Series comparison

-[PULL 0/3] target-arm queue
+[PULL 0/1] target-arm queue
-Only thing for Arm for rc1 is RTH's fix for the KVM SVE probe code.
+Just one bugfix patch for this rc:
--- PMM
+The following changes since commit ca5f3d4df1b47d7f66a109cdb504e83dfd7ec433:
-The following changes since commit 4e06b3fc1b5e1ec03f22190eabe56891dc9c2236:
+  Merge tag 'pull-la-20220808' of https://gitlab.com/rth7680/qemu into staging (2022-08-08 19:51:12 -0700)
   Merge tag 'pull-hex-20220731' of https://github.com/quic/qemu into staging (2022-07-31 21:38:54 -0700)
 are available in the Git repository at:
-  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220801
+  https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220809
-for you to fetch changes up to 5265d24c981dfdda8d29b44f7e84a514da75eedc:
+for you to fetch changes up to c7f26ded6d5065e4116f630f6a490b55f6c5f58e:
-  target/arm: Move sve probe inside kvm >= 4.15 branch (2022-08-01 16:21:18 +0100)
+  icount: Take iothread lock when running QEMU timers (2022-08-09 10:55:14 +0100)
 ----------------------------------------------------------------
 target-arm queue:
- * Fix KVM SVE ID register probe code
+ * icount: Take iothread lock when running QEMU timers
 ----------------------------------------------------------------
-Richard Henderson (3):
+Peter Maydell (1):
-      target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
+      icount: Take iothread lock when running QEMU timers
       target/arm: Set KVM_ARM_VCPU_SVE while probing the host
       target/arm: Move sve probe inside kvm >= 4.15 branch
- target/arm/kvm64.c | 45 ++++++++++++++++++++++-----------------------
+ accel/tcg/tcg-accel-ops-icount.c | 6 ++++++
-file changed, 22 insertions(+), 23 deletions(-)
+file changed, 6 insertions(+)

-[PULL 1/3] target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Indication for support for SVE will not depend on whether we
-perform the query on the main kvm_state or the temp vcpu.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20220726045828.53697-2-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/kvm64.c | 2 +-
-file changed, 1 insertion(+), 1 deletion(-)
-diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm64.c
-+++ b/target/arm/kvm64.c
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
-         }
-     }
--    sve_supported = ioctl(fdarray[0], KVM_CHECK_EXTENSION, KVM_CAP_ARM_SVE) > 0;
-+    sve_supported = kvm_arm_sve_supported();
-     /* Add feature bits that can't appear until after VCPU init. */
-     if (sve_supported) {
---
-.25.1

-[PULL 2/3] target/arm: Set KVM_ARM_VCPU_SVE while probing the host
+Deleted patch
-From: Richard Henderson <richard.henderson@linaro.org>
-Because we weren't setting this flag, our probe of ID_AA64ZFR0
-was always returning zero.  This also obviates the adjustment
-of ID_AA64PFR0, which had sanitized the SVE field.
-The effects of the bug are not visible, because the only thing that
-ID_AA64ZFR0 is used for within qemu at present is tcg translation.
-The other tests for SVE within KVM are via ID_AA64PFR0.SVE.
-Reported-by: Zenghui Yu <yuzenghui@huawei.com>
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
-Message-id: 20220726045828.53697-3-richard.henderson@linaro.org
-Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
-Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
----
- target/arm/kvm64.c | 27 +++++++++++++--------------
-file changed, 13 insertions(+), 14 deletions(-)
-diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
-index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm64.c
-+++ b/target/arm/kvm64.c
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
-     bool sve_supported;
-     bool pmu_supported = false;
-     uint64_t features = 0;
--    uint64_t t;
-     int err;
-     /* Old kernels may not know about the PREFERRED_TARGET ioctl: however
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
-     struct kvm_vcpu_init init = { .target = -1, };
-     /*
--     * Ask for Pointer Authentication if supported. We can't play the
--     * SVE trick of synthesising the ID reg as KVM won't tell us
--     * whether we have the architected or IMPDEF version of PAuth, so
--     * we have to use the actual ID regs.
-+     * Ask for SVE if supported, so that we can query ID_AA64ZFR0,
-+     * which is otherwise RAZ.
-+     */
-+    sve_supported = kvm_arm_sve_supported();
-+    if (sve_supported) {
-+        init.features[0] |= 1 << KVM_ARM_VCPU_SVE;
-+    }
-+
-+    /*
-+     * Ask for Pointer Authentication if supported, so that we get
-+     * the unsanitized field values for AA64ISAR1_EL1.
-      */
-     if (kvm_arm_pauth_supported()) {
-         init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS |
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
-         }
-     }
--    sve_supported = kvm_arm_sve_supported();
--
--    /* Add feature bits that can't appear until after VCPU init. */
-     if (sve_supported) {
--        t = ahcf->isar.id_aa64pfr0;
--        t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1);
--        ahcf->isar.id_aa64pfr0 = t;
--
-         /*
-          * There is a range of kernels between kernel commit 73433762fcae
-          * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
-          * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
--         * SVE support, so we only read it here, rather than together with all
--         * the other ID registers earlier.
-+         * SVE support, which resulted in an error rather than RAZ.
-+         * So only read the register if we set KVM_ARM_VCPU_SVE above.
-          */
-         err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
-                               ARM64_SYS_REG(3, 0, 0, 4, 4));
---
-.25.1

-[PULL 3/3] target/arm: Move sve probe inside kvm >= 4.15 branch
+[PULL 1/1] icount: Take iothread lock when running QEMU timers
-From: Richard Henderson <richard.henderson@linaro.org>
+The function icount_prepare_for_run() is called with the iothread
 unlocked, but it can call icount_notify_aio_contexts() which will
 run qemu timer handlers. Those are supposed to be run only with
 the iothread lock held, so take the lock while we do that.
-The test for the IF block indicates no ID registers are exposed, much
+Since icount mode runs everything on a single thread anyway,
-less host support for SVE.  Move the SVE probe into the ELSE block.
+not holding the lock is likely mostly not going to introduce
 races, but it can cause us to trip over assertions that we
 do hold the lock, such as the one reported in issue 1130.
-Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
+Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1130
 Message-id: 20220726045828.53697-4-richard.henderson@linaro.org
 Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
+Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
+Tested-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
+Message-id: 20220801164527.3134765-1-peter.maydell@linaro.org
 ---
- target/arm/kvm64.c | 22 +++++++++++-----------
+ accel/tcg/tcg-accel-ops-icount.c | 6 ++++++
-file changed, 11 insertions(+), 11 deletions(-)
+file changed, 6 insertions(+)
-diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
+diff --git a/accel/tcg/tcg-accel-ops-icount.c b/accel/tcg/tcg-accel-ops-icount.c
 index XXXXXXX..XXXXXXX 100644
---- a/target/arm/kvm64.c
+--- a/accel/tcg/tcg-accel-ops-icount.c
-+++ b/target/arm/kvm64.c
++++ b/accel/tcg/tcg-accel-ops-icount.c
-@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
+@@ -XXX,XX +XXX,XX @@ void icount_prepare_for_run(CPUState *cpu)
-             err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0,
+     replay_mutex_lock();
-                                   ARM64_SYS_REG(3, 3, 9, 12, 0));
-         }
+     if (cpu->icount_budget == 0) {
--    }
++        /*
++         * We're called without the iothread lock, so must take it while
--    if (sve_supported) {
++         * we're calling timer handlers.
--        /*
++         */
--         * There is a range of kernels between kernel commit 73433762fcae
++        qemu_mutex_lock_iothread();
--         * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
+         icount_notify_aio_contexts();
--         * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
++        qemu_mutex_unlock_iothread();
 -         * SVE support, which resulted in an error rather than RAZ.
 -         * So only read the register if we set KVM_ARM_VCPU_SVE above.
 -         */
 -        err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
 -                              ARM64_SYS_REG(3, 0, 0, 4, 4));
 +        if (sve_supported) {
 +            /*
 +             * There is a range of kernels between kernel commit 73433762fcae
 +             * and f81cb2c3ad41 which have a bug where the kernel doesn't
 +             * expose SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has
 +             * enabled SVE support, which resulted in an error rather than RAZ.
 +             * So only read the register if we set KVM_ARM_VCPU_SVE above.
 +             */
 +            err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
 +                                  ARM64_SYS_REG(3, 0, 0, 4, 4));
 +        }
      }
+ }
-     kvm_arm_destroy_scratch_host_vcpu(fdarray);
 --
 .25.1

Only thing for Arm for rc1 is RTH's fix for the KVM SVE probe code.

-- PMM

The following changes since commit 4e06b3fc1b5e1ec03f22190eabe56891dc9c2236:

Merge tag 'pull-hex-20220731' of https://github.com/quic/qemu into staging (2022-07-31 21:38:54 -0700)

are available in the Git repository at:

https://git.linaro.org/people/pmaydell/qemu-arm.git tags/pull-target-arm-20220801

for you to fetch changes up to 5265d24c981dfdda8d29b44f7e84a514da75eedc:

target/arm: Move sve probe inside kvm >= 4.15 branch (2022-08-01 16:21:18 +0100)

----------------------------------------------------------------
target-arm queue:
 * Fix KVM SVE ID register probe code

----------------------------------------------------------------
Richard Henderson (3):
      target/arm: Use kvm_arm_sve_supported in kvm_arm_get_host_cpu_features
      target/arm: Set KVM_ARM_VCPU_SVE while probing the host
      target/arm: Move sve probe inside kvm >= 4.15 branch

target/arm/kvm64.c | 45 ++++++++++++++++++++++-----------------------
 1 file changed, 22 insertions(+), 23 deletions(-)

From: Richard Henderson <richard.henderson@linaro.org>

Because we weren't setting this flag, our probe of ID_AA64ZFR0
was always returning zero.  This also obviates the adjustment
of ID_AA64PFR0, which had sanitized the SVE field.

The effects of the bug are not visible, because the only thing that
ID_AA64ZFR0 is used for within qemu at present is tcg translation.
The other tests for SVE within KVM are via ID_AA64PFR0.SVE.

Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220726045828.53697-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm64.c | 27 +++++++++++++--------------
 1 file changed, 13 insertions(+), 14 deletions(-)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     bool sve_supported;
     bool pmu_supported = false;
     uint64_t features = 0;
-    uint64_t t;
     int err;
 
     /* Old kernels may not know about the PREFERRED_TARGET ioctl: however
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
     struct kvm_vcpu_init init = { .target = -1, };
 
     /*
-     * Ask for Pointer Authentication if supported. We can't play the
-     * SVE trick of synthesising the ID reg as KVM won't tell us
-     * whether we have the architected or IMPDEF version of PAuth, so
-     * we have to use the actual ID regs.
+     * Ask for SVE if supported, so that we can query ID_AA64ZFR0,
+     * which is otherwise RAZ.
+     */
+    sve_supported = kvm_arm_sve_supported();
+    if (sve_supported) {
+        init.features[0] |= 1 << KVM_ARM_VCPU_SVE;
+    }
+
+    /*
+     * Ask for Pointer Authentication if supported, so that we get
+     * the unsanitized field values for AA64ISAR1_EL1.
      */
     if (kvm_arm_pauth_supported()) {
         init.features[0] |= (1 << KVM_ARM_VCPU_PTRAUTH_ADDRESS |
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
         }
     }
 
-    sve_supported = kvm_arm_sve_supported();
-
-    /* Add feature bits that can't appear until after VCPU init. */
     if (sve_supported) {
-        t = ahcf->isar.id_aa64pfr0;
-        t = FIELD_DP64(t, ID_AA64PFR0, SVE, 1);
-        ahcf->isar.id_aa64pfr0 = t;
-
         /*
          * There is a range of kernels between kernel commit 73433762fcae
          * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
          * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
-         * SVE support, so we only read it here, rather than together with all
-         * the other ID registers earlier.
+         * SVE support, which resulted in an error rather than RAZ.
+         * So only read the register if we set KVM_ARM_VCPU_SVE above.
          */
         err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
                               ARM64_SYS_REG(3, 0, 0, 4, 4));
-- 
2.25.1

From: Richard Henderson <richard.henderson@linaro.org>

The test for the IF block indicates no ID registers are exposed, much
less host support for SVE.  Move the SVE probe into the ELSE block.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20220726045828.53697-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
 target/arm/kvm64.c | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/target/arm/kvm64.c b/target/arm/kvm64.c
index XXXXXXX..XXXXXXX 100644
--- a/target/arm/kvm64.c
+++ b/target/arm/kvm64.c
@@ -XXX,XX +XXX,XX @@ bool kvm_arm_get_host_cpu_features(ARMHostCPUFeatures *ahcf)
             err |= read_sys_reg64(fdarray[2], &ahcf->isar.reset_pmcr_el0,
                                   ARM64_SYS_REG(3, 3, 9, 12, 0));
         }
-    }
 
-    if (sve_supported) {
-        /*
-         * There is a range of kernels between kernel commit 73433762fcae
-         * and f81cb2c3ad41 which have a bug where the kernel doesn't expose
-         * SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has enabled
-         * SVE support, which resulted in an error rather than RAZ.
-         * So only read the register if we set KVM_ARM_VCPU_SVE above.
-         */
-        err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
-                              ARM64_SYS_REG(3, 0, 0, 4, 4));
+        if (sve_supported) {
+            /*
+             * There is a range of kernels between kernel commit 73433762fcae
+             * and f81cb2c3ad41 which have a bug where the kernel doesn't
+             * expose SYS_ID_AA64ZFR0_EL1 via the ONE_REG API unless the VM has
+             * enabled SVE support, which resulted in an error rather than RAZ.
+             * So only read the register if we set KVM_ARM_VCPU_SVE above.
+             */
+            err |= read_sys_reg64(fdarray[2], &ahcf->isar.id_aa64zfr0,
+                                  ARM64_SYS_REG(3, 0, 0, 4, 4));
+        }
     }
 
     kvm_arm_destroy_scratch_host_vcpu(fdarray);
-- 
2.25.1

The function icount_prepare_for_run() is called with the iothread
unlocked, but it can call icount_notify_aio_contexts() which will
run qemu timer handlers. Those are supposed to be run only with
the iothread lock held, so take the lock while we do that.

Since icount mode runs everything on a single thread anyway,
not holding the lock is likely mostly not going to introduce
races, but it can cause us to trip over assertions that we
do hold the lock, such as the one reported in issue 1130.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1130
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-id: 20220801164527.3134765-1-peter.maydell@linaro.org
---
 accel/tcg/tcg-accel-ops-icount.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/accel/tcg/tcg-accel-ops-icount.c b/accel/tcg/tcg-accel-ops-icount.c
index XXXXXXX..XXXXXXX 100644
--- a/accel/tcg/tcg-accel-ops-icount.c
+++ b/accel/tcg/tcg-accel-ops-icount.c
@@ -XXX,XX +XXX,XX @@ void icount_prepare_for_run(CPUState *cpu)
     replay_mutex_lock();
 
     if (cpu->icount_budget == 0) {
+        /*
+         * We're called without the iothread lock, so must take it while
+         * we're calling timer handlers.
+         */
+        qemu_mutex_lock_iothread();
         icount_notify_aio_contexts();
+        qemu_mutex_unlock_iothread();
     }
 }
 
-- 
2.25.1