From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307043890219.7231145142132; Wed, 27 Aug 2025 08:04:03 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHgS-0002T6-PK; Wed, 27 Aug 2025 11:03:32 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgQ-0002RU-B6; Wed, 27 Aug 2025 11:03:30 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgN-0004ja-9B; Wed, 27 Aug 2025 11:03:29 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 4F16C14C529; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 3AFC1269831; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Thomas Huth , Richard Henderson , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-10.0.4 01/59] host-utils: Drop workaround for buggy Apple Clang __builtin_subcll() Date: Wed, 27 Aug 2025 18:02:06 +0300 Message-ID: <20250827150323.2694101-1-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307053831116600 From: Peter Maydell In commit b0438861efe ("host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang") we added a workaround for a bug in Apple Clang 14 where its __builtin_subcll() implementation was wrong. This bug was only present in Apple Clang 14, not in upstream clang, and is not present in Apple Clang versions 15 and newer. Since commit 4e035201 we have required at least Apple Clang 15, so we no longer build with the buggy versions. We can therefore drop the workaround. This is effectively a revert of b0438861efe. This should not be backported to stable branches, which may still need to support Apple Clang 14. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3030 Signed-off-by: Peter Maydell Reviewed-by: Thomas Huth Reviewed-by: Richard Henderson Reviewed-by: Philippe Mathieu-Daud=C3=A9 Message-id: 20250714145033.1908788-1-peter.maydell@linaro.org (cherry picked from commit e74aad9f81cc2bfee2057086610e21bd98e9c5a5) (Mjt: 10.0 already requres clang 15+, so it's okay to backport this change to 10.0 branch) Signed-off-by: Michael Tokarev diff --git a/include/qemu/compiler.h b/include/qemu/compiler.h index 496dac5ac1..33b425dcf3 100644 --- a/include/qemu/compiler.h +++ b/include/qemu/compiler.h @@ -182,19 +182,6 @@ #define QEMU_DISABLE_CFI #endif =20 -/* - * Apple clang version 14 has a bug in its __builtin_subcll(); define - * BUILTIN_SUBCLL_BROKEN for the offending versions so we can avoid it. - * When a version of Apple clang which has this bug fixed is released - * we can add an upper bound to this check. - * See https://gitlab.com/qemu-project/qemu/-/issues/1631 - * and https://gitlab.com/qemu-project/qemu/-/issues/1659 for details. - * The bug never made it into any upstream LLVM releases, only Apple ones. - */ -#if defined(__apple_build_version__) && __clang_major__ >=3D 14 -#define BUILTIN_SUBCLL_BROKEN -#endif - #if __has_attribute(annotate) #define QEMU_ANNOTATE(x) __attribute__((annotate(x))) #else diff --git a/include/qemu/host-utils.h b/include/qemu/host-utils.h index 4d28fa22cf..dd558589cb 100644 --- a/include/qemu/host-utils.h +++ b/include/qemu/host-utils.h @@ -677,7 +677,7 @@ static inline uint64_t uadd64_carry(uint64_t x, uint64_= t y, bool *pcarry) */ static inline uint64_t usub64_borrow(uint64_t x, uint64_t y, bool *pborrow) { -#if __has_builtin(__builtin_subcll) && !defined(BUILTIN_SUBCLL_BROKEN) +#if __has_builtin(__builtin_subcll) unsigned long long b =3D *pborrow; x =3D __builtin_subcll(x, y, b, &b); *pborrow =3D b & 1; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307252617404.46420905844445; Wed, 27 Aug 2025 08:07:32 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHgV-0002WX-VU; Wed, 27 Aug 2025 11:03:36 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgU-0002UZ-FX; Wed, 27 Aug 2025 11:03:34 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgS-0004kg-6c; Wed, 27 Aug 2025 11:03:34 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 5B12F14C52A; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 4B8C6269832; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Michael Tokarev , Thomas Huth Subject: [Stable-10.0.4 02/59] hw/display/qxl-render.c: fix qxl_unpack_chunks() chunk size calculation Date: Wed, 27 Aug 2025 18:02:07 +0300 Message-ID: <20250827150323.2694101-2-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307258260124100 Content-Type: text/plain; charset="utf-8" In case of multiple chunks, code in qxl_unpack_chunks() takes size of the wrong (next in the chain) chunk, instead of using current chunk size. This leads to wrong number of bytes being copied, and to crashes if next chunk size is larger than the current one. Based on the code by Gao Yong. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1628 Signed-off-by: Michael Tokarev Reviewed-by: Thomas Huth (cherry picked from commit b8882becd572d3afb888c836a6ffc7f92c17d1c5) Signed-off-by: Michael Tokarev diff --git a/hw/display/qxl-render.c b/hw/display/qxl-render.c index eda6d3de37..c6a9ac1da1 100644 --- a/hw/display/qxl-render.c +++ b/hw/display/qxl-render.c @@ -222,6 +222,7 @@ static void qxl_unpack_chunks(void *dest, size_t size, = PCIQXLDevice *qxl, uint32_t max_chunks =3D 32; size_t offset =3D 0; size_t bytes; + QXLPHYSICAL next_chunk_phys =3D 0; =20 for (;;) { bytes =3D MIN(size - offset, chunk->data_size); @@ -230,7 +231,15 @@ static void qxl_unpack_chunks(void *dest, size_t size,= PCIQXLDevice *qxl, if (offset =3D=3D size) { return; } - chunk =3D qxl_phys2virt(qxl, chunk->next_chunk, group_id, + next_chunk_phys =3D chunk->next_chunk; + /* fist time, only get the next chunk's data size */ + chunk =3D qxl_phys2virt(qxl, next_chunk_phys, group_id, + sizeof(QXLDataChunk)); + if (!chunk) { + return; + } + /* second time, check data size and get data */ + chunk =3D qxl_phys2virt(qxl, next_chunk_phys, group_id, sizeof(QXLDataChunk) + chunk->data_size); if (!chunk) { return; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307359877619.6134999982285; Wed, 27 Aug 2025 08:09:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHgU-0002U3-8m; Wed, 27 Aug 2025 11:03:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgS-0002TN-UC; Wed, 27 Aug 2025 11:03:32 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgR-0004kp-5k; Wed, 27 Aug 2025 11:03:32 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 6E57514C52B; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 57AA6269833; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Paolo Bonzini , Eric Biggers , Ard Biesheuvel , "Jason A. Donenfeld" , Guenter Roeck , Michael Tokarev Subject: [Stable-10.0.4 03/59] target/i386: fix width of third operand of VINSERTx128 Date: Wed, 27 Aug 2025 18:02:08 +0300 Message-ID: <20250827150323.2694101-3-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307361791116600 Content-Type: text/plain; charset="utf-8" From: Paolo Bonzini Table A-5 of the Intel manual incorrectly lists the third operand of VINSERTx128 as Wqq, but it is actually a 128-bit value. This is visible when W is a memory operand close to the end of the page. Fixes the recently-added poly1305_kunit test in linux-next. (No testcase yet, but I plan to modify test-avx2 to use memory close to the end of the page. This would work because the test vectors correctly have the memory operand as xmm2/m128). Reported-by: Eric Biggers Tested-by: Eric Biggers Cc: Ard Biesheuvel Cc: "Jason A. Donenfeld" Cc: Guenter Roeck Cc: qemu-stable@nongnu.org Fixes: 79068477686 ("target/i386: reimplement 0x0f 0x3a, add AVX", 2022-10-= 18) Signed-off-by: Paolo Bonzini (cherry picked from commit feea87cd6b645d5166bdd304aac88f47f63dc2ef) Signed-off-by: Michael Tokarev diff --git a/target/i386/tcg/decode-new.c.inc b/target/i386/tcg/decode-new.= c.inc index cda32ee678..f4cfc196b8 100644 --- a/target/i386/tcg/decode-new.c.inc +++ b/target/i386/tcg/decode-new.c.inc @@ -878,10 +878,10 @@ static const X86OpEntry opcodes_0F3A[256] =3D { [0x0e] =3D X86_OP_ENTRY4(VPBLENDW, V,x, H,x, W,x, vex4 cpuid(SSE4= 1) avx2_256 p_66), [0x0f] =3D X86_OP_ENTRY4(PALIGNR, V,x, H,x, W,x, vex4 cpuid(SSSE= 3) mmx avx2_256 p_00_66), =20 - [0x18] =3D X86_OP_ENTRY4(VINSERTx128, V,qq, H,qq, W,qq, vex6 chk(W0) = cpuid(AVX) p_66), + [0x18] =3D X86_OP_ENTRY4(VINSERTx128, V,qq, H,qq, W,dq, vex6 chk(W0) = cpuid(AVX) p_66), [0x19] =3D X86_OP_ENTRY3(VEXTRACTx128, W,dq, V,qq, I,b, vex6 chk(W0) = cpuid(AVX) p_66), =20 - [0x38] =3D X86_OP_ENTRY4(VINSERTx128, V,qq, H,qq, W,qq, vex6 chk(W0) = cpuid(AVX2) p_66), + [0x38] =3D X86_OP_ENTRY4(VINSERTx128, V,qq, H,qq, W,dq, vex6 chk(W0) = cpuid(AVX2) p_66), [0x39] =3D X86_OP_ENTRY3(VEXTRACTx128, W,dq, V,qq, I,b, vex6 chk(W0) = cpuid(AVX2) p_66), =20 /* Listed incorrectly as type 4 */ --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307071598687.8990294202184; Wed, 27 Aug 2025 08:04:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHgY-0002Yc-QH; Wed, 27 Aug 2025 11:03:39 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgX-0002Xs-1k; Wed, 27 Aug 2025 11:03:37 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgU-0004lw-OP; Wed, 27 Aug 2025 11:03:36 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 7F9A314C52C; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 6B5D2269834; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Pierrick Bouvier , Michael Tokarev Subject: [Stable-10.0.4 04/59] linux-user/aarch64: Clear TPIDR2_EL0 when delivering signals Date: Wed, 27 Aug 2025 18:02:09 +0300 Message-ID: <20250827150323.2694101-4-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307082394116600 Content-Type: text/plain; charset="utf-8" From: Peter Maydell A recent change to the kernel (Linux commit b376108e1f88 "arm64/fpsimd: signal: Clear TPIDR2 when delivering signals") updated the signal-handler entry code to always clear TPIDR2_EL0. This is necessary for the userspace ZA lazy saving scheme to work correctly when unwinding exceptions across a signal boundary. (For the essay-length description of the incorrect behaviour and why this is the correct fix, see the commit message for the kernel commit.) Make QEMU also clear TPIDR2_EL0 on signal entry, applying the equivalent bugfix to our implementation. Note that getting this unwinding to work correctly also requires changes to the userspace code, e.g. as implemented in gcc in https://gcc.gnu.org/git/?p=3Dgcc.git;a=3Dcommit;h=3Db5ffc8e75a8 This change is technically an ABI change; from the kernel's point of view SME was never enabled (it was hidden behind CONFIG_BROKEN) before the change. From QEMU's point of view our SME-related signal handling was broken anyway as we weren't saving and restoring TPIDR2_EL0. Cc: qemu-stable@nongnu.org Fixes: 78011586b90d1 ("target/arm: Enable SME for user-only") Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Pierrick Bouvier Signed-off-by: Richard Henderson Message-ID: <20250725175510.3864231-2-peter.maydell@linaro.org> (cherry picked from commit 3cdd990aa920ec8f2994b634f758dab4a86ac167) Signed-off-by: Michael Tokarev diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c index bc7a13800d..df85354adc 100644 --- a/linux-user/aarch64/signal.c +++ b/linux-user/aarch64/signal.c @@ -666,8 +666,12 @@ static void target_setup_frame(int usig, struct target= _sigaction *ka, env->btype =3D 2; } =20 - /* Invoke the signal handler with both SM and ZA disabled. */ + /* + * Invoke the signal handler with a clean SME state: both SM and ZA + * disabled and TPIDR2_EL0 cleared. + */ aarch64_set_svcr(env, 0, R_SVCR_SM_MASK | R_SVCR_ZA_MASK); + env->cp15.tpidr2_el0 =3D 0; =20 if (info) { frame->info =3D *info; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17563070854921022.5945206023698; Wed, 27 Aug 2025 08:04:45 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHga-0002Zz-Uz; Wed, 27 Aug 2025 11:03:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgZ-0002Yl-1L; Wed, 27 Aug 2025 11:03:39 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgW-0004mS-Nv; Wed, 27 Aug 2025 11:03:38 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 918AD14C52D; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 7D391269835; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Richard Henderson , Pierrick Bouvier , Michael Tokarev Subject: [Stable-10.0.4 05/59] linux-user/aarch64: Support TPIDR2_MAGIC signal frame record Date: Wed, 27 Aug 2025 18:02:10 +0300 Message-ID: <20250827150323.2694101-5-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307090000116600 Content-Type: text/plain; charset="utf-8" From: Peter Maydell FEAT_SME adds the TPIDR2 userspace-accessible system register, which is used as part of the procedure calling standard's lazy saving scheme for the ZA registers: https://github.com/ARM-software/abi-aa/blob/main/aapcs64/aapcs64.rst#66the= -za-lazy-saving-scheme The Linux kernel has a signal frame record for saving and restoring this value when calling signal handlers, but we forgot to implement this. The result is that code which tries to unwind an exception out of a signal handler will not work correctly. Add support for the missing record. Cc: qemu-stable@nongnu.org Fixes: 78011586b90d1 ("target/arm: Enable SME for user-only") Signed-off-by: Peter Maydell Reviewed-by: Richard Henderson Reviewed-by: Pierrick Bouvier Signed-off-by: Richard Henderson Message-ID: <20250725175510.3864231-3-peter.maydell@linaro.org> (cherry picked from commit 99870aff907b1c863cd32558b543f0ab0d0e74ba) Signed-off-by: Michael Tokarev diff --git a/linux-user/aarch64/signal.c b/linux-user/aarch64/signal.c index df85354adc..cdb642839c 100644 --- a/linux-user/aarch64/signal.c +++ b/linux-user/aarch64/signal.c @@ -121,6 +121,13 @@ struct target_za_context { #define TARGET_ZA_SIG_CONTEXT_SIZE(VQ) \ TARGET_ZA_SIG_ZAV_OFFSET(VQ, VQ * TARGET_SVE_VQ_BYTES) =20 +#define TARGET_TPIDR2_MAGIC 0x54504902 + +struct target_tpidr2_context { + struct target_aarch64_ctx head; + uint64_t tpidr2; +}; + struct target_rt_sigframe { struct target_siginfo info; struct target_ucontext uc; @@ -253,6 +260,14 @@ static void target_setup_za_record(struct target_za_co= ntext *za, } } =20 +static void target_setup_tpidr2_record(struct target_tpidr2_context *tpidr= 2, + CPUARMState *env) +{ + __put_user(TARGET_TPIDR2_MAGIC, &tpidr2->head.magic); + __put_user(sizeof(struct target_tpidr2_context), &tpidr2->head.size); + __put_user(env->cp15.tpidr2_el0, &tpidr2->tpidr2); +} + static void target_restore_general_frame(CPUARMState *env, struct target_rt_sigframe *sf) { @@ -403,6 +418,12 @@ static bool target_restore_za_record(CPUARMState *env, return true; } =20 +static void target_restore_tpidr2_record(CPUARMState *env, + struct target_tpidr2_context *tpi= dr2) +{ + __get_user(env->cp15.tpidr2_el0, &tpidr2->tpidr2); +} + static int target_restore_sigframe(CPUARMState *env, struct target_rt_sigframe *sf) { @@ -410,6 +431,7 @@ static int target_restore_sigframe(CPUARMState *env, struct target_fpsimd_context *fpsimd =3D NULL; struct target_sve_context *sve =3D NULL; struct target_za_context *za =3D NULL; + struct target_tpidr2_context *tpidr2 =3D NULL; uint64_t extra_datap =3D 0; bool used_extra =3D false; int sve_size =3D 0; @@ -460,6 +482,14 @@ static int target_restore_sigframe(CPUARMState *env, za_size =3D size; break; =20 + case TARGET_TPIDR2_MAGIC: + if (tpidr2 || size !=3D sizeof(struct target_tpidr2_context) || + !cpu_isar_feature(aa64_sme, env_archcpu(env))) { + goto err; + } + tpidr2 =3D (struct target_tpidr2_context *)ctx; + break; + case TARGET_EXTRA_MAGIC: if (extra || size !=3D sizeof(struct target_extra_context)) { goto err; @@ -497,6 +527,9 @@ static int target_restore_sigframe(CPUARMState *env, if (za && !target_restore_za_record(env, za, za_size, &svcr)) { goto err; } + if (tpidr2) { + target_restore_tpidr2_record(env, tpidr2); + } if (env->svcr !=3D svcr) { env->svcr =3D svcr; arm_rebuild_hflags(env); @@ -568,8 +601,8 @@ static void target_setup_frame(int usig, struct target_= sigaction *ka, .total_size =3D offsetof(struct target_rt_sigframe, uc.tuc_mcontext.__reserved), }; - int fpsimd_ofs, fr_ofs, sve_ofs =3D 0, za_ofs =3D 0; - int sve_size =3D 0, za_size =3D 0; + int fpsimd_ofs, fr_ofs, sve_ofs =3D 0, za_ofs =3D 0, tpidr2_ofs =3D 0; + int sve_size =3D 0, za_size =3D 0, tpidr2_size =3D 0; struct target_rt_sigframe *frame; struct target_rt_frame_record *fr; abi_ulong frame_addr, return_addr; @@ -585,6 +618,8 @@ static void target_setup_frame(int usig, struct target_= sigaction *ka, sve_ofs =3D alloc_sigframe_space(sve_size, &layout); } if (cpu_isar_feature(aa64_sme, env_archcpu(env))) { + tpidr2_size =3D sizeof(struct target_tpidr2_context); + tpidr2_ofs =3D alloc_sigframe_space(tpidr2_size, &layout); /* ZA state needs saving only if it is enabled. */ if (FIELD_EX64(env->svcr, SVCR, ZA)) { za_size =3D TARGET_ZA_SIG_CONTEXT_SIZE(sme_vq(env)); @@ -644,6 +679,9 @@ static void target_setup_frame(int usig, struct target_= sigaction *ka, if (za_ofs) { target_setup_za_record((void *)frame + za_ofs, env, za_size); } + if (tpidr2_ofs) { + target_setup_tpidr2_record((void *)frame + tpidr2_ofs, env); + } =20 /* Set up the stack frame for unwinding. */ fr =3D (void *)frame + fr_ofs; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308011214290.87282200541244; Wed, 27 Aug 2025 08:20:11 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHgd-0002cC-Ix; Wed, 27 Aug 2025 11:03:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgb-0002aA-03; Wed, 27 Aug 2025 11:03:41 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgZ-0004nA-66; Wed, 27 Aug 2025 11:03:40 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id AB4C014C52E; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 8EE52269836; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, =?UTF-8?q?Alex=20Benn=C3=A9e?= , Manos Pitsidianakis , Michael Tokarev Subject: [Stable-10.0.4 06/59] docs/user: clarify user-mode expects the same OS Date: Wed, 27 Aug 2025 18:02:11 +0300 Message-ID: <20250827150323.2694101-6-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308013621124100 From: Alex Benn=C3=A9e While we somewhat cover this later when we talk about supported operating systems make it clear in the front matter. Reviewed-by: Manos Pitsidianakis Signed-off-by: Alex Benn=C3=A9e Message-ID: <20250725154517.3523095-2-alex.bennee@linaro.org> (cherry picked from commit 8d6c7de1cc71207ccc047583df0c84363a5da16b) Signed-off-by: Michael Tokarev diff --git a/docs/user/index.rst b/docs/user/index.rst index 782d27cda2..2307580cb9 100644 --- a/docs/user/index.rst +++ b/docs/user/index.rst @@ -5,8 +5,9 @@ User Mode Emulation ------------------- =20 This section of the manual is the overall guide for users using QEMU -for user-mode emulation. In this mode, QEMU can launch -processes compiled for one CPU on another CPU. +for user-mode emulation. In this mode, QEMU can launch programs +compiled for one CPU architecture on the same Operating System (OS) +but running on a different CPU architecture. =20 .. toctree:: :maxdepth: 2 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307338335609.3230825978077; Wed, 27 Aug 2025 08:08:58 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHge-0002dQ-H9; Wed, 27 Aug 2025 11:03:44 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgc-0002be-I7; Wed, 27 Aug 2025 11:03:42 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHga-0004nh-KG; Wed, 27 Aug 2025 11:03:42 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id BC94914C52F; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id A8F5B269837; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Jiaxun Yang , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-10.0.4 07/59] target/mips: Only update MVPControl.EVP bit if executed by master VPE Date: Wed, 27 Aug 2025 18:02:12 +0300 Message-ID: <20250827150323.2694101-7-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307339364116600 From: Philippe Mathieu-Daud=C3=A9 According to the 'MIPS MT Application-Speci=EF=AC=81c Extension' manual: If the VPE executing the instruction is not a Master VPE, with the MVP bit of the VPEConf0 register set, the EVP bit is unchanged by the instruction. Modify the DVPE/EVPE opcodes to only update the MVPControl.EVP bit if executed on a master VPE. Cc: qemu-stable@nongnu.org Reported-by: Hansni Bu Buglink: https://bugs.launchpad.net/qemu/+bug/1926277 Fixes: f249412c749 ("mips: Add MT halting and waking of VPEs") Signed-off-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Jiaxun Yang Message-ID: <20210427133343.159718-1-f4bug@amsat.org> Signed-off-by: Philippe Mathieu-Daud=C3=A9 (cherry picked from commit e895095c78ab877d40df2dd31ee79d85757d963b) Signed-off-by: Michael Tokarev diff --git a/target/mips/tcg/system/cp0_helper.c b/target/mips/tcg/system/c= p0_helper.c index 78e422b0ca..97b7fb5e67 100644 --- a/target/mips/tcg/system/cp0_helper.c +++ b/target/mips/tcg/system/cp0_helper.c @@ -1561,12 +1561,14 @@ target_ulong helper_dvpe(CPUMIPSState *env) CPUState *other_cs =3D first_cpu; target_ulong prev =3D env->mvp->CP0_MVPControl; =20 - CPU_FOREACH(other_cs) { - MIPSCPU *other_cpu =3D MIPS_CPU(other_cs); - /* Turn off all VPEs except the one executing the dvpe. */ - if (&other_cpu->env !=3D env) { - other_cpu->env.mvp->CP0_MVPControl &=3D ~(1 << CP0MVPCo_EVP); - mips_vpe_sleep(other_cpu); + if (env->CP0_VPEConf0 & (1 << CP0VPEC0_MVP)) { + CPU_FOREACH(other_cs) { + MIPSCPU *other_cpu =3D MIPS_CPU(other_cs); + /* Turn off all VPEs except the one executing the dvpe. */ + if (&other_cpu->env !=3D env) { + other_cpu->env.mvp->CP0_MVPControl &=3D ~(1 << CP0MVPCo_EV= P); + mips_vpe_sleep(other_cpu); + } } } return prev; @@ -1577,15 +1579,17 @@ target_ulong helper_evpe(CPUMIPSState *env) CPUState *other_cs =3D first_cpu; target_ulong prev =3D env->mvp->CP0_MVPControl; =20 - CPU_FOREACH(other_cs) { - MIPSCPU *other_cpu =3D MIPS_CPU(other_cs); + if (env->CP0_VPEConf0 & (1 << CP0VPEC0_MVP)) { + CPU_FOREACH(other_cs) { + MIPSCPU *other_cpu =3D MIPS_CPU(other_cs); =20 - if (&other_cpu->env !=3D env - /* If the VPE is WFI, don't disturb its sleep. */ - && !mips_vpe_is_wfi(other_cpu)) { - /* Enable the VPE. */ - other_cpu->env.mvp->CP0_MVPControl |=3D (1 << CP0MVPCo_EVP); - mips_vpe_wake(other_cpu); /* And wake it up. */ + if (&other_cpu->env !=3D env + /* If the VPE is WFI, don't disturb its sleep. */ + && !mips_vpe_is_wfi(other_cpu)) { + /* Enable the VPE. */ + other_cpu->env.mvp->CP0_MVPControl |=3D (1 << CP0MVPCo_EVP= ); + mips_vpe_wake(other_cpu); /* And wake it up. */ + } } } return prev; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307131948555.2359763089762; Wed, 27 Aug 2025 08:05:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHgh-0002f8-Rn; Wed, 27 Aug 2025 11:03:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHge-0002dS-71; Wed, 27 Aug 2025 11:03:44 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgc-0004oC-JD; Wed, 27 Aug 2025 11:03:43 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id CF55A14C530; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id B97F0269838; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Luc Michel , Francisco Iglesias , Sai Pavan Boddu , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-10.0.4 08/59] hw/net/cadence_gem: fix register mask initialization Date: Wed, 27 Aug 2025 18:02:13 +0300 Message-ID: <20250827150323.2694101-8-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307133295116600 From: Luc Michel The gem_init_register_masks function was called at init time but it relies on the num-priority-queues property. Call it at realize time instead. Cc: qemu-stable@nongnu.org Fixes: 4c70e32f05f ("net: cadence_gem: Define access permission for interru= pt registers") Signed-off-by: Luc Michel Reviewed-by: Francisco Iglesias Reviewed-by: Sai Pavan Boddu Message-ID: <20250716095432.81923-2-luc.michel@amd.com> Signed-off-by: Philippe Mathieu-Daud=C3=A9 (cherry picked from commit 2bfcd27e00a49da2efa5d703121b94cd9cd4948b) Signed-off-by: Michael Tokarev diff --git a/hw/net/cadence_gem.c b/hw/net/cadence_gem.c index 80fbbacc1e..c36918e504 100644 --- a/hw/net/cadence_gem.c +++ b/hw/net/cadence_gem.c @@ -1756,6 +1756,7 @@ static void gem_realize(DeviceState *dev, Error **err= p) sysbus_init_irq(SYS_BUS_DEVICE(dev), &s->irq[i]); } =20 + gem_init_register_masks(s); qemu_macaddr_default_if_unset(&s->conf.macaddr); =20 s->nic =3D qemu_new_nic(&net_gem_info, &s->conf, @@ -1776,7 +1777,6 @@ static void gem_init(Object *obj) =20 DB_PRINT("\n"); =20 - gem_init_register_masks(s); memory_region_init_io(&s->iomem, OBJECT(s), &gem_ops, s, "enet", sizeof(s->regs)); =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307644429976.455226060838; Wed, 27 Aug 2025 08:14:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHgj-0002fs-Il; Wed, 27 Aug 2025 11:03:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgg-0002dy-78; Wed, 27 Aug 2025 11:03:46 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHge-0004oT-6s; Wed, 27 Aug 2025 11:03:45 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id DE4E414C531; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id CBE46269839; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Pierrick Bouvier , Richard Henderson , Michael Tokarev , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [Stable-10.0.4 09/59] system/physmem: fix use-after-free with dispatch Date: Wed, 27 Aug 2025 18:02:14 +0300 Message-ID: <20250827150323.2694101-9-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307668277124100 From: Pierrick Bouvier A use-after-free bug was reported when booting a Linux kernel during the pci setup phase. It's quite hard to reproduce (needs smp, and favored by having several pci devices with BAR and specific Linux config, which is Debian default one in this case). After investigation (see the associated bug ticket), it appears that, under specific conditions, we might access a cached AddressSpaceDispatch that was reclaimed by RCU thread meanwhile. In the Linux boot scenario, during the pci phase, memory region are destroyed/recreated, resulting in exposition of the bug. The core of the issue is that we cache the dispatch associated to current cpu in cpu->cpu_ases[asidx].memory_dispatch. It is updated with tcg_commit, which runs asynchronously on a given cpu. At some point, we leave the rcu critial section, and the RCU thread starts reclaiming it, but tcg_commit is not yet invoked, resulting in the use-after-free. It's not the first problem around this area, and commit 0d58c660689 [1] ("softmmu: Use async_run_on_cpu in tcg_commit") already tried to address it. It did a good job, but it seems that we found a specific situation where it's not enough. This patch takes a simple approach: remove the cached value creating the issue, and make sure we always get the current mapping for address space, using address_space_to_dispatch(cpu->cpu_ases[asidx].as). It's equivalent to qatomic_rcu_read(&as->current_map)->dispatch; This is not really costly, we just need two dereferences, including one atomic (rcu) read, which is negligible considering we are already on mmu slow path anyway. Note that tcg_commit is still needed, as it's taking care of flushing TLB, removing previously mapped entries. Another solution would be to cache directly values under the dispatch (dispatch themselves are not ref counted), keep an active reference on associated memory section, and release it when appropriate (tricky). Given the time already spent debugging this area now and previously, I strongly prefer eliminating the root of the issue, instead of adding more complexity for a hypothetical performance gain. RCU is precisely used to ensure good performance when reading data, so caching is not as beneficial as it might seem IMHO. [1] https://gitlab.com/qemu-project/qemu/-/commit/0d58c660689f6da1e3feff8a9= 97014003d928b3b Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3040 Signed-off-by: Pierrick Bouvier Reviewed-by: Richard Henderson Reviewed-by: Michael Tokarev Tested-by: Michael Tokarev Message-ID: <20250724161142.2803091-1-pierrick.bouvier@linaro.org> Signed-off-by: Philippe Mathieu-Daud=C3=A9 (cherry picked from commit 2865bf1c5795371ef441e9029bc22566ccff8299) Signed-off-by: Michael Tokarev diff --git a/system/physmem.c b/system/physmem.c index 333a5eb94d..32f5895b80 100644 --- a/system/physmem.c +++ b/system/physmem.c @@ -164,13 +164,11 @@ static bool ram_is_cpr_compatible(RAMBlock *rb); * CPUAddressSpace: all the information a CPU needs about an AddressSpace * @cpu: the CPU whose AddressSpace this is * @as: the AddressSpace itself - * @memory_dispatch: its dispatch pointer (cached, RCU protected) * @tcg_as_listener: listener for tracking changes to the AddressSpace */ typedef struct CPUAddressSpace { CPUState *cpu; AddressSpace *as; - struct AddressSpaceDispatch *memory_dispatch; MemoryListener tcg_as_listener; } CPUAddressSpace; =20 @@ -689,7 +687,7 @@ address_space_translate_for_iotlb(CPUState *cpu, int as= idx, hwaddr orig_addr, IOMMUTLBEntry iotlb; int iommu_idx; hwaddr addr =3D orig_addr; - AddressSpaceDispatch *d =3D cpu->cpu_ases[asidx].memory_dispatch; + AddressSpaceDispatch *d =3D address_space_to_dispatch(cpu->cpu_ases[as= idx].as); =20 for (;;) { section =3D address_space_translate_internal(d, addr, &addr, plen,= false); @@ -2673,7 +2671,7 @@ MemoryRegionSection *iotlb_to_section(CPUState *cpu, { int asidx =3D cpu_asidx_from_attrs(cpu, attrs); CPUAddressSpace *cpuas =3D &cpu->cpu_ases[asidx]; - AddressSpaceDispatch *d =3D cpuas->memory_dispatch; + AddressSpaceDispatch *d =3D address_space_to_dispatch(cpuas->as); int section_index =3D index & ~TARGET_PAGE_MASK; MemoryRegionSection *ret; =20 @@ -2750,9 +2748,6 @@ static void tcg_log_global_after_sync(MemoryListener = *listener) =20 static void tcg_commit_cpu(CPUState *cpu, run_on_cpu_data data) { - CPUAddressSpace *cpuas =3D data.host_ptr; - - cpuas->memory_dispatch =3D address_space_to_dispatch(cpuas->as); tlb_flush(cpu); } =20 @@ -2768,11 +2763,7 @@ static void tcg_commit(MemoryListener *listener) cpu =3D cpuas->cpu; =20 /* - * Defer changes to as->memory_dispatch until the cpu is quiescent. - * Otherwise we race between (1) other cpu threads and (2) ongoing - * i/o for the current cpu thread, with data cached by mmu_lookup(). - * - * In addition, queueing the work function will kick the cpu back to + * Queueing the work function will kick the cpu back to * the main loop, which will end the RCU critical section and reclaim * the memory data structures. * --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307237538969.9192432635747; Wed, 27 Aug 2025 08:07:17 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHgu-0002j7-Ia; Wed, 27 Aug 2025 11:04:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgl-0002gu-0l; Wed, 27 Aug 2025 11:03:51 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHgf-0004ol-Sd; Wed, 27 Aug 2025 11:03:50 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id EA5AB14C532; Wed, 27 Aug 2025 18:02:56 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id DAD6326983A; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Michael Tokarev , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [Stable-10.0.4 10/59] roms/Makefile: fix npcmNxx_bootrom build rules Date: Wed, 27 Aug 2025 18:02:15 +0300 Message-ID: <20250827150323.2694101-10-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307239116116600 Since commit 70ce076fa6dff60, the actual rom source dirs are subdirs of vbootrom/ submodule, not in top-level of it. Fixes: 70ce076fa6dff60 "roms: Update vbootrom to 1287b6e" Fixes: 269b7effd90 ("pc-bios: Add NPCM8XX vBootrom") Cc: qemu-stable@nongnu.org Signed-off-by: Michael Tokarev Reviewed-by: Philippe Mathieu-Daud=C3=A9 Tested-by: Philippe Mathieu-Daud=C3=A9 Message-ID: <20250727215511.807880-1-mjt@tls.msk.ru> Signed-off-by: Philippe Mathieu-Daud=C3=A9 (cherry picked from commit 653a75a9d7f957c4ba9387d1a54bccfdce49cb9c) Signed-off-by: Michael Tokarev diff --git a/roms/Makefile b/roms/Makefile index beff58d9d5..6af68a922f 100644 --- a/roms/Makefile +++ b/roms/Makefile @@ -193,12 +193,12 @@ qboot: cp qboot/build/bios.bin ../pc-bios/qboot.rom =20 npcm7xx_bootrom: - $(MAKE) -C vbootrom CROSS_COMPILE=3D$(arm_cross_prefix) - cp vbootrom/npcm7xx_bootrom.bin ../pc-bios/npcm7xx_bootrom.bin + $(MAKE) -C vbootrom/npcm7xx CROSS_COMPILE=3D$(arm_cross_prefix) + cp vbootrom/npcm7xx/npcm7xx_bootrom.bin ../pc-bios/npcm7xx_bootrom.bin =20 npcm8xx_bootrom: - $(MAKE) -C vbootrom CROSS_COMPILE=3D$(aarch64_cross_prefix) - cp vbootrom/npcm8xx_bootrom.bin ../pc-bios/npcm8xx_bootrom.bin + $(MAKE) -C vbootrom/npcm8xx CROSS_COMPILE=3D$(aarch64_cross_prefix) + cp vbootrom/npcm8xx/npcm8xx_bootrom.bin ../pc-bios/npcm8xx_bootrom.bin =20 hppa-firmware: $(MAKE) -C seabios-hppa parisc --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307659795698.911871574752; Wed, 27 Aug 2025 08:14:19 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHhH-00035H-E9; Wed, 27 Aug 2025 11:04:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHh3-0002xV-FQ; Wed, 27 Aug 2025 11:04:12 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHh1-0004pF-NU; Wed, 27 Aug 2025 11:04:09 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 1019A14C533; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id E762326983B; Wed, 27 Aug 2025 18:03:23 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Daniel Henrique Barboza , Richard Henderson , Alistair Francis , Michael Tokarev Subject: [Stable-10.0.4 11/59] linux-user/strace.list: add riscv_hwprobe entry Date: Wed, 27 Aug 2025 18:02:16 +0300 Message-ID: <20250827150323.2694101-11-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307661130124100 Content-Type: text/plain; charset="utf-8" From: Daniel Henrique Barboza We're missing a strace entry for riscv_hwprobe, and using -strace will report it as "Unknown syscall 258". After this patch we'll have: $ ./build/qemu-riscv64 -strace test_mutex_riscv 110182 riscv_hwprobe(0x7f207efdc700,1,0,0,0,0) =3D 0 110182 brk(NULL) =3D 0x0000000000082000 (...) Signed-off-by: Daniel Henrique Barboza Reviewed-by: Richard Henderson Message-ID: <20250728170633.113384-1-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis (cherry picked from commit e111ffe48b29ca8abd450af9ee5dd71af3f93536) Signed-off-by: Michael Tokarev diff --git a/linux-user/strace.list b/linux-user/strace.list index fdf94ef32a..ab818352a9 100644 --- a/linux-user/strace.list +++ b/linux-user/strace.list @@ -1716,3 +1716,6 @@ { TARGET_NR_clock_gettime64, "clock_gettime64" , NULL, print_clock_gettime= 64, print_syscall_ret_clock_gettime64 }, #endif +#ifdef TARGET_NR_riscv_hwprobe +{ TARGET_NR_riscv_hwprobe, "riscv_hwprobe" , "%s(%p,%d,%d,%d,%d,%d)", NULL= , NULL }, +#endif --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307844242336.51943326601986; Wed, 27 Aug 2025 08:17:24 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHhP-0003MA-FS; Wed, 27 Aug 2025 11:04:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhD-00031d-Ah; Wed, 27 Aug 2025 11:04:22 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHh7-0004py-4N; Wed, 27 Aug 2025 11:04:19 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 220B814C534; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 0D31E26983C; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Daniel Henrique Barboza , Richard Henderson , Nutty Liu , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Alistair Francis , Michael Tokarev Subject: [Stable-10.0.4 12/59] target/riscv: do not call GETPC() in check_ret_from_m_mode() Date: Wed, 27 Aug 2025 18:02:17 +0300 Message-ID: <20250827150323.2694101-12-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307845371116600 From: Daniel Henrique Barboza GETPC() should always be called from the top level helper, e.g. the first helper that is called by the translation code. We stopped doing that in commit 3157a553ec, and then we introduced problems when unwinding the exceptions being thrown by helper_mret(), as reported by [1]. Call GETPC() at the top level helper and pass the value along. [1] https://gitlab.com/qemu-project/qemu/-/issues/3020 Suggested-by: Richard Henderson Fixes: 3157a553ec ("target/riscv: Add Smrnmi mnret instruction") Closes: https://gitlab.com/qemu-project/qemu/-/issues/3020 Signed-off-by: Daniel Henrique Barboza Reviewed-by: Nutty Liu Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Richard Henderson Message-ID: <20250714133739.1248296-1-dbarboza@ventanamicro.com> Signed-off-by: Alistair Francis (cherry picked from commit 16aa7771afeac422dcf7be2833d5426da6b814fa) Signed-off-by: Michael Tokarev diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 72dc48e58d..6a8c2e1940 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -353,21 +353,22 @@ target_ulong helper_sret(CPURISCVState *env) } =20 static void check_ret_from_m_mode(CPURISCVState *env, target_ulong retpc, - target_ulong prev_priv) + target_ulong prev_priv, + uintptr_t ra) { if (!(env->priv >=3D PRV_M)) { - riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, GETPC()); + riscv_raise_exception(env, RISCV_EXCP_ILLEGAL_INST, ra); } =20 if (!riscv_cpu_allow_16bit_insn(&env_archcpu(env)->cfg, env->priv_ver, env->misa_ext) && (retpc & 0x3)) { - riscv_raise_exception(env, RISCV_EXCP_INST_ADDR_MIS, GETPC()); + riscv_raise_exception(env, RISCV_EXCP_INST_ADDR_MIS, ra); } =20 if (riscv_cpu_cfg(env)->pmp && !pmp_get_num_rules(env) && (prev_priv !=3D PRV_M)) { - riscv_raise_exception(env, RISCV_EXCP_INST_ACCESS_FAULT, GETPC()); + riscv_raise_exception(env, RISCV_EXCP_INST_ACCESS_FAULT, ra); } } static target_ulong ssdbltrp_mxret(CPURISCVState *env, target_ulong mstatu= s, @@ -392,8 +393,9 @@ target_ulong helper_mret(CPURISCVState *env) target_ulong retpc =3D env->mepc; uint64_t mstatus =3D env->mstatus; target_ulong prev_priv =3D get_field(mstatus, MSTATUS_MPP); + uintptr_t ra =3D GETPC(); =20 - check_ret_from_m_mode(env, retpc, prev_priv); + check_ret_from_m_mode(env, retpc, prev_priv, ra); =20 target_ulong prev_virt =3D get_field(env->mstatus, MSTATUS_MPV) && (prev_priv !=3D PRV_M); @@ -441,8 +443,9 @@ target_ulong helper_mnret(CPURISCVState *env) target_ulong retpc =3D env->mnepc; target_ulong prev_priv =3D get_field(env->mnstatus, MNSTATUS_MNPP); target_ulong prev_virt; + uintptr_t ra =3D GETPC(); =20 - check_ret_from_m_mode(env, retpc, prev_priv); + check_ret_from_m_mode(env, retpc, prev_priv, ra); =20 prev_virt =3D get_field(env->mnstatus, MNSTATUS_MNPV) && (prev_priv !=3D PRV_M); --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307290190204.48097789760482; Wed, 27 Aug 2025 08:08:10 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHhO-0003IK-J2; Wed, 27 Aug 2025 11:04:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHh7-0002zT-Lz; Wed, 27 Aug 2025 11:04:16 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHh6-0004s6-0G; Wed, 27 Aug 2025 11:04:13 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 3D3F914C535; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 1EBDA26983D; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Xu Lu , Anup Patel , Nutty Liu , Alistair Francis , Michael Tokarev Subject: [Stable-10.0.4 13/59] target/riscv: Fix exception type when VU accesses supervisor CSRs Date: Wed, 27 Aug 2025 18:02:18 +0300 Message-ID: <20250827150323.2694101-13-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307291017116600 Content-Type: text/plain; charset="utf-8" From: Xu Lu When supervisor CSRs are accessed from VU-mode, a virtual instruction exception should be raised instead of an illegal instruction. Fixes: c1fbcecb3a (target/riscv: Fix csr number based privilege checking) Signed-off-by: Xu Lu Reviewed-by: Anup Patel Reviewed-by: Nutty Liu Message-ID: <20250708060720.7030-1-luxu.kernel@bytedance.com> Signed-off-by: Alistair Francis (cherry picked from commit 30ef718423e8018723087cd17be0fd9c6dfa2e53) Signed-off-by: Michael Tokarev diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 7948188356..f1c4c8c1b8 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -5498,7 +5498,7 @@ static inline RISCVException riscv_csrrw_check(CPURIS= CVState *env, =20 csr_priv =3D get_field(csrno, 0x300); if (!env->debugger && (effective_priv < csr_priv)) { - if (csr_priv =3D=3D (PRV_S + 1) && env->virt_enabled) { + if (csr_priv <=3D (PRV_S + 1) && env->virt_enabled) { return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; } return RISCV_EXCP_ILLEGAL_INST; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307353618248.279965179285; Wed, 27 Aug 2025 08:09:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHhO-0003II-L6; Wed, 27 Aug 2025 11:04:30 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhB-00030r-AQ; Wed, 27 Aug 2025 11:04:18 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHh9-0004sc-7u; Wed, 27 Aug 2025 11:04:16 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 4BF3D14C536; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 39E9B26983E; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Vac Chen , Alistair Francis , Michael Tokarev Subject: [Stable-10.0.4 14/59] target/riscv: Fix pmp range wraparound on zero Date: Wed, 27 Aug 2025 18:02:19 +0300 Message-ID: <20250827150323.2694101-14-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307355487116600 Content-Type: text/plain; charset="utf-8" From: Vac Chen pmp_is_in_range() prefers to match addresses within the interval [start, end]. To archieve this, pmpaddrX is decremented during the end address update. In TOR mode, a rule is ignored if its start address is greater than or equal to its end address. However, if pmpaddrX is set to 0, this decrement operation causes the calulated end address to wrap around to UINT_MAX. In this scenario, the address guard for this PMP entry would become ineffective. This patch addresses the issue by moving the guard check earlier, preventing the problematic wraparound when pmpaddrX is zero. Signed-off-by: Vac Chen Reviewed-by: Alistair Francis Message-ID: <20250706065554.42953-1-vacantron@gmail.com> Signed-off-by: Alistair Francis (cherry picked from commit 77707bfdf871199bbee665e721ced961aaf3a798) Signed-off-by: Michael Tokarev diff --git a/target/riscv/pmp.c b/target/riscv/pmp.c index c5f6cdaccb..a9e69de917 100644 --- a/target/riscv/pmp.c +++ b/target/riscv/pmp.c @@ -206,11 +206,12 @@ void pmp_update_rule_addr(CPURISCVState *env, uint32_= t pmp_index) break; =20 case PMP_AMATCH_TOR: - sa =3D prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ - ea =3D (this_addr << 2) - 1u; - if (sa > ea) { + if (prev_addr >=3D this_addr) { sa =3D ea =3D 0u; + break; } + sa =3D prev_addr << 2; /* shift up from [xx:0] to [xx+2:2] */ + ea =3D (this_addr << 2) - 1u; break; =20 case PMP_AMATCH_NA4: --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307814420891.8484081426084; Wed, 27 Aug 2025 08:16:54 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHhK-0003Bf-Mn; Wed, 27 Aug 2025 11:04:26 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhF-00033N-V2; Wed, 27 Aug 2025 11:04:22 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhD-0004t7-DI; Wed, 27 Aug 2025 11:04:21 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 5D39214C537; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 49B2926983F; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Yang Jialong , Daniel Henrique Barboza , Alistair Francis , Michael Tokarev Subject: [Stable-10.0.4 15/59] intc/riscv_aplic: Fix target register read when source is inactive Date: Wed, 27 Aug 2025 18:02:20 +0300 Message-ID: <20250827150323.2694101-15-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307815433124100 Content-Type: text/plain; charset="utf-8" From: Yang Jialong The RISC-V Advanced interrupt Architecture: 4.5.16. Interrupt targets: If interrupt source i is inactive in this domain, register target[i] is read-only zero. Signed-off-by: Yang Jialong Reviewed-by: Daniel Henrique Barboza Message-ID: <20250728055114.252024-1-z_bajeer@yeah.net> Signed-off-by: Alistair Francis (cherry picked from commit b6f1244678bebaf7e2c775cfc66d452f95678ebf) Signed-off-by: Michael Tokarev diff --git a/hw/intc/riscv_aplic.c b/hw/intc/riscv_aplic.c index 5964cde7e0..cab8f0cd4d 100644 --- a/hw/intc/riscv_aplic.c +++ b/hw/intc/riscv_aplic.c @@ -628,7 +628,7 @@ static void riscv_aplic_request(void *opaque, int irq, = int level) =20 static uint64_t riscv_aplic_read(void *opaque, hwaddr addr, unsigned size) { - uint32_t irq, word, idc; + uint32_t irq, word, idc, sm; RISCVAPLICState *aplic =3D opaque; =20 /* Reads must be 4 byte words */ @@ -696,6 +696,10 @@ static uint64_t riscv_aplic_read(void *opaque, hwaddr = addr, unsigned size) } else if ((APLIC_TARGET_BASE <=3D addr) && (addr < (APLIC_TARGET_BASE + (aplic->num_irqs - 1) * 4))) { irq =3D ((addr - APLIC_TARGET_BASE) >> 2) + 1; + sm =3D aplic->sourcecfg[irq] & APLIC_SOURCECFG_SM_MASK; + if (sm =3D=3D APLIC_SOURCECFG_SM_INACTIVE) { + return 0; + } return aplic->target[irq]; } else if (!aplic->msimode && (APLIC_IDC_BASE <=3D addr) && (addr < (APLIC_IDC_BASE + aplic->num_harts * APLIC_IDC_SIZE)))= { --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307353414325.104180898412; Wed, 27 Aug 2025 08:09:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHhS-0003VZ-6K; Wed, 27 Aug 2025 11:04:34 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhH-00036J-FQ; Wed, 27 Aug 2025 11:04:23 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhF-0004tU-31; Wed, 27 Aug 2025 11:04:23 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 6F7E814C538; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 5AA7D269840; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Jay Chang , Frank Chang , Alistair Francis , Nutty Liu , Michael Tokarev Subject: [Stable-10.0.4 16/59] target/riscv: Restrict mideleg/medeleg/medelegh access to S-mode harts Date: Wed, 27 Aug 2025 18:02:21 +0300 Message-ID: <20250827150323.2694101-16-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307355644124100 Content-Type: text/plain; charset="utf-8" From: Jay Chang RISC-V Privileged Spec states: "In harts with S-mode, the medeleg and mideleg registers must exist, and setting a bit in medeleg or mideleg will delegate the corresponding trap , when occurring in S-mode or U-mode, to the S-mode trap handler. In harts without S-mode, the medeleg and mideleg registers should not exist." Add smode predicate to ensure these CSRs are only accessible when S-mode is supported. Reviewed-by: Frank Chang Reviewed-by: Alistair Francis Signed-off-by: Jay Chang Reviewed-by: Nutty Liu Message-ID: <20250701030021.99218-2-jay.chang@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit e443ba03361b63218e6c3aa4f73d2cb5b9b1d372) Signed-off-by: Michael Tokarev diff --git a/target/riscv/csr.c b/target/riscv/csr.c index f1c4c8c1b8..7fe6ac7ea2 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -5783,8 +5783,8 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] =3D { NULL, read_mstatus_i128 = }, [CSR_MISA] =3D { "misa", any, read_misa, write_misa, NULL, read_misa_i128 = }, - [CSR_MIDELEG] =3D { "mideleg", any, NULL, NULL, rmw_mideleg= }, - [CSR_MEDELEG] =3D { "medeleg", any, read_medeleg, write_medel= eg }, + [CSR_MIDELEG] =3D { "mideleg", smode, NULL, NULL, rmw_midel= eg }, + [CSR_MEDELEG] =3D { "medeleg", smode, read_medeleg, write_med= eleg }, [CSR_MIE] =3D { "mie", any, NULL, NULL, rmw_mie = }, [CSR_MTVEC] =3D { "mtvec", any, read_mtvec, write_mtvec= }, [CSR_MCOUNTEREN] =3D { "mcounteren", umode, read_mcounteren, @@ -5792,7 +5792,7 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] =3D { =20 [CSR_MSTATUSH] =3D { "mstatush", any32, read_mstatush, write_mstatush = }, - [CSR_MEDELEGH] =3D { "medelegh", any32, read_zero, write_ignore, + [CSR_MEDELEGH] =3D { "medelegh", smode32, read_zero, write_ignore, .min_priv_ver =3D PRIV_VERSION_1_13_0 = }, [CSR_HEDELEGH] =3D { "hedelegh", hmode32, read_hedelegh, write_he= delegh, .min_priv_ver =3D PRIV_VERSION_1_13_0 = }, --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307253105133.60773348683313; Wed, 27 Aug 2025 08:07:33 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHi2-0004cC-0I; Wed, 27 Aug 2025 11:05:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhe-0003vq-89; Wed, 27 Aug 2025 11:04:49 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhb-0004tr-PX; Wed, 27 Aug 2025 11:04:45 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 81E4214C539; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 6D100269841; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Jay Chang , Frank Chang , Alistair Francis , Nutty Liu , Michael Tokarev Subject: [Stable-10.0.4 17/59] target/riscv: Restrict midelegh access to S-mode harts Date: Wed, 27 Aug 2025 18:02:22 +0300 Message-ID: <20250827150323.2694101-17-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307254605116600 Content-Type: text/plain; charset="utf-8" From: Jay Chang RISC-V AIA Spec states: "For a machine-level environment, extension Smaia encompasses all added CSRs and all modifications to interrupt response behavior that the AIA specifies for a hart, over all privilege levels. For a supervisor-level environment, extension Ssaia is essentially the same as Smaia except excluding the machine-level CSRs and behavior not directly visible to supervisor level." Since midelegh is an AIA machine-mode CSR, add Smaia extension check in aia_smode32 predicate. Reviewed-by: Frank Chang Reviewed-by: Alistair Francis Signed-off-by: Jay Chang Reviewed-by: Nutty Liu Message-ID: <20250701030021.99218-3-jay.chang@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 86bc3a0abf10072081cddd8dff25aa72c60e67b8) Signed-off-by: Michael Tokarev diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 7fe6ac7ea2..66d572af1f 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -372,8 +372,11 @@ static RISCVException aia_smode(CPURISCVState *env, in= t csrno) static RISCVException aia_smode32(CPURISCVState *env, int csrno) { int ret; + int csr_priv =3D get_field(csrno, 0x300); =20 - if (!riscv_cpu_cfg(env)->ext_ssaia) { + if (csr_priv =3D=3D PRV_M && !riscv_cpu_cfg(env)->ext_smaia) { + return RISCV_EXCP_ILLEGAL_INST; + } else if (!riscv_cpu_cfg(env)->ext_ssaia) { return RISCV_EXCP_ILLEGAL_INST; } =20 @@ -5832,7 +5835,7 @@ riscv_csr_operations csr_ops[CSR_TABLE_SIZE] =3D { [CSR_MVIP] =3D { "mvip", aia_any, NULL, NULL, rmw_mvip }, =20 /* Machine-Level High-Half CSRs (AIA) */ - [CSR_MIDELEGH] =3D { "midelegh", aia_any32, NULL, NULL, rmw_midelegh }, + [CSR_MIDELEGH] =3D { "midelegh", aia_smode32, NULL, NULL, rmw_midelegh= }, [CSR_MIEH] =3D { "mieh", aia_any32, NULL, NULL, rmw_mieh }, [CSR_MVIENH] =3D { "mvienh", aia_any32, NULL, NULL, rmw_mvienh }, [CSR_MVIPH] =3D { "mviph", aia_any32, NULL, NULL, rmw_mviph }, --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308440506372.50385860792005; Wed, 27 Aug 2025 08:27:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHhv-0004Kf-Ur; Wed, 27 Aug 2025 11:05:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhg-0003z5-5y; Wed, 27 Aug 2025 11:04:51 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhd-0004u7-TW; Wed, 27 Aug 2025 11:04:47 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 9025414C53A; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 7F171269842; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Bibo Mao , Song Gao , Michael Tokarev Subject: [Stable-10.0.4 18/59] target/loongarch: Fix valid virtual address checking Date: Wed, 27 Aug 2025 18:02:23 +0300 Message-ID: <20250827150323.2694101-18-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308443616124100 Content-Type: text/plain; charset="utf-8" From: Bibo Mao On LoongArch64 system, the high 32 bit of 64 bit virtual address should be 0x00000[0-7]yyy or 0xffff8yyy. The bit from 47 to 63 should be all 0 or all 1. Function get_physical_address() only checks bit 48 to 63, there will be problem with the following test case. On physical machine, there is bus error report and program exits abnormally. However on qemu TCG system emulation mode, the program runs normally. The virtual address 0xffff000000000000ULL + addr and addr are treated the same on TLB entry checking. This patch fixes this issue. void main() { void *addr, *addr1; int val; addr =3D malloc(100); *(int *)addr =3D 1; addr1 =3D 0xffff000000000000ULL + addr; val =3D *(int *)addr1; printf("val %d \n", val); } Cc: qemu-stable@nongnu.org Signed-off-by: Bibo Mao Acked-by: Song Gao Reviewed-by: Song Gao Message-ID: <20250714015446.746163-1-maobibo@loongson.cn> Signed-off-by: Song Gao (cherry picked from commit caab7ac83507e3e9a5fe2f37be5cfa759e766ba2) Signed-off-by: Michael Tokarev diff --git a/target/loongarch/cpu_helper.c b/target/loongarch/cpu_helper.c index 930466ca48..8c332d74a5 100644 --- a/target/loongarch/cpu_helper.c +++ b/target/loongarch/cpu_helper.c @@ -299,8 +299,8 @@ int get_physical_address(CPULoongArchState *env, hwaddr= *physical, } =20 /* Check valid extension */ - addr_high =3D sextract64(address, TARGET_VIRT_ADDR_SPACE_BITS, 16); - if (!(addr_high =3D=3D 0 || addr_high =3D=3D -1)) { + addr_high =3D (int64_t)address >> (TARGET_VIRT_ADDR_SPACE_BITS - 1); + if (!(addr_high =3D=3D 0 || addr_high =3D=3D -1ULL)) { return TLBRET_BADADDR; } =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307163445546.0357480670745; Wed, 27 Aug 2025 08:06:03 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHi2-0004cR-3b; Wed, 27 Aug 2025 11:05:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhj-00040R-AU; Wed, 27 Aug 2025 11:04:53 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhg-0004wj-TG; Wed, 27 Aug 2025 11:04:50 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id A35FC14C53B; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 8D63F269843; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Jonah Palmer , terrynini , Si-Wei Liu , Jason Wang , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.0.4 19/59] virtio: fix off-by-one and invalid access in virtqueue_ordered_fill Date: Wed, 27 Aug 2025 18:02:24 +0300 Message-ID: <20250827150323.2694101-19-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307173083124100 Content-Type: text/plain; charset="utf-8" From: Jonah Palmer Commit b44135daa372 introduced virtqueue_ordered_fill for VIRTIO_F_IN_ORDER support but had a few issues: * Conditional while loop used 'steps <=3D max_steps' but should've been 'steps < max_steps' since reaching steps =3D=3D max_steps would indicate that we didn't find an element, which is an error. Without this change, the code would attempt to read invalid data at an index outside of our search range. * Incremented 'steps' using the next chain's ndescs instead of the current one. This patch corrects the loop bounds and synchronizes 'steps' and index increments. We also add a defensive sanity check against malicious or invalid descriptor counts to avoid a potential infinite loop and DoS. Fixes: b44135daa372 ("virtio: virtqueue_ordered_fill - VIRTIO_F_IN_ORDER su= pport") Reported-by: terrynini Signed-off-by: Jonah Palmer Message-Id: <20250721150208.2409779-1-jonah.palmer@oracle.com> Reviewed-by: Si-Wei Liu Acked-by: Jason Wang Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 6fcf5ebafad65adc19a616260ca7dc90005785d1) Signed-off-by: Michael Tokarev diff --git a/hw/virtio/virtio.c b/hw/virtio/virtio.c index ec54573feb..b756f49867 100644 --- a/hw/virtio/virtio.c +++ b/hw/virtio/virtio.c @@ -929,18 +929,18 @@ static void virtqueue_packed_fill(VirtQueue *vq, cons= t VirtQueueElement *elem, static void virtqueue_ordered_fill(VirtQueue *vq, const VirtQueueElement *= elem, unsigned int len) { - unsigned int i, steps, max_steps; + unsigned int i, steps, max_steps, ndescs; =20 i =3D vq->used_idx % vq->vring.num; steps =3D 0; /* - * We shouldn't need to increase 'i' by more than the distance - * between used_idx and last_avail_idx. + * We shouldn't need to increase 'i' by more than or equal to + * the distance between used_idx and last_avail_idx (max_steps). */ max_steps =3D (vq->last_avail_idx - vq->used_idx) % vq->vring.num; =20 /* Search for element in vq->used_elems */ - while (steps <=3D max_steps) { + while (steps < max_steps) { /* Found element, set length and mark as filled */ if (vq->used_elems[i].index =3D=3D elem->index) { vq->used_elems[i].len =3D len; @@ -948,8 +948,18 @@ static void virtqueue_ordered_fill(VirtQueue *vq, cons= t VirtQueueElement *elem, break; } =20 - i +=3D vq->used_elems[i].ndescs; - steps +=3D vq->used_elems[i].ndescs; + ndescs =3D vq->used_elems[i].ndescs; + + /* Defensive sanity check */ + if (unlikely(ndescs =3D=3D 0 || ndescs > vq->vring.num)) { + qemu_log_mask(LOG_GUEST_ERROR, + "%s: %s invalid ndescs %u at position %u\n", + __func__, vq->vdev->name, ndescs, i); + return; + } + + i +=3D ndescs; + steps +=3D ndescs; =20 if (i >=3D vq->vring.num) { i -=3D vq->vring.num; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307884824714.0104881941253; Wed, 27 Aug 2025 08:18:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHis-0005vx-7V; Wed, 27 Aug 2025 11:06:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhl-00043E-5r; Wed, 27 Aug 2025 11:04:54 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhh-0004x4-Pu; Wed, 27 Aug 2025 11:04:52 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id B8EF714C53C; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id A0784269844; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Hanna Czenczek , Tingting Mao , Manos Pitsidianakis , Stefano Garzarella , Lei Yang , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.0.4 20/59] vhost: Do not abort on log-start error Date: Wed, 27 Aug 2025 18:02:25 +0300 Message-ID: <20250827150323.2694101-20-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307885749116600 Content-Type: text/plain; charset="utf-8" From: Hanna Czenczek Commit 3688fec8923 ("memory: Add Error** argument to .log_global_start() handler") enabled vhost_log_global_start() to return a proper error, but did not change it to do so; instead, it still aborts the whole process on error. This crash can be reproduced by e.g. killing a virtiofsd daemon before initiating migration. In such a case, qemu should not crash, but just make the attempted migration fail. Buglink: https://issues.redhat.com/browse/RHEL-94534 Reported-by: Tingting Mao Signed-off-by: Hanna Czenczek Message-Id: <20250724125928.61045-2-hreitz@redhat.com> Reviewed-by: Manos Pitsidianakis Reviewed-by: Stefano Garzarella Tested-by: Lei Yang Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit c1997099dc26d95eb9f2249f2894aabf4cf0bf8b) Signed-off-by: Michael Tokarev diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index 99d31cc1b4..26e5a67653 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -1111,7 +1111,8 @@ static bool vhost_log_global_start(MemoryListener *li= stener, Error **errp) =20 r =3D vhost_migration_log(listener, true); if (r < 0) { - abort(); + error_setg_errno(errp, -r, "vhost: Failed to start logging"); + return false; } return true; } --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175630845421966.83526905790325; Wed, 27 Aug 2025 08:27:34 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHiv-0005wX-Kk; Wed, 27 Aug 2025 11:06:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhn-00045n-2T; Wed, 27 Aug 2025 11:04:56 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHhl-0004xs-C5; Wed, 27 Aug 2025 11:04:54 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id D628814C53D; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id B6A4B269845; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Hanna Czenczek , Manos Pitsidianakis , Stefano Garzarella , Lei Yang , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.0.4 21/59] vhost: Do not abort on log-stop error Date: Wed, 27 Aug 2025 18:02:26 +0300 Message-ID: <20250827150323.2694101-21-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308457419124100 Content-Type: text/plain; charset="utf-8" From: Hanna Czenczek Failing to stop logging in a vhost device is not exactly fatal. We can log such an error, but there is no need to abort the whole qemu process because of it. Signed-off-by: Hanna Czenczek Message-Id: <20250724125928.61045-3-hreitz@redhat.com> Reviewed-by: Manos Pitsidianakis Reviewed-by: Stefano Garzarella Tested-by: Lei Yang Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit d63c388dadb7717f6391e1bb7f11728c0c1a3e36) Signed-off-by: Michael Tokarev diff --git a/hw/virtio/vhost.c b/hw/virtio/vhost.c index 26e5a67653..e72d991c55 100644 --- a/hw/virtio/vhost.c +++ b/hw/virtio/vhost.c @@ -1123,7 +1123,8 @@ static void vhost_log_global_stop(MemoryListener *lis= tener) =20 r =3D vhost_migration_log(listener, false); if (r < 0) { - abort(); + /* Not fatal, so report it, but take no further action */ + warn_report("vhost: Failed to stop logging"); } } =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307452501961.3437223508276; Wed, 27 Aug 2025 08:10:52 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHk6-0007Pq-Ag; Wed, 27 Aug 2025 11:07:21 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHi9-00051z-J5; Wed, 27 Aug 2025 11:05:19 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHi7-0004yK-B8; Wed, 27 Aug 2025 11:05:17 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id E63D514C53E; Wed, 27 Aug 2025 18:02:57 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id D2B20269846; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Akihiko Odaki , Konstantin Shkolnyy , Lei Yang , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.0.4 22/59] virtio-net: Fix VLAN filter table reset timing Date: Wed, 27 Aug 2025 18:02:27 +0300 Message-ID: <20250827150323.2694101-22-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307454868124100 Content-Type: text/plain; charset="utf-8" From: Akihiko Odaki Problem Reported-by: Konstantin Shkolnyy Reviewed-by: Michael S. Tsirkin Tested-by: Konstantin Shkolnyy Tested-by: Lei Yang ------- The expected initial state of the table depends on feature negotiation: With VIRTIO_NET_F_CTRL_VLAN: The table must be empty in accordance with the specification. Without VIRTIO_NET_F_CTRL_VLAN: The table must be filled to permit all VLAN traffic. Prior to commit 06b636a1e2ad ("virtio-net: do not reset vlan filtering at set_features"), virtio_net_set_features() always reset the VLAN table. That commit changed the behavior to skip table reset when VIRTIO_NET_F_CTRL_VLAN was negotiated, assuming the table would be properly cleared during device reset and remain stable. However, this assumption breaks when a driver renegotiates features: 1. Initial negotiation without VIRTIO_NET_F_CTRL_VLAN (table filled) 2. Renegotiation with VIRTIO_NET_F_CTRL_VLAN (table will not be cleared) The problem was exacerbated by commit 0caed25cd171 ("virtio: Call set_features during reset"), which triggered virtio_net_set_features() during device reset, exposing the bug whenever VIRTIO_NET_F_CTRL_VLAN was negotiated after a device reset. Solution -------- Fix the issue by initializing the table when virtio_net_set_features() is called to change the VIRTIO_NET_F_CTRL_VLAN bit of vdev->guest_features. This approach ensures the correct table state regardless of feature negotiation sequence by performing initialization in virtio_net_set_features() as QEMU did prior to commit 06b636a1e2ad ("virtio-net: do not reset vlan filtering at set_features"). This change still preserves the goal of the commit, which was to avoid resetting the table during migration, by checking whether the VIRTIO_NET_F_CTRL_VLAN bit of vdev->guest_features is being changed; vdev->guest_features is set before virtio_net_set_features() gets called during migration. It also avoids resetting the table when the driver sets a feature bitmask with no change for the VIRTIO_NET_F_CTRL_VLAN bit, which makes the operation idempotent and its semantics cleaner. Additionally, this change ensures the table is initialized after feature negotiation and before the DRIVER_OK status bit being set for compatibility with the Linux driver before commit 50c0ada627f5 ("virtio-net: fix race between ndo_open() and virtio_device_ready()"), which did not ensure to set the DRIVER_OK status bit before modifying the table. Fixes: 06b636a1e2ad ("virtio-net: do not reset vlan filtering at set_featur= es") Cc: qemu-stable@nongnu.org Reported-by: Konstantin Shkolnyy Signed-off-by: Akihiko Odaki Tested-by: Konstantin Shkolnyy Tested-by: Lei Yang Message-Id: <20250727-vlan-v3-1-bbee738619b1@rsg.ci.i.u-tokyo.ac.jp> Tested-by: Konstantin Shkolnyy Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit 6071d13c6a37493a6b26e1609b09a98aa058038a) Signed-off-by: Michael Tokarev diff --git a/hw/net/virtio-net.c b/hw/net/virtio-net.c index 5f908e5bca..8a0ea4cff5 100644 --- a/hw/net/virtio-net.c +++ b/hw/net/virtio-net.c @@ -997,8 +997,9 @@ static void virtio_net_set_features(VirtIODevice *vdev,= uint64_t features) vhost_net_save_acked_features(nc->peer); } =20 - if (!virtio_has_feature(features, VIRTIO_NET_F_CTRL_VLAN)) { - memset(n->vlans, 0xff, MAX_VLAN >> 3); + if (virtio_has_feature(vdev->guest_features ^ features, VIRTIO_NET_F_C= TRL_VLAN)) { + bool vlan =3D virtio_has_feature(features, VIRTIO_NET_F_CTRL_VLAN); + memset(n->vlans, vlan ? 0 : 0xff, MAX_VLAN >> 3); } =20 if (virtio_has_feature(features, VIRTIO_NET_F_STANDBY)) { @@ -3896,6 +3897,7 @@ static void virtio_net_device_realize(DeviceState *de= v, Error **errp) n->mac_table.macs =3D g_malloc0(MAC_TABLE_ENTRIES * ETH_ALEN); =20 n->vlans =3D g_malloc0(MAX_VLAN >> 3); + memset(n->vlans, 0xff, MAX_VLAN >> 3); =20 nc =3D qemu_get_queue(n->nic); nc->rxfilter_notify_enabled =3D 1; @@ -3986,7 +3988,6 @@ static void virtio_net_reset(VirtIODevice *vdev) memset(n->mac_table.macs, 0, MAC_TABLE_ENTRIES * ETH_ALEN); memcpy(&n->mac[0], &n->nic->conf->macaddr, sizeof(n->mac)); qemu_format_nic_info_str(qemu_get_queue(n->nic), n->mac); - memset(n->vlans, 0, MAX_VLAN >> 3); =20 /* Flush any async TX */ for (i =3D 0; i < n->max_queue_pairs; i++) { --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307576501680.0711289581981; Wed, 27 Aug 2025 08:12:56 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHia-0005Sd-Ln; Wed, 27 Aug 2025 11:05:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHiA-00056H-Vu; Wed, 27 Aug 2025 11:05:24 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHi8-0004yc-QU; Wed, 27 Aug 2025 11:05:18 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 0229114C53F; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id E3A2C269847; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Akihiko Odaki , Corentin BAYET , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.0.4 23/59] pcie_sriov: Fix configuration and state synchronization Date: Wed, 27 Aug 2025 18:02:28 +0300 Message-ID: <20250827150323.2694101-23-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307578614116601 Content-Type: text/plain; charset="utf-8" From: Akihiko Odaki Fix issues in PCIe SR-IOV configuration register handling that caused inconsistent internal state due to improper write mask handling and incorrect migration behavior. Two main problems were identified: 1. VF Enable bit write mask handling: pcie_sriov_config_write() incorrectly assumed that its val parameter was already masked, causing it to ignore the actual write mask. This led to the VF Enable bit being processed even when masked, resulting in incorrect VF registration/unregistration. It is identified as CVE-2025-54567. 2. Migration state inconsistency: pcie_sriov_pf_post_load() unconditionally called register_vfs() regardless of the VF Enable bit state, creating inconsistent internal state when VFs should not be enabled. Additionally, it failed to properly update the NumVFs write mask based on the current configuration. It is identified as CVE-2025-54566. Root cause analysis revealed that both functions relied on incorrect special-case assumptions instead of properly reading and consuming the actual configuration values. This change introduces a unified consume_config() function that reads actual configuration values and synchronize the internal state without special-case assumptions. The solution only adds register read overhead in non-hot-path code while ensuring correct SR-IOV state management across configuration writes and migration scenarios. Fixes: 5e7dd17e4348 ("pcie_sriov: Remove num_vfs from PCIESriovPF") Fixes: f9efcd47110d ("pcie_sriov: Register VFs after migration") Fixes: CVE-2025-54566 Fixes: CVE-2025-54567 Cc: qemu-stable@nongnu.org Reported-by: Corentin BAYET Signed-off-by: Akihiko Odaki Message-Id: <20250727-wmask-v2-1-394910b1c0b6@rsg.ci.i.u-tokyo.ac.jp> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit cad9aa6fbdccd95e56e10cfa57c354a20a333717) (Mjt: context fix) Signed-off-by: Michael Tokarev diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c index 1eb4358256..dd4fbaea46 100644 --- a/hw/pci/pcie_sriov.c +++ b/hw/pci/pcie_sriov.c @@ -211,6 +211,27 @@ static void unregister_vfs(PCIDevice *dev) pci_set_word(dev->wmask + dev->exp.sriov_cap + PCI_SRIOV_NUM_VF, 0xfff= f); } =20 +static void consume_config(PCIDevice *dev) +{ + uint8_t *cfg =3D dev->config + dev->exp.sriov_cap; + + if (pci_get_word(cfg + PCI_SRIOV_CTRL) & PCI_SRIOV_CTRL_VFE) { + register_vfs(dev); + } else { + uint8_t *wmask =3D dev->wmask + dev->exp.sriov_cap; + uint16_t num_vfs =3D pci_get_word(cfg + PCI_SRIOV_NUM_VF); + uint16_t wmask_val =3D PCI_SRIOV_CTRL_MSE | PCI_SRIOV_CTRL_ARI; + + unregister_vfs(dev); + + if (num_vfs <=3D pci_get_word(cfg + PCI_SRIOV_TOTAL_VF)) { + wmask_val |=3D PCI_SRIOV_CTRL_VFE; + } + + pci_set_word(wmask + PCI_SRIOV_CTRL, wmask_val); + } +} + void pcie_sriov_config_write(PCIDevice *dev, uint32_t address, uint32_t val, int len) { @@ -228,30 +249,13 @@ void pcie_sriov_config_write(PCIDevice *dev, uint32_t= address, trace_sriov_config_write(dev->name, PCI_SLOT(dev->devfn), PCI_FUNC(dev->devfn), off, val, len); =20 - if (range_covers_byte(off, len, PCI_SRIOV_CTRL)) { - if (val & PCI_SRIOV_CTRL_VFE) { - register_vfs(dev); - } else { - unregister_vfs(dev); - } - } else if (range_covers_byte(off, len, PCI_SRIOV_NUM_VF)) { - uint8_t *cfg =3D dev->config + sriov_cap; - uint8_t *wmask =3D dev->wmask + sriov_cap; - uint16_t num_vfs =3D pci_get_word(cfg + PCI_SRIOV_NUM_VF); - uint16_t wmask_val =3D PCI_SRIOV_CTRL_MSE | PCI_SRIOV_CTRL_ARI; - - if (num_vfs <=3D pci_get_word(cfg + PCI_SRIOV_TOTAL_VF)) { - wmask_val |=3D PCI_SRIOV_CTRL_VFE; - } - - pci_set_word(wmask + PCI_SRIOV_CTRL, wmask_val); - } + consume_config(dev); } =20 void pcie_sriov_pf_post_load(PCIDevice *dev) { if (dev->exp.sriov_cap) { - register_vfs(dev); + consume_config(dev); } } =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308398062437.04693616331235; Wed, 27 Aug 2025 08:26:38 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHkM-0007zB-5K; Wed, 27 Aug 2025 11:07:35 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHiD-00057e-6N; Wed, 27 Aug 2025 11:05:24 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHiB-0005DY-57; Wed, 27 Aug 2025 11:05:20 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 0F5B314C540; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id F2BF7269848; Wed, 27 Aug 2025 18:03:24 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, David Woodhouse , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.0.4 24/59] intel_iommu: Allow both Status Write and Interrupt Flag in QI wait Date: Wed, 27 Aug 2025 18:02:29 +0300 Message-ID: <20250827150323.2694101-24-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308401022124100 Content-Type: text/plain; charset="utf-8" From: David Woodhouse FreeBSD does both, and this appears to be perfectly valid. The VT-d spec even talks about the ordering (the status write should be done first, unsurprisingly). We certainly shouldn't assert() and abort QEMU if the guest asks for both. Fixes: ed7b8fbcfb88 ("intel-iommu: add supports for queued invalidation int= erface") Closes: https://gitlab.com/qemu-project/qemu/-/issues/3028 Signed-off-by: David Woodhouse Message-Id: <0122cbabc0adcc3cf878f5fd7834d8f258c7a2f2.camel@infradead.org> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit e8145dcd311b58921f3a45121792cbfab38fd2f6) Signed-off-by: Michael Tokarev diff --git a/hw/i386/intel_iommu.c b/hw/i386/intel_iommu.c index dffd7ee885..a117a0b6b1 100644 --- a/hw/i386/intel_iommu.c +++ b/hw/i386/intel_iommu.c @@ -2830,6 +2830,7 @@ static bool vtd_process_wait_desc(IntelIOMMUState *s,= VTDInvDesc *inv_desc) { uint64_t mask[4] =3D {VTD_INV_DESC_WAIT_RSVD_LO, VTD_INV_DESC_WAIT_RSV= D_HI, VTD_INV_DESC_ALL_ONE, VTD_INV_DESC_ALL_ONE}; + bool ret =3D true; =20 if (!vtd_inv_desc_reserved_check(s, inv_desc, mask, false, __func__, "wait")) { @@ -2841,8 +2842,6 @@ static bool vtd_process_wait_desc(IntelIOMMUState *s,= VTDInvDesc *inv_desc) uint32_t status_data =3D (uint32_t)(inv_desc->lo >> VTD_INV_DESC_WAIT_DATA_SHIFT); =20 - assert(!(inv_desc->lo & VTD_INV_DESC_WAIT_IF)); - /* FIXME: need to be masked with HAW? */ dma_addr_t status_addr =3D inv_desc->hi; trace_vtd_inv_desc_wait_sw(status_addr, status_data); @@ -2851,18 +2850,22 @@ static bool vtd_process_wait_desc(IntelIOMMUState *= s, VTDInvDesc *inv_desc) &status_data, sizeof(status_data), MEMTXATTRS_UNSPECIFIED)) { trace_vtd_inv_desc_wait_write_fail(inv_desc->hi, inv_desc->lo); - return false; + ret =3D false; } - } else if (inv_desc->lo & VTD_INV_DESC_WAIT_IF) { + } + + if (inv_desc->lo & VTD_INV_DESC_WAIT_IF) { /* Interrupt flag */ vtd_generate_completion_event(s); - } else { + } + + if (!(inv_desc->lo & (VTD_INV_DESC_WAIT_IF | VTD_INV_DESC_WAIT_SW))) { error_report_once("%s: invalid wait desc: hi=3D%"PRIx64", lo=3D%"P= RIx64 " (unknown type)", __func__, inv_desc->hi, inv_desc->lo); return false; } - return true; + return ret; } =20 static bool vtd_process_context_cache_desc(IntelIOMMUState *s, --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307275790606.4906306964394; Wed, 27 Aug 2025 08:07:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHjq-0007BW-QH; Wed, 27 Aug 2025 11:07:06 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHiF-00059B-5C; Wed, 27 Aug 2025 11:05:24 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHiC-0005E3-VQ; Wed, 27 Aug 2025 11:05:22 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 1F91914C541; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 0D092269849; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Sairaj Kodilkar , Vasant Hegde , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.0.4 25/59] hw/i386/amd_iommu: Move IOAPIC memory region initialization to the end Date: Wed, 27 Aug 2025 18:02:30 +0300 Message-ID: <20250827150323.2694101-25-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307278751116600 Content-Type: text/plain; charset="utf-8" From: Sairaj Kodilkar Setting up IOAPIC memory region requires mr_sys and mr_ir. Currently these two memory regions are setup after the initializing the IOAPIC memory region, which cause `amdvi_host_dma_iommu()` to use unitialized mr_sys and mr_ir. Move the IOAPIC memory region initialization to the end in order to use the mr_sys and mr_ir regions after they are fully initialized. Fixes: 577c470f4326 ("x86_iommu/amd: Prepare for interrupt remap support") Signed-off-by: Sairaj Kodilkar Reviewed-by: Vasant Hegde Message-Id: <20250801060507.3382-4-sarunkod@amd.com> Reviewed-by: Michael S. Tsirkin Signed-off-by: Michael S. Tsirkin (cherry picked from commit a7842d94067cddc80b47ac42fb6e49e2fc02a3c5) (Mjt: context fix due to missing v10.0.0-833-gf864a3235ea1 "hw/i386/amd_iommu: Isolate AMDVI-PCI from amd-iommu device to allow full control over the PCI device creation") Signed-off-by: Michael Tokarev diff --git a/hw/i386/amd_iommu.c b/hw/i386/amd_iommu.c index f773653487..37447dca25 100644 --- a/hw/i386/amd_iommu.c +++ b/hw/i386/amd_iommu.c @@ -1620,9 +1620,6 @@ static void amdvi_sysbus_realize(DeviceState *dev, Er= ror **errp) return; } =20 - /* Pseudo address space under root PCI bus. */ - x86ms->ioapic_as =3D amdvi_host_dma_iommu(bus, s, AMDVI_IOAPIC_SB_DEVI= D); - /* set up MMIO */ memory_region_init_io(&s->mr_mmio, OBJECT(s), &mmio_mem_ops, s, "amdvi-mmio", AMDVI_MMIO_SIZE); @@ -1645,6 +1642,9 @@ static void amdvi_sysbus_realize(DeviceState *dev, Er= ror **errp) memory_region_add_subregion_overlap(&s->mr_sys, AMDVI_INT_ADDR_FIRST, &s->mr_ir, 1); =20 + /* Pseudo address space under root PCI bus. */ + x86ms->ioapic_as =3D amdvi_host_dma_iommu(bus, s, AMDVI_IOAPIC_SB_DEVI= D); + if (kvm_enabled() && x86ms->apic_id_limit > 255 && !s->xtsup) { error_report("AMD IOMMU with x2APIC configuration requires xtsup= =3Don"); exit(EXIT_FAILURE); --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307451503101.238404382402; Wed, 27 Aug 2025 08:10:51 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHkF-0007cL-A3; Wed, 27 Aug 2025 11:07:27 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHiG-00059e-Vt; Wed, 27 Aug 2025 11:05:26 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHiF-0005EY-94; Wed, 27 Aug 2025 11:05:24 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 2D97E14C542; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 1C30126984A; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Zenghui Yu , Peter Maydell , Michael Tokarev Subject: [Stable-10.0.4 26/59] hw/intc/arm_gicv3_kvm: Write all 1's to clear enable/active Date: Wed, 27 Aug 2025 18:02:31 +0300 Message-ID: <20250827150323.2694101-26-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307452728116600 Content-Type: text/plain; charset="utf-8" From: Zenghui Yu KVM's userspace access interface to the GICD enable and active bits is via set/clear register pairs which implement the hardware's "write 1s to the clear register to clear the 0 bits, and write 1s to the set register to set the 1 bits" semantics. We didn't get this right, because we were writing 0 to the clear register. Writing 0 to GICD_IC{ENABLE,ACTIVE}R architecturally has no effect on interrupt status (all writes are simply ignored by KVM) and doesn't comply with the intention of "first write to the clear-reg to clear all bits". Write all 1's to actually clear the enable/active status. This didn't have any adverse effects on migration because there we start with a clean VM state; it would be guest-visible when doing a system reset, but since Linux always cleans up the register state of the GIC during bootup before it enables it most users won't have run into a problem here. Cc: qemu-stable@nongnu.org Fixes: 367b9f527bec ("hw/intc/arm_gicv3_kvm: Implement get/put functions") Signed-off-by: Zenghui Yu Message-id: 20250729161650.43758-3-zenghui.yu@linux.dev Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit b10bd4bd17ac8628ede8735a08ad82dc3b721c64) Signed-off-by: Michael Tokarev diff --git a/hw/intc/arm_gicv3_kvm.c b/hw/intc/arm_gicv3_kvm.c index 8e17cab2a0..d6e23426c0 100644 --- a/hw/intc/arm_gicv3_kvm.c +++ b/hw/intc/arm_gicv3_kvm.c @@ -294,7 +294,7 @@ static void kvm_dist_putbmp(GICv3State *s, uint32_t off= set, * the 1 bits. */ if (clroffset !=3D 0) { - reg =3D 0; + reg =3D ~0; kvm_gicd_access(s, clroffset, ®, true); clroffset +=3D 4; } --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308097280306.84114384781526; Wed, 27 Aug 2025 08:21:37 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHlo-0001OL-Iv; Wed, 27 Aug 2025 11:09:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHig-0005ge-Mu; Wed, 27 Aug 2025 11:05:52 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHid-0005F0-0F; Wed, 27 Aug 2025 11:05:50 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 3B27B14C543; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 2A82126984B; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Vacha Bhavsar , Peter Maydell , Michael Tokarev Subject: [Stable-10.0.4 27/59] target/arm: Fix big-endian handling of NEON gdb remote debugging Date: Wed, 27 Aug 2025 18:02:32 +0300 Message-ID: <20250827150323.2694101-27-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308098283116600 Content-Type: text/plain; charset="utf-8" From: Vacha Bhavsar In the code for allowing the gdbstub to set the value of an AArch64 FP/SIMD register, we weren't accounting for target_big_endian() being true. This meant that for aarch64_be-linux-user we would set the two halves of the FP register the wrong way around. The much more common case of a little-endian guest is not affected; nor are big-endian hosts. Correct the handling of this case. Cc: qemu-stable@nongnu.org Signed-off-by: Vacha Bhavsar Message-id: 20250722173736.2332529-2-vacha.bhavsar@oss.qualcomm.com [PMM: added comment, expanded commit message, fixed missing space] Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit 35cca0f95ff5345f54c11d116efc8940a0dab8aa) (Mjt: s/target_big_endian/target_words_bigendian/ due to missing v10.0.0-277-gb939b8e42a "exec: Rename target_words_bigendian() -> target_b= ig_endian()") Signed-off-by: Michael Tokarev diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c index 1a4dbec567..d4d808a49b 100644 --- a/target/arm/gdbstub64.c +++ b/target/arm/gdbstub64.c @@ -111,8 +111,22 @@ int aarch64_gdb_set_fpu_reg(CPUState *cs, uint8_t *buf= , int reg) /* 128 bit FP register */ { uint64_t *q =3D aa64_vfp_qreg(env, reg); - q[0] =3D ldq_le_p(buf); - q[1] =3D ldq_le_p(buf + 8); + + /* + * On the wire these are target-endian 128 bit values. + * In the CPU state these are host-order uint64_t values + * with the least-significant one first. This means they're + * the other way around for target_words_bigendian() (which is + * only true for us for aarch64_be-linux-user). + */ + if (target_words_bigendian()) { + q[1] =3D ldq_p(buf); + q[0] =3D ldq_p(buf + 8); + } else{ + q[0] =3D ldq_p(buf); + q[1] =3D ldq_p(buf + 8); + } + return 16; } case 32: --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 17563078442151007.4783268374672; Wed, 27 Aug 2025 08:17:24 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHls-0001o8-4g; Wed, 27 Aug 2025 11:09:08 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHig-0005fr-9C; Wed, 27 Aug 2025 11:05:52 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHic-0005FR-Kg; Wed, 27 Aug 2025 11:05:50 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 499C314C544; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 3845B26984C; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Vacha Bhavsar , Peter Maydell , Michael Tokarev Subject: [Stable-10.0.4 28/59] target/arm: Fix handling of setting SVE registers from gdb Date: Wed, 27 Aug 2025 18:02:33 +0300 Message-ID: <20250827150323.2694101-28-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307845327116600 Content-Type: text/plain; charset="utf-8" From: Vacha Bhavsar The code to handle setting SVE registers via the gdbstub is broken: * it sets each pair of elements in the zregs[].d[] array in the wrong order for the most common (little endian) case: the least significant 64-bit value comes first * it makes no attempt to handle target_endian() * it does a simple copy out of the (target endian) gdbstub buffer into the (host endan) zregs data structure, which is wrong on big endian hosts Fix all these problems: * use ldq_p() to read from the gdbstub buffer * check target_big_endian() to see if we need to handle the 128-bit values the opposite way around Cc: qemu-stable@nongnu.org Signed-off-by: Vacha Bhavsar Message-id: 20250722173736.2332529-3-vacha.bhavsar@oss.qualcomm.com [PMM: adjusted commit message, fixed spacing] Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit 97b3d732afec9b165c33697452e31267a845338f) (Mjt: s/target_big_endian/target_words_bigendian/ due to missing v10.0.0-277-gb939b8e42a "exec: Rename target_words_bigendian() -> target_b= ig_endian()") Signed-off-by: Michael Tokarev diff --git a/target/arm/gdbstub64.c b/target/arm/gdbstub64.c index d4d808a49b..b9b2b14c93 100644 --- a/target/arm/gdbstub64.c +++ b/target/arm/gdbstub64.c @@ -202,10 +202,17 @@ int aarch64_gdb_set_sve_reg(CPUState *cs, uint8_t *bu= f, int reg) case 0 ... 31: { int vq, len =3D 0; - uint64_t *p =3D (uint64_t *) buf; for (vq =3D 0; vq < cpu->sve_max_vq; vq++) { - env->vfp.zregs[reg].d[vq * 2 + 1] =3D *p++; - env->vfp.zregs[reg].d[vq * 2] =3D *p++; + if (target_words_bigendian()) { + env->vfp.zregs[reg].d[vq * 2 + 1] =3D ldq_p(buf); + buf +=3D 8; + env->vfp.zregs[reg].d[vq * 2] =3D ldq_p(buf); + } else{ + env->vfp.zregs[reg].d[vq * 2] =3D ldq_p(buf); + buf +=3D 8; + env->vfp.zregs[reg].d[vq * 2 + 1] =3D ldq_p(buf); + } + buf +=3D 8; len +=3D 16; } return len; @@ -220,9 +227,9 @@ int aarch64_gdb_set_sve_reg(CPUState *cs, uint8_t *buf,= int reg) { int preg =3D reg - 34; int vq, len =3D 0; - uint64_t *p =3D (uint64_t *) buf; for (vq =3D 0; vq < cpu->sve_max_vq; vq =3D vq + 4) { - env->vfp.pregs[preg].p[vq / 4] =3D *p++; + env->vfp.pregs[preg].p[vq / 4] =3D ldq_p(buf); + buf +=3D 8; len +=3D 8; } return len; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307648510218.77408142891954; Wed, 27 Aug 2025 08:14:08 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHlx-0002XP-VI; Wed, 27 Aug 2025 11:09:14 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHin-0005v5-4R; Wed, 27 Aug 2025 11:05:58 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHil-0005Jl-BB; Wed, 27 Aug 2025 11:05:56 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 58C6A14C545; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 4734526984D; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Jamin Lin , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 29/59] hw/ssi/aspeed_smc: Fix incorrect FMC_WDT2 register read on AST1030 Date: Wed, 27 Aug 2025 18:02:34 +0300 Message-ID: <20250827150323.2694101-29-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307651139124100 From: Jamin Lin On AST1030, reading the FMC_WDT2 register always returns 0xFFFFFFFF. This issue is due to the aspeed_smc_read function, which checks for the ASPEED_SMC_FEATURE_WDT_CONTROL feature. Since AST1030 was missing this feature flag, the read operation fails and returns -1. To resolve this, add the WDT_CONTROL feature to AST1030's feature set so that FMC_WDT2 can be correctly accessed by firmware. Signed-off-by: Jamin Lin Reviewed-by: C=C3=A9dric Le Goater Fixes: 2850df6a81bcdc2e063dfdd56751ee2d11c58030 ("aspeed/smc: Add AST1030 s= upport ") Link: https://lore.kernel.org/qemu-devel/20250804014633.512737-1-jamin_lin@= aspeedtech.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit 13ed972b4ce57198914a37217251d30fbec20e41) Signed-off-by: Michael Tokarev diff --git a/hw/ssi/aspeed_smc.c b/hw/ssi/aspeed_smc.c index faef1a8e5b..b4a17a52a3 100644 --- a/hw/ssi/aspeed_smc.c +++ b/hw/ssi/aspeed_smc.c @@ -1857,7 +1857,8 @@ static void aspeed_1030_fmc_class_init(ObjectClass *k= lass, void *data) asc->resets =3D aspeed_1030_fmc_resets; asc->flash_window_base =3D 0x80000000; asc->flash_window_size =3D 0x10000000; - asc->features =3D ASPEED_SMC_FEATURE_DMA; + asc->features =3D ASPEED_SMC_FEATURE_DMA | + ASPEED_SMC_FEATURE_WDT_CONTROL; asc->dma_flash_mask =3D 0x0FFFFFFC; asc->dma_dram_mask =3D 0x000BFFFC; asc->dma_start_length =3D 1; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308097076751.2726016931618; Wed, 27 Aug 2025 08:21:37 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHm1-00033z-Ry; Wed, 27 Aug 2025 11:09:20 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHim-0005v4-UT; Wed, 27 Aug 2025 11:05:58 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHij-0005Jw-65; Wed, 27 Aug 2025 11:05:56 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 670AC14C546; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 55F5826984E; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Alex Richardson , Peter Maydell , Michael Tokarev Subject: [Stable-10.0.4 30/59] target/arm: add support for 64-bit PMCCNTR in AArch32 mode Date: Wed, 27 Aug 2025 18:02:35 +0300 Message-ID: <20250827150323.2694101-30-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308098890124100 Content-Type: text/plain; charset="utf-8" From: Alex Richardson In the PMUv3, a new AArch32 64-bit (MCRR/MRRC) accessor for the PMCCNTR was added. In QEMU we forgot to implement this, so only provide the 32-bit accessor. Since we have a 64-bit PMCCNTR sysreg for AArch64, adding the 64-bit AArch32 version is easy. We add the PMCCNTR to the v8_cp_reginfo because PMUv3 was added in the ARMv8 architecture. This is consistent with how we handle the existing PMCCNTR support, where we always implement it for all v7 CPUs. This is arguably something we should clean up so it is gated on ARM_FEATURE_PMU and/or an ID register check for the relevant PMU version, but we should do that as its own tidyup rather than being inconsistent between this PMCCNTR accessor and the others. Since the register name is the same as the 32-bit PMCCNTR, we set ARM_CP_NO_GDB on the 32-bit one to avoid generating an invalid GDB XML. See https://developer.arm.com/documentation/ddi0601/2024-06/AArch32-Registe= rs/PMCCNTR--Performance-Monitors-Cycle-Count-Register?lang=3Den Note for potential backporting: * this code in cpregs-pmu.c will be in helper.c on stable branches that don't have commit ae2086426d37 Cc: qemu-stable@nongnu.org Signed-off-by: Alex Richardson Message-id: 20250725170136.145116-1-alexrichardson@google.com Reviewed-by: Peter Maydell Signed-off-by: Peter Maydell (cherry picked from commit cd9f752fee75238f842a91be1146c988bd16a010) (Mjt: moved code to target/arm/helper.c and modified it for 10.0) Signed-off-by: Michael Tokarev diff --git a/target/arm/helper.c b/target/arm/helper.c index bb445e30cd..4f89eaa2c2 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -1946,11 +1946,6 @@ static const ARMCPRegInfo v7_cp_reginfo[] =3D { .fgt =3D FGT_PMSELR_EL0, .fieldoffset =3D offsetof(CPUARMState, cp15.c9_pmselr), .writefn =3D pmselr_write, .raw_writefn =3D raw_write, }, - { .name =3D "PMCCNTR", .cp =3D 15, .crn =3D 9, .crm =3D 13, .opc1 =3D = 0, .opc2 =3D 0, - .access =3D PL0_RW, .resetvalue =3D 0, .type =3D ARM_CP_ALIAS | ARM_= CP_IO, - .fgt =3D FGT_PMCCNTR_EL0, - .readfn =3D pmccntr_read, .writefn =3D pmccntr_write32, - .accessfn =3D pmreg_access_ccntr }, { .name =3D "PMCCNTR_EL0", .state =3D ARM_CP_STATE_AA64, .opc0 =3D 3, .opc1 =3D 3, .crn =3D 9, .crm =3D 13, .opc2 =3D 0, .access =3D PL0_RW, .accessfn =3D pmreg_access_ccntr, @@ -6849,9 +6844,26 @@ static void define_pmu_regs(ARMCPU *cpu) .readfn =3D pmcr_read, .raw_readfn =3D raw_read, .writefn =3D pmcr_write, .raw_writefn =3D raw_write, }; + /* + * 32-bit AArch32 PMCCNTR. We don't expose this to GDB if the + * new-in-v8 PMUv3 64-bit AArch32 PMCCNTR register is implemented + * (as that will provide the GDB user's view of "PMCCNTR"). + */ + ARMCPRegInfo pmccntr =3D { + .name =3D "PMCCNTR", + .cp =3D 15, .crn =3D 9, .crm =3D 13, .opc1 =3D 0, .opc2 =3D 0, + .access =3D PL0_RW, .accessfn =3D pmreg_access_ccntr, + .resetvalue =3D 0, .type =3D ARM_CP_ALIAS | ARM_CP_IO, + .fgt =3D FGT_PMCCNTR_EL0, + .readfn =3D pmccntr_read, .writefn =3D pmccntr_write32, + }; + if (arm_feature(&cpu->env, ARM_FEATURE_V8)) { + pmccntr.type |=3D ARM_CP_NO_GDB; + } =20 define_one_arm_cp_reg(cpu, &pmcr); define_one_arm_cp_reg(cpu, &pmcr64); + define_one_arm_cp_reg(cpu, &pmccntr); for (i =3D 0; i < pmcrn; i++) { char *pmevcntr_name =3D g_strdup_printf("PMEVCNTR%d", i); char *pmevcntr_el0_name =3D g_strdup_printf("PMEVCNTR%d_EL0", i); @@ -8162,6 +8174,13 @@ void register_cp_regs_for_features(ARMCPU *cpu) .access =3D PL0_R, .accessfn =3D pmreg_access, .type =3D ARM= _CP_CONST, .fgt =3D FGT_PMCEIDN_EL0, .resetvalue =3D cpu->pmceid1 }, + /* AArch32 64-bit PMCCNTR view: added in PMUv3 with Armv8 */ + { .name =3D "PMCCNTR", .state =3D ARM_CP_STATE_AA32, + .cp =3D 15, .crm =3D 9, .opc1 =3D 0, + .access =3D PL0_RW, .accessfn =3D pmreg_access_ccntr, .reset= value =3D 0, + .type =3D ARM_CP_ALIAS | ARM_CP_IO | ARM_CP_64BIT, + .fgt =3D FGT_PMCCNTR_EL0, .readfn =3D pmccntr_read, + .writefn =3D pmccntr_write, }, }; #ifdef CONFIG_USER_ONLY static const ARMCPRegUserSpaceInfo v8_user_idregs[] =3D { --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308104323951.3877048340328; Wed, 27 Aug 2025 08:21:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHlO-0000Sw-BN; Wed, 27 Aug 2025 11:08:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjB-0006f6-Ur; Wed, 27 Aug 2025 11:06:28 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHj9-0005L3-Um; Wed, 27 Aug 2025 11:06:21 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 75B5314C547; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 64AA126984F; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , Michael Tokarev , =?UTF-8?q?Alex=20Benn=C3=A9e?= Subject: [Stable-10.0.4 31/59] scripts/make-release: Go back to cloning all the EDK2 submodules Date: Wed, 27 Aug 2025 18:02:36 +0300 Message-ID: <20250827150323.2694101-31-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308105066124100 From: Peter Maydell In commit bd0da3a3d4f we changed make-release so that instead of cloning every git submodule of EDK2 we only cloned a fixed list. The original motivation for this was that one of the submodules: * was from a non-github repo * that repo had a "SSL certificate expired" failure * wasn't actually needed for the set of EDK2 binaries we build and at the time we were trying to build the EDK2 binaries in one of our CI jobs. Unfortunately this change meant that we were exposed to bugs where EDK2 adds a new submodule and the sources we ship in the release tarball won't build any more. In particular, in EDK2 commit c6bb7d54beb05 the MipiSysTLib submodule was added, causing failure of the ROM build in our tarball starting from QEMU release 8.2.0: /tmp/qemu-10.0.0/roms/edk2/MdePkg/MdePkg.dec(32): error 000E: File/director= y not found in workspace Library/MipiSysTLib/mipisyst/library/include is not found in packag= es path: /tmp/qemu-10.0.0/roms/. /tmp/qemu-10.0.0/roms/edk2 (Building from a QEMU git checkout works fine.) In the intervening time EDK2 moved the submodule that had a problem to be one they mirrored themselves (and at time of writing all their submodules are hosted on github), and we stopped trying to build EDK2 binaries in our own CI jobs with commit 690ceb71936f9037f6. Go back to cloning every EDK2 submodule, so we don't have an untested explicit list of submodules which will break without our noticing it. This increases the size of the QEMU tarball .tar.xz file from 133M to 139M in my testing. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3041 Signed-off-by: Peter Maydell Reviewed-by: Michael Tokarev Message-ID: <20250721153341.2910800-1-peter.maydell@linaro.org> Signed-off-by: Alex Benn=C3=A9e (cherry picked from commit 0311a6edb9db34a41a2662d94c37e1fbaabf6ecf) Signed-off-by: Michael Tokarev diff --git a/scripts/make-release b/scripts/make-release index 8c3594a1a4..7e37ffad42 100755 --- a/scripts/make-release +++ b/scripts/make-release @@ -61,17 +61,15 @@ meson subprojects download $SUBPROJECTS (cd roms/skiboot && ./make_version.sh > .version) # Fetch edk2 submodule's submodules, since it won't have access to them via # the tarball later. -# -# A more uniform way to handle this sort of situation would be nice, but we -# don't necessarily have much control over how a submodule handles its -# submodule dependencies, so we continue to handle these on a case-by-case -# basis for now. -(cd roms/edk2 && \ - git submodule update --init --depth 1 -- \ - ArmPkg/Library/ArmSoftFloatLib/berkeley-softfloat-3 \ - BaseTools/Source/C/BrotliCompress/brotli \ - CryptoPkg/Library/OpensslLib/openssl \ - MdeModulePkg/Library/BrotliCustomDecompressLib/brotli) + +# As recommended by the EDK2 readme, we don't use --recursive here. +# EDK2 won't use any code or feature from a submodule of a submodule, +# so we don't need to add them to the tarball. +# Although we don't necessarily need all of the submodules that EDK2 +# has, we clone them all, to avoid running into problems where EDK2 +# adds a new submodule or changes its use of an existing one and +# the sources we ship in the tarball then fail to build. +(cd roms/edk2 && git submodule update --init --depth 1) popd =20 exclude=3D(--exclude=3D.git) --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308014451484.031167497439; Wed, 27 Aug 2025 08:20:14 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnR-0005ul-Pc; Wed, 27 Aug 2025 11:10:46 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHir-0005xq-8P; Wed, 27 Aug 2025 11:06:03 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHip-0005L6-DP; Wed, 27 Aug 2025 11:06:00 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 8371614C548; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 730F9269850; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Michael Tokarev , Stefan Hajnoczi Subject: [Stable-10.0.4 32/59] qga: correctly write to /sys/power/state on linux Date: Wed, 27 Aug 2025 18:02:37 +0300 Message-ID: <20250827150323.2694101-32-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308015693124100 Content-Type: text/plain; charset="utf-8" Commit v9.0.0-343-g2048129625 introduced usage of g_file_set_contents() function to write to /sys/power/state. This function uses G_FILE_SET_CONTENTS_CONSISTENT flag to g_file_set_contents_full(), which is implemented by creating a temp file in the same directory and renaming it to the final destination. Which is not how sysfs works. Here, there's not a big deal to do open/write/close - it becomes almost the same as using g_file_set_contents[_full](). But it does not have surprises like this. Also, since this is linux code, it should be ok to use %m in the error reporting function. Fixes: 2048129625 "qga/commands-posix: don't do fork()/exec() when suspendi= ng via sysfs" Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3057 Signed-off-by: Michael Tokarev Reviewed-by: Stefan Hajnoczi Message-ID: <20250801115316.6845-1-mjt@tls.msk.ru> Signed-off-by: Stefan Hajnoczi (cherry picked from commit b217d987a3c5c6e2473956723b396bc1ff0f5b2b) Signed-off-by: Michael Tokarev diff --git a/qga/commands-linux.c b/qga/commands-linux.c index 9e8a934b9a..9dc0c82503 100644 --- a/qga/commands-linux.c +++ b/qga/commands-linux.c @@ -1400,20 +1400,22 @@ static bool linux_sys_state_supports_mode(SuspendMo= de mode, Error **errp) =20 static void linux_sys_state_suspend(SuspendMode mode, Error **errp) { - g_autoptr(GError) local_gerr =3D NULL; const char *sysfile_strs[3] =3D {"disk", "mem", NULL}; const char *sysfile_str =3D sysfile_strs[mode]; + int fd; =20 if (!sysfile_str) { error_setg(errp, "unknown guest suspend mode"); return; } =20 - if (!g_file_set_contents(LINUX_SYS_STATE_FILE, sysfile_str, - -1, &local_gerr)) { - error_setg(errp, "suspend: cannot write to '%s': %s", - LINUX_SYS_STATE_FILE, local_gerr->message); - return; + fd =3D open(LINUX_SYS_STATE_FILE, O_WRONLY); + if (fd < 0 || write(fd, sysfile_str, strlen(sysfile_str)) < 0) { + error_setg(errp, "suspend: cannot write to '%s': %m", + LINUX_SYS_STATE_FILE); + } + if (fd >=3D 0) { + close(fd); } } =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308224760771.5564557235516; Wed, 27 Aug 2025 08:23:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHmO-0003pV-RN; Wed, 27 Aug 2025 11:09:42 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjH-0006jA-Lp; Wed, 27 Aug 2025 11:06:29 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjD-0005M3-V4; Wed, 27 Aug 2025 11:06:26 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 98C1414C549; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 800EB269851; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Michael Tokarev Subject: [Stable-10.0.4 33/59] Revert "i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16]" Date: Wed, 27 Aug 2025 18:02:38 +0300 Message-ID: <20250827150323.2694101-33-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308225687116600 Content-Type: text/plain; charset="utf-8" This reverts commit d0975531586742ec2eff8796b7ba93bc4858e63d, which is a modified commit a62fef58299562aae6667b8d8552247423e886b3 from the master branch. Since more changes from the master branch are needed in the areas which are being touched by this one, and this change has been modified to apply without the previous commit(s), let's revert it for now, apply previous patches, and re-apply it without modifications on top. Additionally, when I cherry-picked a62fef58299562aa, it somehow lost its original authorship (Qian Wen). So this revert fixes both issues. Signed-off-by: Michael Tokarev diff --git a/target/i386/cpu.c b/target/i386/cpu.c index b768d8ea33..46619288ed 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6835,8 +6835,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, = uint32_t count, } *edx =3D env->features[FEAT_1_EDX]; if (threads_per_pkg > 1) { - /* Fixup overflow: max value for bits 23-16 is 255. */ - *ebx |=3D MIN(threads_per_pkg, 255) << 16; + *ebx |=3D threads_per_pkg << 16; } if (!cpu->enable_pmu) { *ecx &=3D ~CPUID_EXT_PDCM; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307644190665.0557984894116; Wed, 27 Aug 2025 08:14:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHmc-00047d-MY; Wed, 27 Aug 2025 11:09:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjG-0006gR-1y; Wed, 27 Aug 2025 11:06:29 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjE-0005Qa-40; Wed, 27 Aug 2025 11:06:25 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id A978914C54A; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 9628E269852; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Xiaoyao Li , Zhao Liu , Paolo Bonzini , Michael Tokarev Subject: [Stable-10.0.4 34/59] i386/cpu: Move adjustment of CPUID_EXT_PDCM before feature_dependencies[] check Date: Wed, 27 Aug 2025 18:02:39 +0300 Message-ID: <20250827150323.2694101-34-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307668203124100 Content-Type: text/plain; charset="utf-8" From: Xiaoyao Li There is one entry relates to CPUID_EXT_PDCM in feature_dependencies[]. So it needs to get correct value of CPUID_EXT_PDCM before using feature_dependencies[] to apply dependencies. Besides, it also ensures CPUID_EXT_PDCM value is tracked in env->features[FEAT_1_ECX]. Signed-off-by: Xiaoyao Li Reviewed-by: Zhao Liu Link: https://lore.kernel.org/r/20250304052450.465445-2-xiaoyao.li@intel.com Signed-off-by: Paolo Bonzini (cherry picked from commit e68ec2980901c8e7f948f3305770962806c53f0b) (Mjt: this simple cleanup is not strictly necessary for 10.0, but pick it up so subsequent changes in this area applies cleanly) Signed-off-by: Michael Tokarev diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 46619288ed..d3e3ca13ca 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6837,9 +6837,6 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, = uint32_t count, if (threads_per_pkg > 1) { *ebx |=3D threads_per_pkg << 16; } - if (!cpu->enable_pmu) { - *ecx &=3D ~CPUID_EXT_PDCM; - } break; case 2: /* cache info: needed for Pentium Pro compatibility */ @@ -7829,6 +7826,10 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **er= rp) } } =20 + if (!cpu->enable_pmu) { + env->features[FEAT_1_ECX] &=3D ~CPUID_EXT_PDCM; + } + for (i =3D 0; i < ARRAY_SIZE(feature_dependencies); i++) { FeatureDep *d =3D &feature_dependencies[i]; if (!(env->features[d->from.index] & d->from.mask)) { --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307449426995.392708932392; Wed, 27 Aug 2025 08:10:49 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHmi-0004jO-2S; Wed, 27 Aug 2025 11:10:04 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjJ-0006k8-QY; Wed, 27 Aug 2025 11:06:31 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjH-0005RL-Pm; Wed, 27 Aug 2025 11:06:29 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id BDA2314C54B; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id A6A09269853; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Chuang Xu , Zhao Liu , Guixiong Wei , Yipeng Yin , Paolo Bonzini , Michael Tokarev Subject: [Stable-10.0.4 35/59] i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX[23:16] Date: Wed, 27 Aug 2025 18:02:40 +0300 Message-ID: <20250827150323.2694101-35-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307450762116600 Content-Type: text/plain; charset="utf-8" From: Chuang Xu When QEMU is started with: -cpu host,migratable=3Don,host-cache-info=3Don,l3-cache=3Doff -smp 180,sockets=3D2,dies=3D1,cores=3D45,threads=3D2 On Intel platform: CPUID.01H.EBX[23:16] is defined as "max number of addressable IDs for logical processors in the physical package". When executing "cpuid -1 -l 1 -r" in the guest, we obtain a value of 90 for CPUID.01H.EBX[23:16], whereas the expected value is 128. Additionally, executing "cpuid -1 -l 4 -r" in the guest yields a value of 63 for CPUID.04H.EAX[31:26], which matches the expected result. As (1+CPUID.04H.EAX[31:26]) rounds up to the nearest power-of-2 integer, it's necessary to round up CPUID.01H.EBX[23:16] to the nearest power-of-2 integer too. Otherwise there would be unexpected results in guest with older kernel. For example, when QEMU is started with CLI above and xtopology is disabled, guest kernel 5.15.120 uses CPUID.01H.EBX[23:16]/(1+CPUID.04H.EAX[31:26]) to calculate threads-per-core in detect_ht(). Then guest will get "90/(1+63)= =3D1" as the result, even though threads-per-core should actually be 2. And on AMD platform: CPUID.01H.EBX[23:16] is defined as "Logical processor count". Current result meets our expectation. So round up CPUID.01H.EBX[23:16] to the nearest power-of-2 integer only for Intel platform to solve the unexpected result. Use the "x-vendor-cpuid-only-v2" compat option to fix this issue. Reviewed-by: Zhao Liu Signed-off-by: Guixiong Wei Signed-off-by: Yipeng Yin Signed-off-by: Chuang Xu Signed-off-by: Zhao Liu Link: https://lore.kernel.org/r/20250714080859.1960104-5-zhao1.liu@intel.com Signed-off-by: Paolo Bonzini (cherry picked from commit f985a1195ba2d9c6f6f33e83fe2e419a7e8acb60) (Mjt: this change refers to cpu->vendor_cpuid_only_v2 which is introduced after 10.0, but this reference is removed later. Replace it with false for now, so effectively this commit is a no-op, but prepares the code for the next change in this area and keeps historical references) Signed-off-by: Michael Tokarev diff --git a/target/i386/cpu.c b/target/i386/cpu.c index d3e3ca13ca..ed262edcc8 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6835,7 +6835,17 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, } *edx =3D env->features[FEAT_1_EDX]; if (threads_per_pkg > 1) { - *ebx |=3D threads_per_pkg << 16; + /* + * For CPUID.01H.EBX[Bits 23-16], AMD requires logical process= or + * count, but Intel needs maximum number of addressable IDs for + * logical processors per package. + */ + if (/*10.0: cpu->vendor_cpuid_only_v2*/ false && + (IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env))) { + *ebx |=3D 1 << apicid_pkg_offset(topo_info) << 16; + } else { + *ebx |=3D threads_per_pkg << 16; + } } break; case 2: --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308116224287.0168571724039; Wed, 27 Aug 2025 08:21:56 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnW-0006IW-3R; Wed, 27 Aug 2025 11:10:50 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjM-0006oU-QK; Wed, 27 Aug 2025 11:06:35 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjK-0005Ro-Tq; Wed, 27 Aug 2025 11:06:32 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id CFF7914C54C; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id BA9E3269854; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Qian Wen , Xiaoyao Li , Zhao Liu , Paolo Bonzini , Michael Tokarev Subject: [Stable-10.0.4 36/59] i386/cpu: Fix cpu number overflow in CPUID.01H.EBX[23:16] Date: Wed, 27 Aug 2025 18:02:41 +0300 Message-ID: <20250827150323.2694101-36-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308117032124101 Content-Type: text/plain; charset="utf-8" From: Qian Wen The legacy topology enumerated by CPUID.1.EBX[23:16] is defined in SDM Vol2: Bits 23-16: Maximum number of addressable IDs for logical processors in this physical package. When threads_per_socket > 255, it will 1) overwrite bits[31:24] which is apic_id, 2) bits [23:16] get truncated. Specifically, if launching the VM with -smp 256, the value written to EBX[23:16] is 0 because of data overflow. If the guest only supports legacy topology, without V2 Extended Topology enumerated by CPUID.0x1f or Extended Topology enumerated by CPUID.0x0b to support over 255 CPUs, the return of the kernel invoking cpu_smt_allowed() is false and APs (application processors) will fail to bring up. Then only CPU 0 is online, and others are offline. For example, launch VM via: qemu-system-x86_64 -M q35,accel=3Dkvm,kernel-irqchip=3Dsplit \ -cpu qemu64,cpuid-0xb=3Doff -smp 256 -m 32G \ -drive file=3Dguest.img,if=3Dnone,id=3Dvirtio-disk0,format=3Draw \ -device virtio-blk-pci,drive=3Dvirtio-disk0,bootindex=3D1 --nographic The guest shows: CPU(s): 256 On-line CPU(s) list: 0 Off-line CPU(s) list: 1-255 To avoid this issue caused by overflow, limit the max value written to EBX[23:16] to 255 as the HW does. Cc: qemu-stable@nongnu.org Reviewed-by: Xiaoyao Li Signed-off-by: Qian Wen Signed-off-by: Zhao Liu Link: https://lore.kernel.org/r/20250714080859.1960104-6-zhao1.liu@intel.com Signed-off-by: Paolo Bonzini (cherry picked from commit a62fef58299562aae6667b8d8552247423e886b3) Signed-off-by: Michael Tokarev diff --git a/target/i386/cpu.c b/target/i386/cpu.c index ed262edcc8..56af1857b9 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6835,6 +6835,8 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, = uint32_t count, } *edx =3D env->features[FEAT_1_EDX]; if (threads_per_pkg > 1) { + uint32_t num; + /* * For CPUID.01H.EBX[Bits 23-16], AMD requires logical process= or * count, but Intel needs maximum number of addressable IDs for @@ -6842,10 +6844,13 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index= , uint32_t count, */ if (/*10.0: cpu->vendor_cpuid_only_v2*/ false && (IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env))) { - *ebx |=3D 1 << apicid_pkg_offset(topo_info) << 16; + num =3D 1 << apicid_pkg_offset(topo_info); } else { - *ebx |=3D threads_per_pkg << 16; + num =3D threads_per_pkg; } + + /* Fixup overflow: max value for bits 23-16 is 255. */ + *ebx |=3D MIN(num, 255) << 16; } break; case 2: --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308425319744.0358989622134; Wed, 27 Aug 2025 08:27:05 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnM-0005TN-Vv; Wed, 27 Aug 2025 11:10:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjO-0006pk-FV; Wed, 27 Aug 2025 11:06:36 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjM-0005S5-2V; Wed, 27 Aug 2025 11:06:33 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id E18BC14C54D; Wed, 27 Aug 2025 18:02:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id CD6A4269855; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Zhao Liu , Michael Tokarev , Chuang Xu , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Subject: [Stable-10.0.4 37/59] target/i386/cpu: Move addressable ID encoding out of compat property in CPUID[0x1] Date: Wed, 27 Aug 2025 18:02:42 +0300 Message-ID: <20250827150323.2694101-37-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308426155116600 From: Zhao Liu Currently, the addressable ID encoding for CPUID[0x1].EBX[bits 16-23] (Maximum number of addressable IDs for logical processors in this physical package) is covered by vendor_cpuid_only_v2 compat property. The previous consideration was to avoid breaking migration and this compat property makes it unfriendly to backport the commit f985a1195ba2 ("i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX [23:16]"). However, NetBSD booting is broken since the commit 88dd4ca06c83 ("i386/cpu: Use APIC ID info to encode cache topo in CPUID[4]"), because NetBSD calculates smt information via `lp_max` / `core_max` for legacy Intel CPUs which doesn't support 0xb leaf, where `lp_max` is from CPUID[0x1].EBX.bits[16-23] and `core_max` is from CPUID[0x4].0x0.bits[26 -31]. The commit 88dd4ca0 changed the encoding rule of `core_max` but didn't update `lp_max`, so that NetBSD would get the wrong smt information, which leads to the module loading failure. Luckily, the commit f985a1195ba2 ("i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX[23:16]") updated the encoding rule for `lp_max` and accidentally fixed the NetBSD issue too. This also shows that using CPUID[0x1] and CPUID[0x4].0x0 to calculate HT/SMT information is a common practice to detect CPU topology on legacy Intel CPUs. Therefore, it's necessary to backport the commit f985a1195ba2 to previous stable QEMU to help address the similar issues as well. Then the compat property is not needed any more since all stable QEMUs will follow the same encoding way. So, in CPUID[0x1], move addressable ID encoding out of compat property. Reported-by: Michael Tokarev Inspired-by: Chuang Xu Fixes: commit f985a1195ba2 ("i386/cpu: Fix number of addressable IDs field = for CPUID.01H.EBX[23:16]") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3061 Signed-off-by: Zhao Liu Reviewed-by: Michael Tokarev Tested-by: Michael Tokarev Message-ID: <20250804053548.1808629-1-zhao1.liu@intel.com> Signed-off-by: Philippe Mathieu-Daud=C3=A9 (cherry picked from commit 4e5d58969ed6927a7f1b08ba6223c34c8b990c92) (Mjt: when picking up commit f985a1195ba2d9c6f6f33e83fe2e419a7e8acb60 "i386/cpu: Fix number of addressable IDs field for CPUID.01H.EBX[23:16]" to 10.0, I commented out the condition (vendor_cpuid_only_v2 comparison) which is now being removed) Signed-off-by: Michael Tokarev diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 56af1857b9..58c62ff5b5 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -6842,8 +6842,7 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index, = uint32_t count, * count, but Intel needs maximum number of addressable IDs for * logical processors per package. */ - if (/*10.0: cpu->vendor_cpuid_only_v2*/ false && - (IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env))) { + if ((IS_INTEL_CPU(env) || IS_ZHAOXIN_CPU(env))) { num =3D 1 << apicid_pkg_offset(topo_info); } else { num =3D threads_per_pkg; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175630784706426.783729864363522; Wed, 27 Aug 2025 08:17:27 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHoH-000788-PL; Wed, 27 Aug 2025 11:11:38 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjk-000766-Di; Wed, 27 Aug 2025 11:06:57 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHji-0005Sl-H7; Wed, 27 Aug 2025 11:06:56 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 0164D14C54E; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id DE818269856; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Nicholas Piggin , Glenn Miles , Michael Kowal , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 38/59] ppc/xive: Fix xive trace event output Date: Wed, 27 Aug 2025 18:02:43 +0300 Message-ID: <20250827150323.2694101-38-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307849518124100 From: Nicholas Piggin Typo, IBP should be IPB. Signed-off-by: Nicholas Piggin Reviewed-by: Glenn Miles Reviewed-by: Michael Kowal Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-2-npiggin@gm= ail.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit 301fbbaf03fb114a1e45833987ddfd7bbb403963) Signed-off-by: Michael Tokarev diff --git a/hw/intc/trace-events b/hw/intc/trace-events index 0ba9a02e73..f77f9733c9 100644 --- a/hw/intc/trace-events +++ b/hw/intc/trace-events @@ -274,9 +274,9 @@ kvm_xive_cpu_connect(uint32_t id) "connect CPU%d to KVM= device" kvm_xive_source_reset(uint32_t srcno) "IRQ 0x%x" =20 # xive.c -xive_tctx_accept(uint32_t index, uint8_t ring, uint8_t ipb, uint8_t pipr, = uint8_t cppr, uint8_t nsr) "target=3D%d ring=3D0x%x IBP=3D0x%02x PIPR=3D0x%= 02x CPPR=3D0x%02x NSR=3D0x%02x ACK" -xive_tctx_notify(uint32_t index, uint8_t ring, uint8_t ipb, uint8_t pipr, = uint8_t cppr, uint8_t nsr) "target=3D%d ring=3D0x%x IBP=3D0x%02x PIPR=3D0x%= 02x CPPR=3D0x%02x NSR=3D0x%02x raise !" -xive_tctx_set_cppr(uint32_t index, uint8_t ring, uint8_t ipb, uint8_t pipr= , uint8_t cppr, uint8_t nsr) "target=3D%d ring=3D0x%x IBP=3D0x%02x PIPR=3D0= x%02x new CPPR=3D0x%02x NSR=3D0x%02x" +xive_tctx_accept(uint32_t index, uint8_t ring, uint8_t ipb, uint8_t pipr, = uint8_t cppr, uint8_t nsr) "target=3D%d ring=3D0x%x IPB=3D0x%02x PIPR=3D0x%= 02x CPPR=3D0x%02x NSR=3D0x%02x ACK" +xive_tctx_notify(uint32_t index, uint8_t ring, uint8_t ipb, uint8_t pipr, = uint8_t cppr, uint8_t nsr) "target=3D%d ring=3D0x%x IPB=3D0x%02x PIPR=3D0x%= 02x CPPR=3D0x%02x NSR=3D0x%02x raise !" +xive_tctx_set_cppr(uint32_t index, uint8_t ring, uint8_t ipb, uint8_t pipr= , uint8_t cppr, uint8_t nsr) "target=3D%d ring=3D0x%x IPB=3D0x%02x PIPR=3D0= x%02x new CPPR=3D0x%02x NSR=3D0x%02x" xive_source_esb_read(uint64_t addr, uint32_t srcno, uint64_t value) "@0x%"= PRIx64" IRQ 0x%x val=3D0x%"PRIx64 xive_source_esb_write(uint64_t addr, uint32_t srcno, uint64_t value) "@0x%= "PRIx64" IRQ 0x%x val=3D0x%"PRIx64 xive_router_end_notify(uint8_t end_blk, uint32_t end_idx, uint32_t end_dat= a) "END 0x%02x/0x%04x -> enqueue 0x%08x" --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307968229788.1465956542872; Wed, 27 Aug 2025 08:19:28 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHlx-0002cK-Ml; Wed, 27 Aug 2025 11:09:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjq-0007Fm-6C; Wed, 27 Aug 2025 11:07:06 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjk-0005T2-Jd; Wed, 27 Aug 2025 11:07:01 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 12FDE14C54F; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id F1C93269857; Wed, 27 Aug 2025 18:03:25 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Nicholas Piggin , Glenn Miles , Michael Kowal , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 39/59] ppc/xive: Report access size in XIVE TM operation error logs Date: Wed, 27 Aug 2025 18:02:44 +0300 Message-ID: <20250827150323.2694101-39-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307969055124100 From: Nicholas Piggin Report access size in XIVE TM operation error logs. Signed-off-by: Nicholas Piggin Reviewed-by: Glenn Miles Reviewed-by: Michael Kowal Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-3-npiggin@gm= ail.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit f0aab779418ed883ea2b5ffcc3985ef26f6e3545) Signed-off-by: Michael Tokarev diff --git a/hw/intc/xive.c b/hw/intc/xive.c index 3eb28c2265..80b07a0afe 100644 --- a/hw/intc/xive.c +++ b/hw/intc/xive.c @@ -326,7 +326,7 @@ static void xive_tm_raw_write(XiveTCTX *tctx, hwaddr of= fset, uint64_t value, */ if (size < 4 || !mask || ring_offset =3D=3D TM_QW0_USER) { qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at TIMA= @%" - HWADDR_PRIx"\n", offset); + HWADDR_PRIx" size %d\n", offset, size); return; } =20 @@ -357,7 +357,7 @@ static uint64_t xive_tm_raw_read(XiveTCTX *tctx, hwaddr= offset, unsigned size) */ if (size < 4 || !mask || ring_offset =3D=3D TM_QW0_USER) { qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access at TIMA = @%" - HWADDR_PRIx"\n", offset); + HWADDR_PRIx" size %d\n", offset, size); return -1; } =20 @@ -688,7 +688,7 @@ void xive_tctx_tm_write(XivePresenter *xptr, XiveTCTX *= tctx, hwaddr offset, xto =3D xive_tm_find_op(tctx->xptr, offset, size, true); if (!xto) { qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid write access at = TIMA " - "@%"HWADDR_PRIx"\n", offset); + "@%"HWADDR_PRIx" size %d\n", offset, size); } else { xto->write_handler(xptr, tctx, offset, value, size); } @@ -727,7 +727,7 @@ uint64_t xive_tctx_tm_read(XivePresenter *xptr, XiveTCT= X *tctx, hwaddr offset, xto =3D xive_tm_find_op(tctx->xptr, offset, size, false); if (!xto) { qemu_log_mask(LOG_GUEST_ERROR, "XIVE: invalid read access to T= IMA" - "@%"HWADDR_PRIx"\n", offset); + "@%"HWADDR_PRIx" size %d\n", offset, size); return -1; } ret =3D xto->read_handler(xptr, tctx, offset, size); --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308200179463.2263323159923; Wed, 27 Aug 2025 08:23:20 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHlu-000283-Ij; Wed, 27 Aug 2025 11:09:11 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjp-0007Ev-Eg; Wed, 27 Aug 2025 11:07:02 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjm-0005Wf-D0; Wed, 27 Aug 2025 11:07:01 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 2717C14C550; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 10087269858; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Glenn Miles , Nicholas Piggin , Michael Kowal , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 40/59] ppc/xive2: Fix calculation of END queue sizes Date: Wed, 27 Aug 2025 18:02:45 +0300 Message-ID: <20250827150323.2694101-40-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308201376116600 From: Glenn Miles The queue size of an Event Notification Descriptor (END) is determined by the 'cl' and QsZ fields of the END. If the cl field is 1, then the queue size (in bytes) will be the size of a cache line 128B * 2^QsZ and QsZ is limited to 4. Otherwise, it will be 4096B * 2^QsZ with QsZ limited to 12. Fixes: f8a233dedf2 ("ppc/xive2: Introduce a XIVE2 core framework") Signed-off-by: Glenn Miles Reviewed-by: Nicholas Piggin Reviewed-by: Michael Kowal Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-4-npiggin@gm= ail.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit f16697292add6c3c15014a20fd5fce70b8c56734) Signed-off-by: Michael Tokarev diff --git a/hw/intc/xive2.c b/hw/intc/xive2.c index 7d584dfafa..790152a2a6 100644 --- a/hw/intc/xive2.c +++ b/hw/intc/xive2.c @@ -188,12 +188,27 @@ void xive2_eas_pic_print_info(Xive2Eas *eas, uint32_t= lisn, GString *buf) (uint32_t) xive_get_field64(EAS2_END_DATA, eas-= >w)); } =20 +#define XIVE2_QSIZE_CHUNK_CL 128 +#define XIVE2_QSIZE_CHUNK_4k 4096 +/* Calculate max number of queue entries for an END */ +static uint32_t xive2_end_get_qentries(Xive2End *end) +{ + uint32_t w3 =3D end->w3; + uint32_t qsize =3D xive_get_field32(END2_W3_QSIZE, w3); + if (xive_get_field32(END2_W3_CL, w3)) { + g_assert(qsize <=3D 4); + return (XIVE2_QSIZE_CHUNK_CL << qsize) / sizeof(uint32_t); + } else { + g_assert(qsize <=3D 12); + return (XIVE2_QSIZE_CHUNK_4k << qsize) / sizeof(uint32_t); + } +} + void xive2_end_queue_pic_print_info(Xive2End *end, uint32_t width, GString= *buf) { uint64_t qaddr_base =3D xive2_end_qaddr(end); - uint32_t qsize =3D xive_get_field32(END2_W3_QSIZE, end->w3); uint32_t qindex =3D xive_get_field32(END2_W1_PAGE_OFF, end->w1); - uint32_t qentries =3D 1 << (qsize + 10); + uint32_t qentries =3D xive2_end_get_qentries(end); int i; =20 /* @@ -223,8 +238,7 @@ void xive2_end_pic_print_info(Xive2End *end, uint32_t e= nd_idx, GString *buf) uint64_t qaddr_base =3D xive2_end_qaddr(end); uint32_t qindex =3D xive_get_field32(END2_W1_PAGE_OFF, end->w1); uint32_t qgen =3D xive_get_field32(END2_W1_GENERATION, end->w1); - uint32_t qsize =3D xive_get_field32(END2_W3_QSIZE, end->w3); - uint32_t qentries =3D 1 << (qsize + 10); + uint32_t qentries =3D xive2_end_get_qentries(end); =20 uint32_t nvx_blk =3D xive_get_field32(END2_W6_VP_BLOCK, end->w6); uint32_t nvx_idx =3D xive_get_field32(END2_W6_VP_OFFSET, end->w6); @@ -341,13 +355,12 @@ void xive2_nvgc_pic_print_info(Xive2Nvgc *nvgc, uint3= 2_t nvgc_idx, GString *buf) static void xive2_end_enqueue(Xive2End *end, uint32_t data) { uint64_t qaddr_base =3D xive2_end_qaddr(end); - uint32_t qsize =3D xive_get_field32(END2_W3_QSIZE, end->w3); uint32_t qindex =3D xive_get_field32(END2_W1_PAGE_OFF, end->w1); uint32_t qgen =3D xive_get_field32(END2_W1_GENERATION, end->w1); =20 uint64_t qaddr =3D qaddr_base + (qindex << 2); uint32_t qdata =3D cpu_to_be32((qgen << 31) | (data & 0x7fffffff)); - uint32_t qentries =3D 1 << (qsize + 10); + uint32_t qentries =3D xive2_end_get_qentries(end); =20 if (dma_memory_write(&address_space_memory, qaddr, &qdata, sizeof(qdat= a), MEMTXATTRS_UNSPECIFIED)) { diff --git a/include/hw/ppc/xive2_regs.h b/include/hw/ppc/xive2_regs.h index b11395c563..3c28de8a30 100644 --- a/include/hw/ppc/xive2_regs.h +++ b/include/hw/ppc/xive2_regs.h @@ -87,6 +87,7 @@ typedef struct Xive2End { #define END2_W2_EQ_ADDR_HI PPC_BITMASK32(8, 31) uint32_t w3; #define END2_W3_EQ_ADDR_LO PPC_BITMASK32(0, 24) +#define END2_W3_CL PPC_BIT32(27) #define END2_W3_QSIZE PPC_BITMASK32(28, 31) uint32_t w4; #define END2_W4_END_BLOCK PPC_BITMASK32(4, 7) --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307968570781.9059262248111; Wed, 27 Aug 2025 08:19:28 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHlx-0002bp-MO; Wed, 27 Aug 2025 11:09:13 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjt-0007GP-4g; Wed, 27 Aug 2025 11:07:10 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjr-0005XT-6u; Wed, 27 Aug 2025 11:07:04 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 3A3AE14C551; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 23B5E269859; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Michael Kowal , Nicholas Piggin , Glenn Miles , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 41/59] ppc/xive2: Remote VSDs need to match on forwarding address Date: Wed, 27 Aug 2025 18:02:46 +0300 Message-ID: <20250827150323.2694101-41-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307970828116600 From: Michael Kowal In a multi chip environment there will be remote/forwarded VSDs. The check to find a matching INT controller (XIVE) of the remote block number was checking the INTs chip number. Block numbers are not tied to a chip number. The matching remote INT is the one that matches the forwarded VSD address with VSD types associated MMIO BAR. Signed-off-by: Michael Kowal Reviewed-by: Nicholas Piggin Reviewed-by: Glenn Miles Reviewed-by: Michael Kowal Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-5-npiggin@gm= ail.com [ clg: Fixed log format in pnv_xive2_get_remote() ] Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit e8cf73b849879cd93b1d1b5fd3bde79fb42064dc) Signed-off-by: Michael Tokarev diff --git a/hw/intc/pnv_xive2.c b/hw/intc/pnv_xive2.c index 0b81dad6ba..92e62b3e5f 100644 --- a/hw/intc/pnv_xive2.c +++ b/hw/intc/pnv_xive2.c @@ -101,12 +101,10 @@ static uint32_t pnv_xive2_block_id(PnvXive2 *xive) } =20 /* - * Remote access to controllers. HW uses MMIOs. For now, a simple scan - * of the chips is good enough. - * - * TODO: Block scope support + * Remote access to INT controllers. HW uses MMIOs(?). For now, a simple + * scan of all the chips INT controller is good enough. */ -static PnvXive2 *pnv_xive2_get_remote(uint8_t blk) +static PnvXive2 *pnv_xive2_get_remote(uint32_t vsd_type, hwaddr fwd_addr) { PnvMachineState *pnv =3D PNV_MACHINE(qdev_get_machine()); int i; @@ -115,10 +113,23 @@ static PnvXive2 *pnv_xive2_get_remote(uint8_t blk) Pnv10Chip *chip10 =3D PNV10_CHIP(pnv->chips[i]); PnvXive2 *xive =3D &chip10->xive; =20 - if (pnv_xive2_block_id(xive) =3D=3D blk) { + /* + * Is this the XIVE matching the forwarded VSD address is for this + * VSD type + */ + if ((vsd_type =3D=3D VST_ESB && fwd_addr =3D=3D xive->esb_base) = || + (vsd_type =3D=3D VST_END && fwd_addr =3D=3D xive->end_base) = || + ((vsd_type =3D=3D VST_NVP || + vsd_type =3D=3D VST_NVG) && fwd_addr =3D=3D xive->nvpg_base)= || + (vsd_type =3D=3D VST_NVC && fwd_addr =3D=3D xive->nvc_base))= { return xive; } } + + qemu_log_mask(LOG_GUEST_ERROR, + "XIVE: >>>>> %s vsd_type %u fwd_addr 0x%"HWADDR_PRIx + " NOT FOUND\n", + __func__, vsd_type, fwd_addr); return NULL; } =20 @@ -251,8 +262,7 @@ static uint64_t pnv_xive2_vst_addr(PnvXive2 *xive, uint= 32_t type, uint8_t blk, =20 /* Remote VST access */ if (GETFIELD(VSD_MODE, vsd) =3D=3D VSD_MODE_FORWARD) { - xive =3D pnv_xive2_get_remote(blk); - + xive =3D pnv_xive2_get_remote(type, (vsd & VSD_ADDRESS_MASK)); return xive ? pnv_xive2_vst_addr(xive, type, blk, idx) : 0; } =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 175630811641680.8624206224548; Wed, 27 Aug 2025 08:21:56 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHm1-0002zL-Hm; Wed, 27 Aug 2025 11:09:17 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjt-0007GY-I9; Wed, 27 Aug 2025 11:07:11 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHjr-0005Xc-RG; Wed, 27 Aug 2025 11:07:05 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 4E96314C552; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 37CCF26985A; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Nicholas Piggin , Glenn Miles , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 42/59] ppc/xive2: fix context push calculation of IPB priority Date: Wed, 27 Aug 2025 18:02:47 +0300 Message-ID: <20250827150323.2694101-42-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308118385116600 From: Nicholas Piggin Pushing a context and loading IPB from NVP is defined to merge ('or') that IPB into the TIMA IPB register. PIPR should therefore be calculated based on the final IPB value, not just the NVP value. Fixes: 9d2b6058c5b ("ppc/xive2: Add grouping level to notification") Signed-off-by: Nicholas Piggin Reviewed-by: Glenn Miles Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-6-npiggin@gm= ail.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit d1023a296c8297454fc4b207d58707c0a5e62e0a) Signed-off-by: Michael Tokarev diff --git a/hw/intc/xive2.c b/hw/intc/xive2.c index 790152a2a6..4dd04a0398 100644 --- a/hw/intc/xive2.c +++ b/hw/intc/xive2.c @@ -835,8 +835,9 @@ static void xive2_tctx_need_resend(Xive2Router *xrtr, X= iveTCTX *tctx, nvp.w2 =3D xive_set_field32(NVP2_W2_IPB, nvp.w2, 0); xive2_router_write_nvp(xrtr, nvp_blk, nvp_idx, &nvp, 2); } + /* IPB bits in the backlog are merged with the TIMA IPB bits */ regs[TM_IPB] |=3D ipb; - backlog_prio =3D xive_ipb_to_pipr(ipb); + backlog_prio =3D xive_ipb_to_pipr(regs[TM_IPB]); backlog_level =3D 0; =20 first_group =3D xive_get_field32(NVP2_W0_PGOFIRST, nvp.w0); --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308357034757.9584375746775; Wed, 27 Aug 2025 08:25:57 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHmZ-00042R-Uf; Wed, 27 Aug 2025 11:09:52 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkH-0007pj-6S; Wed, 27 Aug 2025 11:07:29 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkF-0005Y9-1B; Wed, 27 Aug 2025 11:07:28 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 63AEF14C553; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 4B8EC26985B; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Nicholas Piggin , Glenn Miles , Michael Kowal , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 43/59] ppc/xive: Fix PHYS NSR ring matching Date: Wed, 27 Aug 2025 18:02:48 +0300 Message-ID: <20250827150323.2694101-43-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308360424124100 From: Nicholas Piggin Test that the NSR exception bit field is equal to the pool ring value, rather than any common bits set, which is more correct (although there is no practical bug because the LSI NSR type is not implemented and POOL/PHYS NSR are encoded with exclusive bits). Fixes: 4c3ccac636 ("pnv/xive: Add special handling for pool targets") Signed-off-by: Nicholas Piggin Reviewed-by: Glenn Miles Reviewed-by: Michael Kowal Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-7-npiggin@gm= ail.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit bde8c148bb22b99cb84cda800fa555851b8cb358) Signed-off-by: Michael Tokarev diff --git a/hw/intc/xive.c b/hw/intc/xive.c index 80b07a0afe..cebe409a1a 100644 --- a/hw/intc/xive.c +++ b/hw/intc/xive.c @@ -54,7 +54,8 @@ static uint64_t xive_tctx_accept(XiveTCTX *tctx, uint8_t = ring) uint8_t *alt_regs; =20 /* POOL interrupt uses IPB in QW2, POOL ring */ - if ((ring =3D=3D TM_QW3_HV_PHYS) && (nsr & (TM_QW3_NSR_HE_POOL << = 6))) { + if ((ring =3D=3D TM_QW3_HV_PHYS) && + ((nsr & TM_QW3_NSR_HE) =3D=3D (TM_QW3_NSR_HE_POOL << 6))) { alt_ring =3D TM_QW2_HV_POOL; } else { alt_ring =3D ring; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307524771316.5165723168933; Wed, 27 Aug 2025 08:12:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHmP-0003pX-GT; Wed, 27 Aug 2025 11:09:43 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkH-0007qN-9x; Wed, 27 Aug 2025 11:07:29 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkF-0005YI-59; Wed, 27 Aug 2025 11:07:29 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 795E014C554; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 611A126985C; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Michael Kowal , Nicholas Piggin , Glenn Miles , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 44/59] ppc/xive2: Reset Generation Flipped bit on END Cache Watch Date: Wed, 27 Aug 2025 18:02:49 +0300 Message-ID: <20250827150323.2694101-44-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307527372124100 From: Michael Kowal When the END Event Queue wraps the END EQ Generation bit is flipped and the Generation Flipped bit is set to one. On a END cache Watch read operation, the Generation Flipped bit needs to be reset. While debugging an error modified END not valid error messages to include the method since all were the same. Signed-off-by: Michael Kowal Reviewed-by: Nicholas Piggin Reviewed-by: Glenn Miles Reviewed-by: Michael Kowal Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-8-npiggin@gm= ail.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit 576830428eea6ebfc85792851a343214b834e401) Signed-off-by: Michael Tokarev diff --git a/hw/intc/pnv_xive2.c b/hw/intc/pnv_xive2.c index 92e62b3e5f..7535fb67b9 100644 --- a/hw/intc/pnv_xive2.c +++ b/hw/intc/pnv_xive2.c @@ -1325,10 +1325,11 @@ static uint64_t pnv_xive2_ic_vc_read(void *opaque, = hwaddr offset, case VC_ENDC_WATCH3_DATA0: /* * Load DATA registers from cache with data requested by the - * SPEC register + * SPEC register. Clear gen_flipped bit in word 1. */ watch_engine =3D (offset - VC_ENDC_WATCH0_DATA0) >> 6; pnv_xive2_end_cache_load(xive, watch_engine); + xive->vc_regs[reg] &=3D ~(uint64_t)END2_W1_GEN_FLIPPED; val =3D xive->vc_regs[reg]; break; =20 diff --git a/hw/intc/xive2.c b/hw/intc/xive2.c index 4dd04a0398..453fe37f18 100644 --- a/hw/intc/xive2.c +++ b/hw/intc/xive2.c @@ -374,8 +374,8 @@ static void xive2_end_enqueue(Xive2End *end, uint32_t d= ata) qgen ^=3D 1; end->w1 =3D xive_set_field32(END2_W1_GENERATION, end->w1, qgen); =20 - /* TODO(PowerNV): reset GF bit on a cache watch operation */ - end->w1 =3D xive_set_field32(END2_W1_GEN_FLIPPED, end->w1, qgen); + /* Set gen flipped to 1, it gets reset on a cache watch operation = */ + end->w1 =3D xive_set_field32(END2_W1_GEN_FLIPPED, end->w1, 1); } end->w1 =3D xive_set_field32(END2_W1_PAGE_OFF, end->w1, qindex); } --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307656374627.9541896118; Wed, 27 Aug 2025 08:14:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHoY-0000O0-7a; Wed, 27 Aug 2025 11:11:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkL-00086k-SF; Wed, 27 Aug 2025 11:07:34 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkK-0005eQ-1I; Wed, 27 Aug 2025 11:07:33 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 8EF2214C556; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 76DC826985D; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Glenn Miles , Nicholas Piggin , Michael Kowal , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 45/59] ppc/xive2: Fix irq preempted by lower priority group irq Date: Wed, 27 Aug 2025 18:02:50 +0300 Message-ID: <20250827150323.2694101-45-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307657053124100 From: Glenn Miles A problem was seen where uart interrupts would be lost resulting in the console hanging. Traces showed that a lower priority interrupt was preempting a higher priority interrupt, which would result in the higher priority interrupt never being handled. The new interrupt's priority was being compared against the CPPR (Current Processor Priority Register) instead of the PIPR (Post Interrupt Priority Register), as was required by the XIVE spec. This allowed for a window between raising an interrupt and ACK'ing the interrupt where a lower priority interrupt could slip in. Fixes: 26c55b99418 ("ppc/xive2: Process group backlog when updating the CPP= R") Signed-off-by: Glenn Miles Reviewed-by: Nicholas Piggin Reviewed-by: Michael Kowal Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-10-npiggin@g= mail.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit 8d373176181fbc11f8d8eae2b4532b867f083ea6) Signed-off-by: Michael Tokarev diff --git a/hw/intc/xive2.c b/hw/intc/xive2.c index 453fe37f18..2b4d0f51be 100644 --- a/hw/intc/xive2.c +++ b/hw/intc/xive2.c @@ -1283,7 +1283,7 @@ bool xive2_tm_irq_precluded(XiveTCTX *tctx, int ring,= uint8_t priority) * priority to know if the thread can take the interrupt now or if * it is precluded. */ - if (priority < alt_regs[TM_CPPR]) { + if (priority < alt_regs[TM_PIPR]) { return false; } return true; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307695314488.1632202159594; Wed, 27 Aug 2025 08:14:55 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnY-0006RL-LS; Wed, 27 Aug 2025 11:10:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkM-0008Bi-I4; Wed, 27 Aug 2025 11:07:35 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkK-0005eS-KR; Wed, 27 Aug 2025 11:07:34 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id A3DCB14C557; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 8C56726985E; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Glenn Miles , Nicholas Piggin , Michael Kowal , Caleb Schlossin , Gautam Menghani , =?UTF-8?q?C=C3=A9dric=20Le=20Goater?= , Michael Tokarev Subject: [Stable-10.0.4 46/59] ppc/xive2: Fix treatment of PIPR in CPPR update Date: Wed, 27 Aug 2025 18:02:51 +0300 Message-ID: <20250827150323.2694101-46-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307697462116600 From: Glenn Miles According to the XIVE spec, updating the CPPR should also update the PIPR. The final value of the PIPR depends on other factors, but it should never be set to a value that is above the CPPR. Also added support for redistributing an active group interrupt when it is precluded as a result of changing the CPPR value. Signed-off-by: Glenn Miles Reviewed-by: Nicholas Piggin Reviewed-by: Michael Kowal Reviewed-by: Caleb Schlossin Tested-by: Gautam Menghani Link: https://lore.kernel.org/qemu-devel/20250512031100.439842-11-npiggin@g= mail.com Signed-off-by: C=C3=A9dric Le Goater (cherry picked from commit d4720a7faf4bb415f3fe7f10e5c888212b81316a) Signed-off-by: Michael Tokarev diff --git a/hw/intc/xive2.c b/hw/intc/xive2.c index 2b4d0f51be..1971c05fa1 100644 --- a/hw/intc/xive2.c +++ b/hw/intc/xive2.c @@ -995,7 +995,9 @@ static void xive2_tctx_set_cppr(XiveTCTX *tctx, uint8_t= ring, uint8_t cppr) } } } - regs[TM_PIPR] =3D pipr_min; + + /* PIPR should not be set to a value greater than CPPR */ + regs[TM_PIPR] =3D (pipr_min > cppr) ? cppr : pipr_min; =20 rc =3D xive2_tctx_get_nvp_indexes(tctx, ring_min, &nvp_blk, &nvp_idx); if (rc) { --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307609745572.3340298985426; Wed, 27 Aug 2025 08:13:29 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHmc-00047Z-Me; Wed, 27 Aug 2025 11:09:54 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkQ-0008I6-3h; Wed, 27 Aug 2025 11:07:41 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkO-0005fs-0P; Wed, 27 Aug 2025 11:07:37 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id B474914C558; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id A138D26985F; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, William Hu , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= , Michael Tokarev Subject: [Stable-10.0.4 47/59] ui/curses: Fix infinite loop on windows Date: Wed, 27 Aug 2025 18:02:52 +0300 Message-ID: <20250827150323.2694101-47-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307610604116600 From: William Hu Replace -1 comparisons for wint_t with WEOF to fix infinite loop caused by a 65535 =3D=3D -1 comparison. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2905 Signed-off-by: William Hu Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Marc-Andr=C3=A9 Lureau [ Marc-Andr=C3=A9 - Add missing similar code change, remove a comment ] Signed-off-by: Marc-Andr=C3=A9 Lureau Message-ID: (cherry picked from commit c7ac771ee750e37808928b62388fd27dcbf00f46) Signed-off-by: Michael Tokarev diff --git a/ui/curses.c b/ui/curses.c index a39aee8762..161f78c35c 100644 --- a/ui/curses.c +++ b/ui/curses.c @@ -265,7 +265,8 @@ static int curses2foo(const int _curses2foo[], const in= t _curseskey2foo[], =20 static void curses_refresh(DisplayChangeListener *dcl) { - int chr, keysym, keycode, keycode_alt; + wint_t chr =3D 0; + int keysym, keycode, keycode_alt; enum maybe_keycode maybe_keycode =3D CURSES_KEYCODE; =20 curses_winch_check(); @@ -284,8 +285,9 @@ static void curses_refresh(DisplayChangeListener *dcl) /* while there are any pending key strokes to process */ chr =3D console_getch(&maybe_keycode); =20 - if (chr =3D=3D -1) + if (chr =3D=3D WEOF) { break; + } =20 #ifdef KEY_RESIZE /* this shouldn't occur when we use a custom SIGWINCH handler */ @@ -304,9 +306,9 @@ static void curses_refresh(DisplayChangeListener *dcl) /* alt or esc key */ if (keycode =3D=3D 1) { enum maybe_keycode next_maybe_keycode =3D CURSES_KEYCODE; - int nextchr =3D console_getch(&next_maybe_keycode); + wint_t nextchr =3D console_getch(&next_maybe_keycode); =20 - if (nextchr !=3D -1) { + if (nextchr !=3D WEOF) { chr =3D nextchr; maybe_keycode =3D next_maybe_keycode; keycode_alt =3D ALT; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307525929481.17415586541847; Wed, 27 Aug 2025 08:12:05 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHoc-00010d-Im; Wed, 27 Aug 2025 11:11:58 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkl-00006K-0j; Wed, 27 Aug 2025 11:08:02 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHki-0005gO-Fd; Wed, 27 Aug 2025 11:07:58 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id C50B314C559; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id B1BC7269860; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, WANG Rui , Zhou Qiankang , Song Gao , Michael Tokarev Subject: [Stable-10.0.4 48/59] target/loongarch: Fix [X]VLDI raising exception incorrectly Date: Wed, 27 Aug 2025 18:02:53 +0300 Message-ID: <20250827150323.2694101-48-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307527631116600 Content-Type: text/plain; charset="utf-8" From: WANG Rui According to the specification, [X]VLDI should trigger an invalid instructi= on exception only when Bit[12] is 1 and Bit[11:8] > 12. This patch fixes an is= sue where an exception was incorrectly raised even when Bit[12] was 0. Test case: ``` .global main main: vldi $vr0, 3328 ret ``` Reported-by: Zhou Qiankang Signed-off-by: WANG Rui Reviewed-by: Song Gao Message-ID: <20250804132212.4816-1-wangrui@loongson.cn> Signed-off-by: Song Gao (cherry picked from commit e66644c48e96e81848c6aa94b185f59fc212d080) Signed-off-by: Michael Tokarev diff --git a/target/loongarch/tcg/insn_trans/trans_vec.c.inc b/target/loong= arch/tcg/insn_trans/trans_vec.c.inc index 78730029cb..38bccf2838 100644 --- a/target/loongarch/tcg/insn_trans/trans_vec.c.inc +++ b/target/loongarch/tcg/insn_trans/trans_vec.c.inc @@ -3585,7 +3585,9 @@ static bool gen_vldi(DisasContext *ctx, arg_vldi *a, = uint32_t oprsz) int sel, vece; uint64_t value; =20 - if (!check_valid_vldi_mode(a)) { + sel =3D (a->imm >> 12) & 0x1; + + if (sel && !check_valid_vldi_mode(a)) { generate_exception(ctx, EXCCODE_INE); return true; } @@ -3594,8 +3596,6 @@ static bool gen_vldi(DisasContext *ctx, arg_vldi *a, = uint32_t oprsz) return true; } =20 - sel =3D (a->imm >> 12) & 0x1; - if (sel) { value =3D vldi_get_value(ctx, a->imm); vece =3D MO_64; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308300549677.7435224618539; Wed, 27 Aug 2025 08:25:00 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnM-0005Tb-WA; Wed, 27 Aug 2025 11:10:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHko-0000Bu-Dz; Wed, 27 Aug 2025 11:08:04 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkm-0005iB-BS; Wed, 27 Aug 2025 11:08:01 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id D344314C55A; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id C2573269861; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Klaus Jensen , Jesper Wendel Devantier , Michael Tokarev Subject: [Stable-10.0.4 49/59] hw/nvme: fix namespace attachment Date: Wed, 27 Aug 2025 18:02:54 +0300 Message-ID: <20250827150323.2694101-49-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308302201124100 Content-Type: text/plain; charset="utf-8" From: Klaus Jensen Commit 6ccca4b6bb9f ("hw/nvme: rework csi handling") introduced a bug in Namespace Attachment, causing it to a) not allow a controller to attach namespaces to other controllers b) assert if a valid non-attached namespace is detached This fixes both issues. Fixes: 6ccca4b6bb9f ("hw/nvme: rework csi handling") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2976 Reviewed-by: Jesper Wendel Devantier Signed-off-by: Klaus Jensen (cherry picked from commit 31b737b19dca4d50758f5e9834d27b683102f2f1) Signed-off-by: Michael Tokarev diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index d6b77d4fbc..669fff41c7 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -6816,7 +6816,7 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeR= equest *req) =20 switch (sel) { case NVME_NS_ATTACHMENT_ATTACH: - if (nvme_ns(n, nsid)) { + if (nvme_ns(ctrl, nsid)) { return NVME_NS_ALREADY_ATTACHED | NVME_DNR; } =20 @@ -6824,7 +6824,7 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, NvmeR= equest *req) return NVME_NS_PRIVATE | NVME_DNR; } =20 - if (!nvme_csi_supported(n, ns->csi)) { + if (!nvme_csi_supported(ctrl, ns->csi)) { return NVME_IOCS_NOT_SUPPORTED | NVME_DNR; } =20 @@ -6834,6 +6834,10 @@ static uint16_t nvme_ns_attachment(NvmeCtrl *n, Nvme= Request *req) break; =20 case NVME_NS_ATTACHMENT_DETACH: + if (!nvme_ns(ctrl, nsid)) { + return NVME_NS_NOT_ATTACHED | NVME_DNR; + } + nvme_detach_ns(ctrl, ns); nvme_update_dsm_limits(ctrl, NULL); =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307665837278.90854855040095; Wed, 27 Aug 2025 08:14:25 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnB-0005AP-4Q; Wed, 27 Aug 2025 11:10:31 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkx-0000JI-67; Wed, 27 Aug 2025 11:08:12 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkp-0005of-Ad; Wed, 27 Aug 2025 11:08:09 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id E234614C55B; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id D0909269862; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Klaus Jensen , Alan Adamson , Michael Tokarev Subject: [Stable-10.0.4 50/59] hw/nvme: revert CMIC behavior Date: Wed, 27 Aug 2025 18:02:55 +0300 Message-ID: <20250827150323.2694101-50-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307667296116600 Content-Type: text/plain; charset="utf-8" From: Klaus Jensen Commit cd59f50ab017 ("hw/nvme: always initialize a subsystem") causes the controller to always set the CMIC.MCTRS ("Multiple Controllers") bit. While spec-compliant, this is a deviation from the previous behavior where this was only set if an nvme-subsys device was explicitly created (to configure a subsystem with multiple controllers/namespaces). Revert the behavior to only set CMIC.MCTRS if an nvme-subsys device is created explicitly. Reported-by: Alan Adamson Fixes: cd59f50ab017 ("hw/nvme: always initialize a subsystem") Reviewed-by: Alan Adamson Tested-by: Alan Adamson Signed-off-by: Klaus Jensen (cherry picked from commit bc0c24fdb157b014932a5012fe4ccbeba7617f17) Signed-off-by: Michael Tokarev diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index 669fff41c7..f34bd68c04 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -8780,7 +8780,7 @@ static void nvme_init_ctrl(NvmeCtrl *n, PCIDevice *pc= i_dev) uint8_t *pci_conf =3D pci_dev->config; uint64_t cap =3D ldq_le_p(&n->bar.cap); NvmeSecCtrlEntry *sctrl =3D nvme_sctrl(n); - uint32_t ctratt; + uint32_t ctratt =3D le32_to_cpu(id->ctratt); uint16_t oacs; =20 memcpy(n->cse.acs, nvme_cse_acs_default, sizeof(n->cse.acs)); @@ -8798,10 +8798,11 @@ static void nvme_init_ctrl(NvmeCtrl *n, PCIDevice *= pci_dev) =20 id->oaes =3D cpu_to_le32(NVME_OAES_NS_ATTR); =20 - ctratt =3D NVME_CTRATT_ELBAS; + ctratt |=3D NVME_CTRATT_ELBAS; if (n->params.ctratt.mem) { ctratt |=3D NVME_CTRATT_MEM; } + id->ctratt =3D cpu_to_le32(ctratt); =20 id->rab =3D 6; =20 @@ -8884,17 +8885,6 @@ static void nvme_init_ctrl(NvmeCtrl *n, PCIDevice *p= ci_dev) id->psd[0].enlat =3D cpu_to_le32(0x10); id->psd[0].exlat =3D cpu_to_le32(0x4); =20 - id->cmic |=3D NVME_CMIC_MULTI_CTRL; - ctratt |=3D NVME_CTRATT_ENDGRPS; - - id->endgidmax =3D cpu_to_le16(0x1); - - if (n->subsys->endgrp.fdp.enabled) { - ctratt |=3D NVME_CTRATT_FDPS; - } - - id->ctratt =3D cpu_to_le32(ctratt); - NVME_CAP_SET_MQES(cap, n->params.mqes); NVME_CAP_SET_CQR(cap, 1); NVME_CAP_SET_TO(cap, 0xf); @@ -8927,6 +8917,20 @@ static int nvme_init_subsys(NvmeCtrl *n, Error **err= p) } =20 n->subsys =3D NVME_SUBSYS(dev); + } else { + NvmeIdCtrl *id =3D &n->id_ctrl; + uint32_t ctratt =3D le32_to_cpu(id->ctratt); + + id->cmic |=3D NVME_CMIC_MULTI_CTRL; + ctratt |=3D NVME_CTRATT_ENDGRPS; + + id->endgidmax =3D cpu_to_le16(0x1); + + if (n->subsys->endgrp.fdp.enabled) { + ctratt |=3D NVME_CTRATT_FDPS; + } + + id->ctratt =3D cpu_to_le32(ctratt); } =20 cntlid =3D nvme_subsys_register_ctrl(n, errp); --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307952290426.30073831360676; Wed, 27 Aug 2025 08:19:12 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnQ-0005oX-JI; Wed, 27 Aug 2025 11:10:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkx-0000JG-66; Wed, 27 Aug 2025 11:08:12 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkq-0005pD-FT; Wed, 27 Aug 2025 11:08:09 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id F16FB14C55C; Wed, 27 Aug 2025 18:02:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id DF406269863; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Keith Busch , Klaus Jensen , Michael Tokarev Subject: [Stable-10.0.4 51/59] hw/nvme: cap MDTS value for internal limitation Date: Wed, 27 Aug 2025 18:02:56 +0300 Message-ID: <20250827150323.2694101-51-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307954972124100 Content-Type: text/plain; charset="utf-8" From: Keith Busch The emulated device had let the user set whatever max transfers size they wanted, including no limit. However the device does have an internal limit of 1024 segments. NVMe doesn't report max segments, though. This is implicitly inferred based on the MDTS and MPSMIN values. IOV_MAX is currently 1024 which 4k PRPs can exceed with 2MB transfers. Don't allow MDTS values that can exceed this, otherwise users risk seeing "internal error" status to their otherwise protocol compliant commands. Signed-off-by: Keith Busch Signed-off-by: Klaus Jensen (cherry picked from commit 53493c1f836f4dda90a6b5f2fb3d9264918c6871) Signed-off-by: Michael Tokarev diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index f34bd68c04..67cb95c809 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -8339,6 +8339,11 @@ static bool nvme_check_params(NvmeCtrl *n, Error **e= rrp) host_memory_backend_set_mapped(n->pmr.dev, true); } =20 + if (!n->params.mdts || ((1 << n->params.mdts) + 1) > IOV_MAX) { + error_setg(errp, "mdts exceeds IOV_MAX"); + return false; + } + if (n->params.zasl > n->params.mdts) { error_setg(errp, "zoned.zasl (Zone Append Size Limit) must be less= " "than or equal to mdts (Maximum Data Transfer Size)"); --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307530335775.0783519327332; Wed, 27 Aug 2025 08:12:10 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnz-0006jw-IE; Wed, 27 Aug 2025 11:11:24 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHl7-0000S7-TY; Wed, 27 Aug 2025 11:08:29 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkz-0005qj-8e; Wed, 27 Aug 2025 11:08:15 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 0C3D114C55D; Wed, 27 Aug 2025 18:03:00 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id EE6BE269864; Wed, 27 Aug 2025 18:03:26 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Kevin Wolf , Hanna Czenczek , Michael Tokarev Subject: [Stable-10.0.4 52/59] rbd: Fix .bdrv_get_specific_info implementation Date: Wed, 27 Aug 2025 18:02:57 +0300 Message-ID: <20250827150323.2694101-52-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307531552124100 Content-Type: text/plain; charset="utf-8" From: Kevin Wolf qemu_rbd_get_specific_info() has at least two problems: The first is that it issues a blocking rbd_read() call in order to probe the encryption format for the image while querying the node. This means that if the connection to the server goes down, not only I/O is stuck (which is unavoidable), but query-names-block-nodes will actually make the whole QEMU instance unresponsive. .bdrv_get_specific_info implementations shouldn't perform blocking operations, but only return what is already known. The second is that the information returned isn't even correct. If the image is already opened with encryption enabled at the RBD level, we'll probe for "double encryption", i.e. if the encrypted data contains another encryption header. If it doesn't (which is the normal case), we won't return the encryption format. If it does, we return misleading information because it looks like we're talking about the outer level (the encryption format of the image itself) while the information is about an encryption header in the guest data. Fix this by storing the encryption format in BDRVRBDState when the image is opened (and we do blocking operations anyway) and returning only the stored information in qemu_rbd_get_specific_info(). The information we'll store is either the actual encryption format that we enabled on the RBD level, or if the image is unencrypted, the result of the same probing as we previously did when querying the node. Probing image formats based on content that can be modified by the guest has long been known as problematic, but as long as we only output it to the user instead of making decisions based on it, it should be okay. It is undoubtedly useful in the context of 'qemu-img info' when you're trying to figure out which encryption options you have to use to open the image successfully. Fixes: 42e4ac9ef5a6 ("block/rbd: Add support for rbd image encryption") Buglink: https://issues.redhat.com/browse/RHEL-105440 Signed-off-by: Kevin Wolf Message-ID: <20250811134010.81787-1-kwolf@redhat.com> Reviewed-by: Hanna Czenczek Signed-off-by: Kevin Wolf (cherry picked from commit 4af976ef398e4e823addc00bf1c58787ba4952fe) Signed-off-by: Michael Tokarev diff --git a/block/rbd.c b/block/rbd.c index af984fb7db..446e90d34c 100644 --- a/block/rbd.c +++ b/block/rbd.c @@ -99,6 +99,14 @@ typedef struct BDRVRBDState { char *namespace; uint64_t image_size; uint64_t object_size; + + /* + * If @bs->encrypted is true, this is the encryption format actually l= oaded + * at the librbd level. If it is false, it is the result of probing. + * RBD_IMAGE_ENCRYPTION_FORMAT__MAX means that encryption is not enabl= ed and + * probing didn't find any known encryption header either. + */ + RbdImageEncryptionFormat encryption_format; } BDRVRBDState; =20 typedef struct RBDTask { @@ -471,10 +479,12 @@ static int qemu_rbd_encryption_format(rbd_image_t ima= ge, return 0; } =20 -static int qemu_rbd_encryption_load(rbd_image_t image, +static int qemu_rbd_encryption_load(BlockDriverState *bs, + rbd_image_t image, RbdEncryptionOptions *encrypt, Error **errp) { + BDRVRBDState *s =3D bs->opaque; int r =3D 0; g_autofree char *passphrase =3D NULL; rbd_encryption_luks1_format_options_t luks_opts; @@ -545,15 +555,19 @@ static int qemu_rbd_encryption_load(rbd_image_t image, error_setg_errno(errp, -r, "encryption load fail"); return r; } + bs->encrypted =3D true; + s->encryption_format =3D encrypt->format; =20 return 0; } =20 #ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 -static int qemu_rbd_encryption_load2(rbd_image_t image, +static int qemu_rbd_encryption_load2(BlockDriverState *bs, + rbd_image_t image, RbdEncryptionOptions *encrypt, Error **errp) { + BDRVRBDState *s =3D bs->opaque; int r =3D 0; int encrypt_count =3D 1; int i; @@ -639,6 +653,8 @@ static int qemu_rbd_encryption_load2(rbd_image_t image, error_setg_errno(errp, -r, "layered encryption load fail"); goto exit; } + bs->encrypted =3D true; + s->encryption_format =3D encrypt->format; =20 exit: for (i =3D 0; i < encrypt_count; ++i) { @@ -672,6 +688,45 @@ exit: #endif #endif =20 +/* + * For an image without encryption enabled on the rbd layer, probe the sta= rt of + * the image if it could be opened as an encrypted image so that we can di= splay + * it when the user queries the node (most importantly in qemu-img). + * + * If the guest writes an encryption header to its disk after this probing= , this + * won't be reflected when queried, but that's okay. There is no reason wh= y the + * user should want to apply encryption at the rbd level while the image is + * still in use. This is just guest data. + */ +static void qemu_rbd_encryption_probe(BlockDriverState *bs) +{ + BDRVRBDState *s =3D bs->opaque; + char buf[RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] =3D {0}; + int r; + + assert(s->encryption_format =3D=3D RBD_IMAGE_ENCRYPTION_FORMAT__MAX); + + r =3D rbd_read(s->image, 0, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN, buf); + if (r < RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) { + return; + } + + if (memcmp(buf, rbd_luks_header_verification, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { + s->encryption_format =3D RBD_IMAGE_ENCRYPTION_FORMAT_LUKS; + } else if (memcmp(buf, rbd_luks2_header_verification, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { + s->encryption_format =3D RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2; + } else if (memcmp(buf, rbd_layered_luks_header_verification, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { + s->encryption_format =3D RBD_IMAGE_ENCRYPTION_FORMAT_LUKS; + } else if (memcmp(buf, rbd_layered_luks2_header_verification, + RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { + s->encryption_format =3D RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2; + } +} + /* FIXME Deprecate and remove keypairs or make it available in QMP. */ static int qemu_rbd_do_create(BlockdevCreateOptions *options, const char *keypairs, const char *password_s= ecret, @@ -1134,17 +1189,18 @@ static int qemu_rbd_open(BlockDriverState *bs, QDic= t *options, int flags, goto failed_open; } =20 + s->encryption_format =3D RBD_IMAGE_ENCRYPTION_FORMAT__MAX; if (opts->encrypt) { #ifdef LIBRBD_SUPPORTS_ENCRYPTION if (opts->encrypt->parent) { #ifdef LIBRBD_SUPPORTS_ENCRYPTION_LOAD2 - r =3D qemu_rbd_encryption_load2(s->image, opts->encrypt, errp); + r =3D qemu_rbd_encryption_load2(bs, s->image, opts->encrypt, e= rrp); #else r =3D -ENOTSUP; error_setg(errp, "RBD library does not support layered encrypt= ion"); #endif } else { - r =3D qemu_rbd_encryption_load(s->image, opts->encrypt, errp); + r =3D qemu_rbd_encryption_load(bs, s->image, opts->encrypt, er= rp); } if (r < 0) { goto failed_post_open; @@ -1154,6 +1210,8 @@ static int qemu_rbd_open(BlockDriverState *bs, QDict = *options, int flags, error_setg(errp, "RBD library does not support image encryption"); goto failed_post_open; #endif + } else { + qemu_rbd_encryption_probe(bs); } =20 r =3D rbd_stat(s->image, &info, sizeof(info)); @@ -1413,17 +1471,6 @@ static ImageInfoSpecific *qemu_rbd_get_specific_info= (BlockDriverState *bs, { BDRVRBDState *s =3D bs->opaque; ImageInfoSpecific *spec_info; - char buf[RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN] =3D {0}; - int r; - - if (s->image_size >=3D RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) { - r =3D rbd_read(s->image, 0, - RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN, buf); - if (r < 0) { - error_setg_errno(errp, -r, "cannot read image start for probe"= ); - return NULL; - } - } =20 spec_info =3D g_new(ImageInfoSpecific, 1); *spec_info =3D (ImageInfoSpecific){ @@ -1431,28 +1478,13 @@ static ImageInfoSpecific *qemu_rbd_get_specific_inf= o(BlockDriverState *bs, .u.rbd.data =3D g_new0(ImageInfoSpecificRbd, 1), }; =20 - if (memcmp(buf, rbd_luks_header_verification, - RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { - spec_info->u.rbd.data->encryption_format =3D - RBD_IMAGE_ENCRYPTION_FORMAT_LUKS; - spec_info->u.rbd.data->has_encryption_format =3D true; - } else if (memcmp(buf, rbd_luks2_header_verification, - RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { - spec_info->u.rbd.data->encryption_format =3D - RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2; - spec_info->u.rbd.data->has_encryption_format =3D true; - } else if (memcmp(buf, rbd_layered_luks_header_verification, - RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { - spec_info->u.rbd.data->encryption_format =3D - RBD_IMAGE_ENCRYPTION_FORMAT_LUKS; - spec_info->u.rbd.data->has_encryption_format =3D true; - } else if (memcmp(buf, rbd_layered_luks2_header_verification, - RBD_ENCRYPTION_LUKS_HEADER_VERIFICATION_LEN) =3D=3D 0) { - spec_info->u.rbd.data->encryption_format =3D - RBD_IMAGE_ENCRYPTION_FORMAT_LUKS2; - spec_info->u.rbd.data->has_encryption_format =3D true; + if (s->encryption_format =3D=3D RBD_IMAGE_ENCRYPTION_FORMAT__MAX) { + assert(!bs->encrypted); } else { - spec_info->u.rbd.data->has_encryption_format =3D false; + ImageInfoSpecificRbd *rbd_info =3D spec_info->u.rbd.data; + + rbd_info->has_encryption_format =3D true; + rbd_info->encryption_format =3D s->encryption_format; } =20 return spec_info; diff --git a/qapi/block-core.json b/qapi/block-core.json index b1937780e1..807efd27fd 100644 --- a/qapi/block-core.json +++ b/qapi/block-core.json @@ -158,7 +158,14 @@ ## # @ImageInfoSpecificRbd: # -# @encryption-format: Image encryption format +# @encryption-format: Image encryption format. If encryption is enabled fo= r the +# image (see encrypted in BlockNodeInfo), this is the actual format in= which the +# image is accessed. If encryption is not enabled, this is the result = of +# probing when the image was opened, to give a suggestion which encryp= tion +# format could be enabled. Note that probing results can be changed by= the +# guest by writing a (possibly partial) encryption format header to the +# image, so don't treat this information as trusted if the guest is not +# trusted. # # Since: 6.1 ## --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307656758253.73231540824315; Wed, 27 Aug 2025 08:14:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHog-0001FE-KK; Wed, 27 Aug 2025 11:12:02 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHl8-0000S8-1k; Wed, 27 Aug 2025 11:08:29 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHkz-0005qm-Kt; Wed, 27 Aug 2025 11:08:16 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 1CE9D14C55E; Wed, 27 Aug 2025 18:03:00 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 09962269865; Wed, 27 Aug 2025 18:03:27 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Werner Fink , Kevin Wolf , Martin Kletzander , Michael Tokarev Subject: [Stable-10.0.4 53/59] qemu-iotests: Ignore indentation in Killed messages Date: Wed, 27 Aug 2025 18:02:58 +0300 Message-ID: <20250827150323.2694101-53-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307659037124100 Content-Type: text/plain; charset="utf-8" From: Werner Fink New bash 5.3 uses a different padding for reporting job status. Resolves: boo#1246830 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3050 Signed-off-by: Werner Fink Message-ID: Reviewed-by: Kevin Wolf Tested-by: Martin Kletzander Signed-off-by: Kevin Wolf (cherry picked from commit c0df98ab1f3d348bc05f09d1c093abc529f2b530) Signed-off-by: Michael Tokarev diff --git a/tests/qemu-iotests/039.out b/tests/qemu-iotests/039.out index e52484d4be..8fdbcc528a 100644 --- a/tests/qemu-iotests/039.out +++ b/tests/qemu-iotests/039.out @@ -11,7 +11,7 @@ No errors were found on the image. Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 wrote 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO= }" _qemu_proc_exec "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@"= ) +./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO}" _qemu_proc_exe= c "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@" ) incompatible_features [0] ERROR cluster 5 refcount=3D0 reference=3D1 ERROR OFLAG_COPIED data cluster: l2_entry=3D8000000000050000 refcount=3D0 @@ -46,7 +46,7 @@ read 512/512 bytes at offset 0 Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 wrote 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO= }" _qemu_proc_exec "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@"= ) +./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO}" _qemu_proc_exe= c "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@" ) incompatible_features [0] ERROR cluster 5 refcount=3D0 reference=3D1 Rebuilding refcount structure @@ -60,7 +60,7 @@ incompatible_features [] Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 wrote 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO= }" _qemu_proc_exec "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@"= ) +./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO}" _qemu_proc_exe= c "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@" ) incompatible_features [] No errors were found on the image. =20 @@ -79,7 +79,7 @@ No errors were found on the image. Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 wrote 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO= }" _qemu_proc_exec "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@"= ) +./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO}" _qemu_proc_exe= c "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@" ) incompatible_features [0] ERROR cluster 5 refcount=3D0 reference=3D1 ERROR OFLAG_COPIED data cluster: l2_entry=3D8000000000050000 refcount=3D0 @@ -89,7 +89,7 @@ Data may be corrupted, or further writes to the image may= corrupt it. Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D134217728 wrote 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO= }" _qemu_proc_exec "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@"= ) +./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO}" _qemu_proc_exe= c "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@" ) incompatible_features [] No errors were found on the image. *** done diff --git a/tests/qemu-iotests/061.out b/tests/qemu-iotests/061.out index 24c33add7c..951c6bf3e6 100644 --- a/tests/qemu-iotests/061.out +++ b/tests/qemu-iotests/061.out @@ -118,7 +118,7 @@ No errors were found on the image. Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 wrote 131072/131072 bytes at offset 0 128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO= }" _qemu_proc_exec "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@"= ) +./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO}" _qemu_proc_exe= c "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@" ) magic 0x514649fb version 3 backing_file_offset 0x0 @@ -304,7 +304,7 @@ No errors were found on the image. Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 wrote 131072/131072 bytes at offset 0 128 KiB, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO= }" _qemu_proc_exec "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@"= ) +./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO}" _qemu_proc_exe= c "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@" ) magic 0x514649fb version 3 backing_file_offset 0x0 diff --git a/tests/qemu-iotests/137.out b/tests/qemu-iotests/137.out index 86377c80cd..e19df5b6ba 100644 --- a/tests/qemu-iotests/137.out +++ b/tests/qemu-iotests/137.out @@ -35,7 +35,7 @@ Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108= 864 qemu-io: Unsupported value 'blubb' for qcow2 option 'overlap-check'. Allow= ed are any of the following: none, constant, cached, all wrote 512/512 bytes at offset 0 512 bytes, X ops; XX:XX:XX.X (XXX YYY/sec and XXX ops/sec) -./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO= }" _qemu_proc_exec "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@"= ) +./common.rc: Killed ( VALGRIND_QEMU=3D"${VALGRIND_QEMU_IO}" _qemu_proc_exe= c "${VALGRIND_LOGFILE}" "$QEMU_IO_PROG" $QEMU_IO_ARGS "$@" ) OK: Dirty bit not set Formatting 'TEST_DIR/t.IMGFMT', fmt=3DIMGFMT size=3D67108864 qemu-io: Parameter 'lazy-refcounts' expects 'on' or 'off' diff --git a/tests/qemu-iotests/common.filter b/tests/qemu-iotests/common.f= ilter index fc3c64bcb8..a8226e8b42 100644 --- a/tests/qemu-iotests/common.filter +++ b/tests/qemu-iotests/common.filter @@ -74,7 +74,7 @@ _filter_qemu_io() { _filter_win32 | \ gsed -e "s/[0-9]* ops\; [0-9/:. sec]* ([0-9/.inf]* [EPTGMKiBbytes]*\/s= ec and [0-9/.inf]* ops\/sec)/X ops\; XX:XX:XX.X (XXX YYY\/sec and XXX ops\/= sec)/" \ - -e "s/: line [0-9][0-9]*: *[0-9][0-9]*\( Aborted\| Killed\)/:\1/"= \ + -e "s/: line [0-9][0-9]*: *[0-9][0-9]*\( Aborted\| Killed\) \{2,\= }/:\1 /" \ -e "s/qemu-io> //g" } =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308224685549.5910793779999; Wed, 27 Aug 2025 08:23:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnR-0005q6-52; Wed, 27 Aug 2025 11:10:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHlE-0000UL-8E; Wed, 27 Aug 2025 11:08:33 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHlB-0005sN-0D; Wed, 27 Aug 2025 11:08:27 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 2F3AE14C55F; Wed, 27 Aug 2025 18:03:00 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 1AC0E269866; Wed, 27 Aug 2025 18:03:27 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Guenter Roeck , =?UTF-8?q?Alex=20Benn=C3=A9e?= , Gustavo Romero , Michael Tokarev Subject: [Stable-10.0.4 54/59] hw/sd/ssi-sd: Return noise (dummy byte) when no card connected Date: Wed, 27 Aug 2025 18:02:59 +0300 Message-ID: <20250827150323.2694101-54-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308226522124100 From: Philippe Mathieu-Daud=C3=A9 Commit 1585ab9f1ba ("hw/sd/sdcard: Fill SPI response bits in card code") exposed a bug in the SPI adapter: if no SD card is plugged, we are returning "there is a card with an error". This is wrong, we shouldn't return any particular packet response, but the noise shifted on the MISO line. Return the dummy byte, otherwise we get: qemu-system-riscv64: ../hw/sd/ssi-sd.c:160: ssi_sd_transfer: Assertion `s= ->arglen > 0' failed. Reported-by: Guenter Roeck Fixes: 775616c3ae8 ("Partial SD card SPI mode support") Signed-off-by: Philippe Mathieu-Daud=C3=A9 Tested-by: Guenter Roeck Reviewed-by: Alex Benn=C3=A9e Reviewed-by: Gustavo Romero Tested-by: Alex Benn=C3=A9e Message-Id: <20250812140415.70153-2-philmd@linaro.org> (cherry picked from commit e262646e12acd6c1132e03d57fea20680a503251) Signed-off-by: Michael Tokarev diff --git a/hw/sd/ssi-sd.c b/hw/sd/ssi-sd.c index c4a58da0ab..fbbcb5c750 100644 --- a/hw/sd/ssi-sd.c +++ b/hw/sd/ssi-sd.c @@ -106,6 +106,10 @@ static uint32_t ssi_sd_transfer(SSIPeripheral *dev, ui= nt32_t val) SDRequest request; uint8_t longresp[16]; =20 + if (!sdbus_get_inserted(&s->sdbus)) { + return SSI_DUMMY; + } + /* * Special case: allow CMD12 (STOP TRANSMISSION) while reading data. * --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307971553883.9563209085771; Wed, 27 Aug 2025 08:19:31 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHoO-0007g9-Us; Wed, 27 Aug 2025 11:11:45 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHlF-0000UT-5Z; Wed, 27 Aug 2025 11:08:33 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHlA-0005sQ-Vy; Wed, 27 Aug 2025 11:08:28 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 4040614C560; Wed, 27 Aug 2025 18:03:00 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 2CB98269867; Wed, 27 Aug 2025 18:03:27 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, "Sv. Lockal" , John Snow , Stefan Hajnoczi , Michael Tokarev Subject: [Stable-10.0.4 55/59] mkvenv: Support pip 25.2 Date: Wed, 27 Aug 2025 18:03:00 +0300 Message-ID: <20250827150323.2694101-55-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307972803116600 Content-Type: text/plain; charset="utf-8" From: "Sv. Lockal" Fix compilation with pip-25.2 due to missing distlib.version Bug: https://gitlab.com/qemu-project/qemu/-/issues/3062 Signed-off-by: Sv. Lockal [Edits: Type "safety" whackamole --js] Signed-off-by: John Snow Message-ID: <20250811190159.237321-1-jsnow@redhat.com> Signed-off-by: Stefan Hajnoczi (cherry picked from commit 6ad034e71232c2929ed546304c9d249312bb632f) Signed-off-by: Michael Tokarev diff --git a/python/scripts/mkvenv.py b/python/scripts/mkvenv.py index 8ac5b0b2a0..f102527c4d 100644 --- a/python/scripts/mkvenv.py +++ b/python/scripts/mkvenv.py @@ -84,6 +84,7 @@ Sequence, Tuple, Union, + cast, ) import venv =20 @@ -94,17 +95,39 @@ HAVE_DISTLIB =3D True try: import distlib.scripts - import distlib.version except ImportError: try: # Reach into pip's cookie jar. pylint and flake8 don't understand # that these imports will be used via distlib.xxx. from pip._vendor import distlib import pip._vendor.distlib.scripts # noqa, pylint: disable=3Dunus= ed-import - import pip._vendor.distlib.version # noqa, pylint: disable=3Dunus= ed-import except ImportError: HAVE_DISTLIB =3D False =20 +# pip 25.2 does not vendor distlib.version, but it uses vendored +# packaging.version +HAVE_DISTLIB_VERSION =3D True +try: + import distlib.version # pylint: disable=3Dungrouped-imports +except ImportError: + try: + # pylint: disable=3Dunused-import,ungrouped-imports + import pip._vendor.distlib.version # noqa + except ImportError: + HAVE_DISTLIB_VERSION =3D False + +HAVE_PACKAGING_VERSION =3D True +try: + # Do not bother importing non-vendored packaging, because it is not + # in stdlib. + from pip._vendor import packaging + # pylint: disable=3Dunused-import + import pip._vendor.packaging.requirements # noqa + import pip._vendor.packaging.version # noqa +except ImportError: + HAVE_PACKAGING_VERSION =3D False + + # Try to load tomllib, with a fallback to tomli. # HAVE_TOMLLIB is checked below, just-in-time, so that mkvenv does not fail # outside the venv or before a potential call to ensurepip in checkpip(). @@ -133,6 +156,39 @@ class Ouch(RuntimeError): """An Exception class we can't confuse with a builtin.""" =20 =20 +class Matcher: + """Compatibility appliance for version/requirement string parsing.""" + def __init__(self, name_and_constraint: str): + """Create a matcher from a requirement-like string.""" + if HAVE_DISTLIB_VERSION: + self._m =3D distlib.version.LegacyMatcher(name_and_constraint) + elif HAVE_PACKAGING_VERSION: + self._m =3D packaging.requirements.Requirement(name_and_constr= aint) + else: + raise Ouch("found neither distlib.version nor packaging.versio= n") + self.name =3D self._m.name + + def match(self, version_str: str) -> bool: + """Return True if `version` satisfies the stored constraint.""" + if HAVE_DISTLIB_VERSION: + return cast( + bool, + self._m.match(distlib.version.LegacyVersion(version_str)) + ) + + assert HAVE_PACKAGING_VERSION + return cast( + bool, + self._m.specifier.contains( + packaging.version.Version(version_str), prereleases=3DTrue + ) + ) + + def __repr__(self) -> str: + """Stable debug representation delegated to the backend.""" + return repr(self._m) + + class QemuEnvBuilder(venv.EnvBuilder): """ An extension of venv.EnvBuilder for building QEMU's configure-time ven= v. @@ -669,7 +725,7 @@ def _do_ensure( canary =3D None for name, info in group.items(): constraint =3D _make_version_constraint(info, False) - matcher =3D distlib.version.LegacyMatcher(name + constraint) + matcher =3D Matcher(name + constraint) print(f"mkvenv: checking for {matcher}", file=3Dsys.stderr) =20 dist: Optional[Distribution] =3D None @@ -683,7 +739,7 @@ def _do_ensure( # Always pass installed package to pip, so that they can be # updated if the requested version changes or not _is_system_package(dist) - or not matcher.match(distlib.version.LegacyVersion(dist.versio= n)) + or not matcher.match(dist.version) ): absent.append(name + _make_version_constraint(info, True)) if len(absent) =3D=3D 1: --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308129580298.30669083877865; Wed, 27 Aug 2025 08:22:09 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHnZ-0006VV-GX; Wed, 27 Aug 2025 11:10:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHlb-0000x9-G6; Wed, 27 Aug 2025 11:08:52 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHlZ-0005te-RD; Wed, 27 Aug 2025 11:08:51 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 5006F14C561; Wed, 27 Aug 2025 18:03:00 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 3D70D269868; Wed, 27 Aug 2025 18:03:27 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Mauro Matteo Cascella , ZDI , Gerd Hoffmann , Michael Tokarev Subject: [Stable-10.0.4 56/59] hw/uefi: clear uefi-vars buffer in uefi_vars_write callback Date: Wed, 27 Aug 2025 18:03:01 +0300 Message-ID: <20250827150323.2694101-56-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308130569116600 Content-Type: text/plain; charset="utf-8" From: Mauro Matteo Cascella When the guest writes to register UEFI_VARS_REG_BUFFER_SIZE, the .write callback `uefi_vars_write` is invoked. The function allocates a heap buffer without zeroing the memory, leaving the buffer filled with residual data from prior allocations. When the guest later reads from register UEFI_VARS_REG_PIO_BUFFER_TRANSFER, the .read callback `uefi_vars_read` returns leftover metadata or other sensitive process memory from the previously allocated buffer, leading to an information disclosure vulnerability. Fixes: CVE-2025-8860 Fixes: 90ca4e03c27d ("hw/uefi: add var-service-core.c") Reported-by: ZDI Suggested-by: Gerd Hoffmann Signed-off-by: Mauro Matteo Cascella Message-ID: <20250811101128.17661-1-mcascell@redhat.com> Signed-off-by: Gerd Hoffmann (cherry picked from commit f757d9d90d19b914d4023663bfc4da73bbbf007e) Signed-off-by: Michael Tokarev diff --git a/hw/uefi/var-service-core.c b/hw/uefi/var-service-core.c index 4836a0cb81..92fc121fe7 100644 --- a/hw/uefi/var-service-core.c +++ b/hw/uefi/var-service-core.c @@ -259,8 +259,8 @@ static void uefi_vars_write(void *opaque, hwaddr addr, = uint64_t val, unsigned si uv->buf_size =3D val; g_free(uv->buffer); g_free(uv->pio_xfer_buffer); - uv->buffer =3D g_malloc(uv->buf_size); - uv->pio_xfer_buffer =3D g_malloc(uv->buf_size); + uv->buffer =3D g_malloc0(uv->buf_size); + uv->pio_xfer_buffer =3D g_malloc0(uv->buf_size); break; case UEFI_VARS_REG_DMA_BUFFER_ADDR_LO: uv->buf_addr_lo =3D val; --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756308044482876.4108593898608; Wed, 27 Aug 2025 08:20:44 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHoV-0008NE-4B; Wed, 27 Aug 2025 11:11:51 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHld-0000yi-2T; Wed, 27 Aug 2025 11:08:56 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHlb-0005to-Du; Wed, 27 Aug 2025 11:08:52 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 680E714C562; Wed, 27 Aug 2025 18:03:00 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 4CEAF269869; Wed, 27 Aug 2025 18:03:27 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Gerd Hoffmann , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-10.0.4 57/59] hw/uefi: return success for notifications Date: Wed, 27 Aug 2025 18:03:02 +0300 Message-ID: <20250827150323.2694101-57-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756308046034124100 From: Gerd Hoffmann Set status to SUCCESS for ready-to-boot and exit-boot-services notification calls. Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Gerd Hoffmann Message-ID: <20250811130110.820958-2-kraxel@redhat.com> (cherry picked from commit 88e5a28d5aabb57f44c1805fbba0a458023f5106) Signed-off-by: Michael Tokarev diff --git a/hw/uefi/var-service-vars.c b/hw/uefi/var-service-vars.c index 7f98d77a38..58ae560d6e 100644 --- a/hw/uefi/var-service-vars.c +++ b/hw/uefi/var-service-vars.c @@ -702,12 +702,14 @@ uint32_t uefi_vars_mm_vars_proto(uefi_vars_state *uv) case SMM_VARIABLE_FUNCTION_READY_TO_BOOT: trace_uefi_event("ready-to-boot"); uv->ready_to_boot =3D true; + mvar->status =3D EFI_SUCCESS; length =3D 0; break; =20 case SMM_VARIABLE_FUNCTION_EXIT_BOOT_SERVICE: trace_uefi_event("exit-boot-service"); uv->exit_boot_service =3D true; + mvar->status =3D EFI_SUCCESS; length =3D 0; break; =20 --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307524770237.97443356972485; Wed, 27 Aug 2025 08:12:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHoL-0007Jw-88; Wed, 27 Aug 2025 11:11:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHlg-0000zy-4a; Wed, 27 Aug 2025 11:08:57 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHle-0005wo-Gr; Wed, 27 Aug 2025 11:08:55 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 818EC14C563; Wed, 27 Aug 2025 18:03:00 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 651F326986A; Wed, 27 Aug 2025 18:03:27 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Gerd Hoffmann , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-10.0.4 58/59] hw/uefi: check access for first variable Date: Wed, 27 Aug 2025 18:03:03 +0300 Message-ID: <20250827150323.2694101-58-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307527353124100 From: Gerd Hoffmann When listing variables (via get-next-variable-name) only the names of variables which can be accessed will be returned. That check was missing for the first variable though. Add it. Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Gerd Hoffmann Message-ID: <20250811130110.820958-3-kraxel@redhat.com> (cherry picked from commit fc8ee8fe58ad410f27fca64e4ad212c5a3eabe00) Signed-off-by: Michael Tokarev diff --git a/hw/uefi/var-service-vars.c b/hw/uefi/var-service-vars.c index 58ae560d6e..e382fb2813 100644 --- a/hw/uefi/var-service-vars.c +++ b/hw/uefi/var-service-vars.c @@ -357,6 +357,9 @@ uefi_vars_mm_get_next_variable(uefi_vars_state *uv, mm_= header *mhdr, if (uefi_strlen(name, nv->name_size) =3D=3D 0) { /* empty string -> first */ var =3D QTAILQ_FIRST(&uv->variables); + while (var && !check_access(uv, var)) { + var =3D QTAILQ_NEXT(var, next); + } if (!var) { return uefi_vars_mm_error(mhdr, mvar, EFI_NOT_FOUND); } --=20 2.47.2 From nobody Sun Sep 28 16:28:22 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1756307678533816.0475036657458; Wed, 27 Aug 2025 08:14:38 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1urHoQ-0007vz-SI; Wed, 27 Aug 2025 11:11:47 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHli-00012T-G8; Wed, 27 Aug 2025 11:09:00 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1urHle-0005x7-Ik; Wed, 27 Aug 2025 11:08:57 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 99B4F14C564; Wed, 27 Aug 2025 18:03:00 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 7EA6E26986B; Wed, 27 Aug 2025 18:03:27 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Gerd Hoffmann , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Michael Tokarev Subject: [Stable-10.0.4 59/59] hw/uefi: open json file in binary mode Date: Wed, 27 Aug 2025 18:03:04 +0300 Message-ID: <20250827150323.2694101-59-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.2 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1756307679223116600 From: Gerd Hoffmann Fixes file length discrepancies due to line ending conversions on windows hosts. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3058 Reviewed-by: Philippe Mathieu-Daud=C3=A9 Signed-off-by: Gerd Hoffmann Message-ID: <20250811130110.820958-4-kraxel@redhat.com> (cherry picked from commit 040237436f423253f3397547aa78d449394dfbca) Signed-off-by: Michael Tokarev diff --git a/hw/uefi/var-service-json.c b/hw/uefi/var-service-json.c index ad3462cd15..f5f1556833 100644 --- a/hw/uefi/var-service-json.c +++ b/hw/uefi/var-service-json.c @@ -172,7 +172,7 @@ static GString *uefi_vars_to_json(uefi_vars_state *uv) void uefi_vars_json_init(uefi_vars_state *uv, Error **errp) { if (uv->jsonfile) { - uv->jsonfd =3D qemu_create(uv->jsonfile, O_RDWR, 0666, errp); + uv->jsonfd =3D qemu_create(uv->jsonfile, O_RDWR | O_BINARY, 0666, = errp); } } =20 --=20 2.47.2