tokarev
From: Peter Maydell In commit 52b10c9c0c68e90f in 2023 the QAPI MapEntry struct was updated to add a 'compressed' field. That commit updated a number of iotest expected-output files, but missed 211, which is vdi specific. The result is that ./check -vdi and more specifically ./check -vdi 211 fa

[Stable-8.2.8 26/49] linux-user/ppc: Fix sigmask endianness issue in sigreturn

2024-11-09 Thread Michael Tokarev
From: Ilya Leoshkevich do_setcontext() copies the target sigmask without endianness handling and then uses target_to_host_sigset_internal(), which expects a byte-swapped one. Use target_to_host_sigset() instead. Fixes: bcd4933a23f1 ("linux-user: ppc signal handling") Signed-off-by: Ilya Leoshkev

[Stable-8.2.8 29/49] dockerfiles: fix default targets for debian-loongarch-cross

2024-11-09 Thread Michael Tokarev
From: Pierrick Bouvier fix system target name, and remove --disable-system (which deactivates system target). Found using: make docker-test-build@debian-loongarch-cross V=1 Signed-off-by: Pierrick Bouvier Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Thomas Huth Message-Id: <2024102021375

[Stable-8.2.8 47/49] migration: Ensure vmstate_save() sets errp

2024-11-09 Thread Michael Tokarev
From: Hanna Czenczek migration/savevm.c contains some calls to vmstate_save() that are followed by migrate_set_error() if the integer return value indicates an error. migrate_set_error() requires that the `Error *` object passed to it is set. Therefore, vmstate_save() is assumed to always set *

[Stable-8.2.8 42/49] target/riscv/kvm: clarify how 'riscv-aia' default works

2024-11-09 Thread Michael Tokarev
From: Daniel Henrique Barboza We do not have control in the default 'riscv-aia' default value. We can try to set it to a specific value, in this case 'auto', but there's no guarantee that the host will accept it. Couple with this we're always doing a 'qemu_log' to inform whether we're ended up u

[Stable-8.2.8 28/49] gitlab: make check-[dco|patch] a little more verbose

2024-11-09 Thread Michael Tokarev
From: Alex Bennée When git fails the rather terse backtrace only indicates it failed without some useful context. Add some to make the log a little more useful. Reviewed-by: Daniel P. Berrangé Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-11-alex.ben...@linaro.org> (cherry pic

[Stable-8.2.8 35/49] target/riscv/csr.c: Fix an access to VXSAT

2024-11-09 Thread Michael Tokarev
From: Evgenii Prokopiev The register VXSAT should be RW only to the first bit. The remaining bits should be 0. The RISC-V Instruction Set Manual Volume I: Unprivileged Architecture The vxsat CSR has a single read-write least-significant bit (vxsat[0]) that indicates if a fixed-point instruction

[Stable-8.2.8 31/49] net: fix build when libbpf is disabled, but libxdp is enabled

2024-11-09 Thread Michael Tokarev
From: Daniel P. Berrangé The net/af-xdp.c code is enabled when the libxdp library is present, however, it also has direct API calls to bpf_xdp_query_id & bpf_xdp_detach which are provided by the libbpf library. As a result if building with --disable-libbpf, but libxdp gets auto-detected, we'll f

[Stable-8.2.8 44/49] target/ppc: Set ctx->opcode for decode_insn32()

2024-11-09 Thread Michael Tokarev
From: Ilya Leoshkevich divdu (without a dot) sometimes updates cr0, even though it shouldn't. The reason is that gen_op_arith_divd() checks Rc(ctx->opcode), which is not initialized. This field is initialized only for instructions that go through decode_legacy(), and not decodetree. There alread

[Stable-8.2.8 48/49] hw/nvme: fix handling of over-committed queues

2024-11-09 Thread Michael Tokarev
From: Klaus Jensen If a host chooses to use the SQHD "hint" in the CQE to know if there is room in the submission queue for additional commands, it may result in a situation where there are not enough internal resources (struct NvmeRequest) available to process the command. For a lack of a better

[Stable-8.2.8 38/49] target/riscv: Set vtype.vill on CPU reset

2024-11-09 Thread Michael Tokarev
From: Rob Bradford The RISC-V unprivileged specification "31.3.11. State of Vector Extension at Reset" has a note that recommends vtype.vill be set on reset as part of ensuring that the vector extension have a consistent state at reset. This change now makes QEMU consistent with Spike which sets

[Stable-8.2.8 46/49] target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed)

2024-11-09 Thread Michael Tokarev
From: Peter Maydell Our implementation of the indexed version of SVE SDOT/UDOT/USDOT got the calculation of the inner loop terminator wrong. Although we correctly account for the element size when we calculate the terminator for the first iteration: intptr_t segend = MIN(16 / sizeof(TYPED), o

[Stable-8.2.8 37/49] hw/intc: Don't clear pending bits on IRQ lowering

2024-11-09 Thread Michael Tokarev
From: Sergey Makarov According to PLIC specification (chapter 5), there is only one case, when interrupt is claimed. Fix PLIC controller to match this behavior. Signed-off-by: Sergey Makarov Reviewed-by: Alistair Francis Message-ID: <20240918140229.124329-3-s.maka...@syntacore.com> Signed-off-

[Stable-8.2.8 45/49] target/ppc: Fix mtDPDES targeting SMT siblings

2024-11-09 Thread Michael Tokarev
From: Nicholas Piggin A typo in the loop over SMT threads to set irq level for doorbells when storing to DPDES meant everything was aimed at the CPU executing the instruction. Cc: qemu-sta...@nongnu.org Fixes: d24e80b2ae ("target/ppc: Add msgsnd/p and DPDES SMT support") Reviewed-by: Philippe Ma

[Stable-8.2.8 36/49] target/riscv: Correct SXL return value for RV32 in RV64 QEMU

2024-11-09 Thread Michael Tokarev
From: TANG Tiancheng Ensure that riscv_cpu_sxl returns MXL_RV32 when runningRV32 in an RV64 QEMU. Signed-off-by: TANG Tiancheng Fixes: 05e6ca5e156 ("target/riscv: Ignore reserved bits in PTE for RV64") Reviewed-by: Liu Zhiwei Reviewed-by: Alistair Francis Message-ID: <20240919055048.562-4-zhi

[Stable-8.2.8 30/49] Fix calculation of minimum in colo_compare_tcp

2024-11-09 Thread Michael Tokarev
From: Stefan Weil GitHub's CodeQL reports a critical error which is fixed by using the MIN macro: Unsigned difference expression compared to zero Signed-off-by: Stefan Weil Cc: qemu-sta...@nongnu.org Reviewed-by: Zhang Chen Signed-off-by: Jason Wang (cherry picked from commit e29bc931e16

[Stable-8.2.8 41/49] target/riscv/kvm: set 'aia_mode' to default in error path

2024-11-09 Thread Michael Tokarev
From: Daniel Henrique Barboza When failing to set the selected AIA mode, 'aia_mode' is left untouched. This means that 'aia_mode' will not reflect the actual AIA mode, retrieved in 'default_aia_mode', This is benign for now, but it will impact QMP query commands that will expose the 'aia_mode' v

[Stable-8.2.8 40/49] hw/intc/riscv_aplic: Check and update pending when write sourcecfg

2024-11-09 Thread Michael Tokarev
From: Yong-Xuan Wang The section 4.5.2 of the RISC-V AIA specification says that any write to a sourcecfg register of an APLIC might (or might not) cause the corresponding interrupt-pending bit to be set to one if the rectified input value is high (= 1) under the new source mode. If an interrupt

[Stable-8.2.8 49/49] 9pfs: fix crash on 'Treaddir' request

2024-11-09 Thread Michael Tokarev
From: Christian Schoenebeck A bad (broken or malicious) 9p client (guest) could cause QEMU host to crash by sending a 9p 'Treaddir' request with a numeric file ID (FID) that was previously opened for a file instead of an expected directory: #0 0x762aff8f4919 in __GI___rewinddir (dirp=0xf)

[Stable-8.2.8 39/49] hw/intc/riscv_aplic: Fix in_clrip[x] read emulation

2024-11-09 Thread Michael Tokarev
From: Anup Patel The reads to in_clrip[x] registers return rectified input values of the interrupt sources. A rectified input value of an interrupt source is defined by the section "4.5.2 Source configurations (sourcecfg[1]–sourcecfg[1023])" of the RISC-V AIA specification as: "rectified input v

[Stable-8.2.8 22/49] tcg: Reset data_gen_ptr correctly

2024-11-09 Thread Michael Tokarev
From: Richard Henderson This pointer needs to be reset after overflow just like code_buf and code_ptr. Cc: qemu-sta...@nongnu.org Fixes: 57a269469db ("tcg: Infrastructure for managing constant pools") Acked-by: Alistair Francis Reviewed-by: Pierrick Bouvier Reviewed-by: LIU Zhiwei Signed-off-

[Stable-8.2.8 15/49] hw/audio/hda: free timer on exit

2024-11-09 Thread Michael Tokarev
From: Marc-André Lureau Fixes: 280c1e1cd ("audio/hda: create millisecond timers that handle IO") Signed-off-by: Marc-André Lureau Reviewed-by: Akihiko Odaki Message-ID: <20241008125028.1177932-2-marcandre.lur...@redhat.com> (cherry picked from commit f27206ceedbe2efae37c8d143c5eb2db05251508) S

[Stable-8.2.8 43/49] target/riscv: Fix vcompress with rvv_ta_all_1s

2024-11-09 Thread Michael Tokarev
From: Anton Blanchard vcompress packs vl or less fields into vd, so the tail starts after the last packed field. This could be more clearly expressed in the ISA, but for now this thread helps to explain it: https://github.com/riscv/riscv-v-spec/issues/796 Signed-off-by: Anton Blanchard Reviewe

[Stable-8.2.8 21/49] raw-format: Fix error message for invalid offset/size

2024-11-09 Thread Michael Tokarev
From: Kevin Wolf s->offset and s->size are only set at the end of the function and still contain the old values when formatting the error message. Print the parameters with the new values that we actually checked instead. Fixes: 500e2434207d ('raw-format: Split raw_read_options()') Signed-off-by

[Stable-8.2.8 23/49] target/i386: Walk NPT in guest real mode

2024-11-09 Thread Michael Tokarev
From: Alexander Graf When translating virtual to physical address with a guest CPU that supports nested paging (NPT), we need to perform every page table walk access indirectly through the NPT, which we correctly do. However, we treat real mode (no page table walk) special: In that case, we curr

[Stable-8.2.8 24/49] target/i386: Use probe_access_full_mmu in ptw_translate

2024-11-09 Thread Michael Tokarev
From: Richard Henderson The probe_access_full_mmu function was designed for this purpose, and does not report the memory operation event to plugins. Cc: qemu-sta...@nongnu.org Fixes: 6d03226b422 ("plugins: force slow path when plugins instrument memory ops") Reviewed-by: Philippe Mathieu-Daudé

Re: [CAUTION - External Sender] Re: [PATCH] target/riscv: Add Tenstorrent Ascalon CPU

2024-11-09 Thread Anton Blanchard
Hi Philippe, On Sun, Nov 10, 2024 at 5:21 AM Philippe Mathieu-Daudé wrote: > Generally speaking (I'm not objecting to this patch as is), for > DEFINE_VENDOR_CPU() it would be nice to have reference to some > documentation -- at least to review whether the cpu features > announced make sense or no

Re: [PATCH v8 11/15] hw/vmapple/bdif: Introduce vmapple backdoor interface

2024-11-09 Thread Akihiko Odaki
On 2024/11/08 23:47, Phil Dennis-Jordan wrote: From: Alexander Graf The VMApple machine exposes AUX and ROOT block devices (as well as USB OTG emulation) via virtio-pci as well as a special, simple backdoor platform device. This patch implements this backdoor platform device to the best of my

Re: [PATCH v8 01/15] ui & main loop: Redesign of system-specific main thread event handling

2024-11-09 Thread Phil Dennis-Jordan
On Sun 10. Nov 2024 at 08:01, Akihiko Odaki wrote: > On 2024/11/08 23:46, Phil Dennis-Jordan wrote: > > macOS's Cocoa event handling must be done on the initial (main) thread > > of the process. Furthermore, if library or application code uses > > libdispatch, the main dispatch queue must be hand

Re: [PATCH v8 12/15] hw/vmapple/cfg: Introduce vmapple cfg region

2024-11-09 Thread Akihiko Odaki
On 2024/11/08 23:47, Phil Dennis-Jordan wrote: From: Alexander Graf Instead of device tree or other more standardized means, VMApple passes platform configuration to the first stage boot loader in a binary encoded format that resides at a dedicated RAM region in physical address space. This pa

Re: [PATCH v8 04/15] hw/display/apple-gfx: Adds configurable mode list

2024-11-09 Thread Akihiko Odaki
On 2024/11/08 23:46, Phil Dennis-Jordan wrote: This change adds a property 'display_modes' on the graphics device which permits specifying a list of display modes. (screen resolution and refresh rate) The property is an array of a custom type to make the syntax slightly less awkward to use, for

Re: [PATCH v8 10/15] hw/vmapple/aes: Introduce aes engine

2024-11-09 Thread Akihiko Odaki
On 2024/11/08 23:47, Phil Dennis-Jordan wrote: From: Alexander Graf VMApple contains an "aes" engine device that it uses to encrypt and decrypt its nvram. It has trivial hard coded keys it uses for that purpose. Add device emulation for this device model. Signed-off-by: Alexander Graf Signed

Re: [PATCH v8 01/15] ui & main loop: Redesign of system-specific main thread event handling

2024-11-09 Thread Akihiko Odaki
On 2024/11/08 23:46, Phil Dennis-Jordan wrote: macOS's Cocoa event handling must be done on the initial (main) thread of the process. Furthermore, if library or application code uses libdispatch, the main dispatch queue must be handling events on the main thread as well. So far, this has affecte

Re: [PATCH v8 01/15] ui & main loop: Redesign of system-specific main thread event handling

2024-11-09 Thread Akihiko Odaki
On 2024/11/10 16:08, Phil Dennis-Jordan wrote: On Sun 10. Nov 2024 at 08:01, Akihiko Odaki > wrote: On 2024/11/08 23:46, Phil Dennis-Jordan wrote: > macOS's Cocoa event handling must be done on the initial (main) thread > of the process. Furt

Re: [PATCH v8 15/15] hw/vmapple/vmapple: Add vmapple machine type

2024-11-09 Thread Akihiko Odaki
On 2024/11/08 23:47, Phil Dennis-Jordan wrote: From: Alexander Graf Apple defines a new "vmapple" machine type as part of its proprietary macOS Virtualization.Framework vmm. This machine type is similar to the virt one, but with subtle differences in base devices, a few special vmapple device a

[RFC PATCH 1/2] usb/msd: Add status to usb_msd_packet_complete() function

2024-11-09 Thread Nicholas Piggin
This is a convenience change that accepts a status when completing a packet. Signed-off-by: Nicholas Piggin --- hw/usb/dev-storage.c | 17 - 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/hw/usb/dev-storage.c b/hw/usb/dev-storage.c index 341e505bd0..4f1e8b7f6c 1006

[RFC PATCH 0/2] usb/msd: Permit relaxed ordering of IN packets

2024-11-09 Thread Nicholas Piggin
Hi, This allows MSD Data-In and CSW packets before the CBW packet. This is just for RFC for now, but it does work. Patch 2 has the main description of the problem and solution. I've not found a good way to split this into smaller pieces yet, but I will try, also migration is currently broken, I'

[RFC PATCH 2/2] usb/msd: Permit relaxed ordering of IN packets

2024-11-09 Thread Nicholas Piggin
The USB MSD protocol has 3 packets that make up a command, and only one command may be active at any time. - CBW to start a command (that contains a SCSI request). - DATA (IN or OUT) to send request data between host and SCSI layer. - CSW to return status and complete the command. DATA is optiona

Re: [PATCH v8 02/15] hw/display/apple-gfx: Introduce ParavirtualizedGraphics.Framework support

2024-11-09 Thread Akihiko Odaki
On 2024/11/08 23:46, Phil Dennis-Jordan wrote: MacOS provides a framework (library) that allows any vmm to implement a paravirtualized 3d graphics passthrough to the host metal stack called ParavirtualizedGraphics.Framework (PVG). The library abstracts away almost every aspect of the paravirtuali

Re: [PATCH v8 03/15] hw/display/apple-gfx: Adds PCI implementation

2024-11-09 Thread Akihiko Odaki
On 2024/11/08 23:46, Phil Dennis-Jordan wrote: This change wires up the PCI variant of the paravirtualised graphics device, mainly useful for x86-64 macOS guests, implemented by macOS's ParavirtualizedGraphics.framework. It builds on code shared with the vmapple/mmio variant of the PVG device. S

[PATCH 1/2] hw/usb: Make PCI device more configurable

2024-11-09 Thread Nicholas Piggin
To prepare to support another USB PCI Host Controller, make some PCI configuration dynamic. Signed-off-by: Nicholas Piggin --- hw/usb/hcd-xhci-pci.h | 9 ++ hw/usb/hcd-xhci-nec.c | 10 +++ hw/usb/hcd-xhci-pci.c | 69 --- 3 files changed, 78 insert

[PATCH 0/2] hw/usb: Add TI TUSB73X0 XHCI controller model

2024-11-09 Thread Nicholas Piggin
Hi, This adds a new USB XHCI model. The biggest change is really making some XHCI PCI config dynamic and the MSIX init has some changes to support a separate BAR (hopefully now it has better error handling. Thanks, Nick Nicholas Piggin (2): hw/usb: Make PCI device more configurable hw/usb: A

[PATCH 2/2] hw/usb: Add TI TUSB73X0 XHCI controller model

2024-11-09 Thread Nicholas Piggin
This controller is accepted by IBM Power firmware when the subsystem IDs are set to Power servers. Firmware is picky about device support so the NEC driver does not work. The TI HW has some interesting differences from NEC, notably a separate BAR for MSIX, and PM capabilities. The spec is freely a

[Stable-9.1.2 54/58] target/arm: Fix SVE SDOT/UDOT/USDOT (4-way, indexed)

2024-11-09 Thread Michael Tokarev
From: Peter Maydell Our implementation of the indexed version of SVE SDOT/UDOT/USDOT got the calculation of the inner loop terminator wrong. Although we correctly account for the element size when we calculate the terminator for the first iteration: intptr_t segend = MIN(16 / sizeof(TYPED), o

[Stable-9.1.2 27/58] target/arm: Store FPSR cumulative exception bits in env->vfp.fpsr

2024-11-09 Thread Michael Tokarev
From: Peter Maydell Currently we store the FPSR cumulative exception bits in the float_status fields, and use env->vfp.fpsr only for the NZCV bits. (The QC bit is stored in env->vfp.qc[].) This works for TCG, but if QEMU was built without CONFIG_TCG (i.e. with KVM support only) then we use the s

[Stable-9.1.2 56/58] hw/nvme: fix handling of over-committed queues

2024-11-09 Thread Michael Tokarev
From: Klaus Jensen If a host chooses to use the SQHD "hint" in the CQE to know if there is room in the submission queue for additional commands, it may result in a situation where there are not enough internal resources (struct NvmeRequest) available to process the command. For a lack of a better

[Stable-9.1.2 23/58] net/tap-win32: Fix gcc 14 format truncation errors

2024-11-09 Thread Michael Tokarev
From: Bernhard Beschow The patch fixes the following errors generated by GCC 14.2: ../src/net/tap-win32.c:343:19: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 176 [-Werror=format-truncation=] 343 | "%s\\%s\\Connection", |

qemu-devel@nongnu.org

2024-11-09 Thread Michael Tokarev
From: Peter Maydell Our current usage of MMU indexes when EL3 is AArch32 is confused. Architecturally, when EL3 is AArch32, all Secure code runs under the Secure PL1&0 translation regime: * code at EL3, which might be Mon, or SVC, or any of the other privileged modes (PL1) * code at EL0 (Sec

[Stable-9.0.4 38/57] net/tap-win32: Fix gcc 14 format truncation errors

2024-11-09 Thread Michael Tokarev
From: Bernhard Beschow The patch fixes the following errors generated by GCC 14.2: ../src/net/tap-win32.c:343:19: error: '%s' directive output may be truncated writing up to 255 bytes into a region of size 176 [-Werror=format-truncation=] 343 | "%s\\%s\\Connection", |

[Stable-9.0.4 48/57] target/ppc: Set ctx->opcode for decode_insn32()

2024-11-09 Thread Michael Tokarev
From: Ilya Leoshkevich divdu (without a dot) sometimes updates cr0, even though it shouldn't. The reason is that gen_op_arith_divd() checks Rc(ctx->opcode), which is not initialized. This field is initialized only for instructions that go through decode_legacy(), and not decodetree. There alread

[Stable-9.0.4 26/57] raw-format: Fix error message for invalid offset/size

2024-11-09 Thread Michael Tokarev
From: Kevin Wolf s->offset and s->size are only set at the end of the function and still contain the old values when formatting the error message. Print the parameters with the new values that we actually checked instead. Fixes: 500e2434207d ('raw-format: Split raw_read_options()') Signed-off-by

[Stable-9.1.2 17/58] gitlab: make check-[dco|patch] a little more verbose

2024-11-09 Thread Michael Tokarev
From: Alex Bennée When git fails the rather terse backtrace only indicates it failed without some useful context. Add some to make the log a little more useful. Reviewed-by: Daniel P. Berrangé Signed-off-by: Alex Bennée Message-Id: <20241023113406.1284676-11-alex.ben...@linaro.org> (cherry pic

[Stable-9.1.2 05/58] target/i386: Use only 16 and 32-bit operands for IN/OUT

2024-11-09 Thread Michael Tokarev
From: Richard Henderson The REX.W prefix is ignored for these instructions. Mirror the solution already used for INS/OUTS: X86_SIZE_z. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2581 Signed-off-by: Richard Henderson Cc: qemu-sta...@nongnu.org Link: https://lore.kernel.org/r/202410

[Stable-9.0.4 33/57] vfio/migration: Report only stop-copy size in vfio_state_pending_exact()

2024-11-09 Thread Michael Tokarev
From: Avihai Horon vfio_state_pending_exact() is used to update migration core how much device data is left for the device migration. Currently, the sum of pre-copy and stop-copy sizes of the VFIO device are reported. The pre-copy size is obtained via the VFIO_MIG_GET_PRECOPY_INFO ioctl, which r

[Stable-9.0.4 31/57] linux-user/ppc: Fix sigmask endianness issue in sigreturn

2024-11-09 Thread Michael Tokarev
From: Ilya Leoshkevich do_setcontext() copies the target sigmask without endianness handling and then uses target_to_host_sigset_internal(), which expects a byte-swapped one. Use target_to_host_sigset() instead. Fixes: bcd4933a23f1 ("linux-user: ppc signal handling") Signed-off-by: Ilya Leoshkev

[Stable-9.1.2 55/58] migration: Ensure vmstate_save() sets errp

2024-11-09 Thread Michael Tokarev
From: Hanna Czenczek migration/savevm.c contains some calls to vmstate_save() that are followed by migrate_set_error() if the integer return value indicates an error. migrate_set_error() requires that the `Error *` object passed to it is set. Therefore, vmstate_save() is assumed to always set *

[Stable-9.1.2 39/58] ppc/pnv: Fix LPC serirq routing calculation

2024-11-09 Thread Michael Tokarev
From: Nicholas Piggin The serirq routing table is split over two registers, the calculation for the high irqs in the second register did not subtract the irq offset. This was spotted by Coverity as a shift-by-negative. Fix this and change the open-coded shifting and masking to use extract32() fun

[Stable-9.0.4 17/57] hw/audio/hda: free timer on exit

2024-11-09 Thread Michael Tokarev
From: Marc-André Lureau Fixes: 280c1e1cd ("audio/hda: create millisecond timers that handle IO") Signed-off-by: Marc-André Lureau Reviewed-by: Akihiko Odaki Message-ID: <20241008125028.1177932-2-marcandre.lur...@redhat.com> (cherry picked from commit f27206ceedbe2efae37c8d143c5eb2db05251508) S

[Stable-9.0.4 45/57] target/riscv/kvm: set 'aia_mode' to default in error path

2024-11-09 Thread Michael Tokarev
From: Daniel Henrique Barboza When failing to set the selected AIA mode, 'aia_mode' is left untouched. This means that 'aia_mode' will not reflect the actual AIA mode, retrieved in 'default_aia_mode', This is benign for now, but it will impact QMP query commands that will expose the 'aia_mode' v

[Stable-9.1.2 07/58] Revert "hw/sh4/r2d: Realize IDE controller before accessing it"

2024-11-09 Thread Michael Tokarev
From: Thomas Huth This reverts commit 3c5f86a22686ef475a8259c0d8ee714f61c770c9. Changing the order here caused a regression with the "tuxrun" kernels (from https://storage.tuxboot.com/20230331/) - ATA commands fail with a "ata1: lost interrupt (Status 0x58)" message. Apparently we need to wire t

[Stable-9.1.2 31/58] hw/intc: Don't clear pending bits on IRQ lowering

2024-11-09 Thread Michael Tokarev
From: Sergey Makarov According to PLIC specification (chapter 5), there is only one case, when interrupt is claimed. Fix PLIC controller to match this behavior. Signed-off-by: Sergey Makarov Reviewed-by: Alistair Francis Message-ID: <20240918140229.124329-3-s.maka...@syntacore.com> Signed-off-

[Stable-9.0.4 21/57] tcg/s390x: fix constraint for 32-bit TSTEQ/TSTNE

2024-11-09 Thread Michael Tokarev
From: Paolo Bonzini 32-bit TSTEQ and TSTNE is subject to the same constraints as for 64-bit, but setcond_i32 and negsetcond_i32 were incorrectly using TCG_CT_CONST ("i") instead of TCG_CT_CONST_CMP ("C"). Adjust the constraint and make tcg_target_const_match use the same sequence as tgen_cmp2: f

[Stable-9.1.2 34/58] target/riscv/kvm: set 'aia_mode' to default in error path

2024-11-09 Thread Michael Tokarev
From: Daniel Henrique Barboza When failing to set the selected AIA mode, 'aia_mode' is left untouched. This means that 'aia_mode' will not reflect the actual AIA mode, retrieved in 'default_aia_mode', This is benign for now, but it will impact QMP query commands that will expose the 'aia_mode' v

[Stable-9.1.2 50/58] hw/acpi: Fix ordering of BDF in Generic Initiator PCI Device Handle.

2024-11-09 Thread Michael Tokarev
From: Jonathan Cameron The ordering in ACPI specification [1] has bus number in the lowest byte. As ACPI tables are little endian this is the reverse of the ordering used by PCI_BUILD_BDF(). As a minimal fix split the QEMU BDF up into bus and devfn and write them as single bytes in the correct o

[Stable-9.1.2 26/58] target/arm: Fix arithmetic underflow in SETM instruction

2024-11-09 Thread Michael Tokarev
From: Ido Plat Pass the stage size to step function callback, otherwise do_setm would hang when size is larger then page size because stage size would underflow. This fix changes do_setm to be more inline with do_setp. Cc: qemu-sta...@nongnu.org Fixes: 0e92818887dee ("target/arm: Implement the

  1   2   3   >