From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502455456726.3233065013816; Tue, 14 Oct 2025 21:27:35 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t53-0008VF-7k; Wed, 15 Oct 2025 00:25:41 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t51-0008V0-0H; Wed, 15 Oct 2025 00:25:39 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t4y-0002fS-3B; Wed, 15 Oct 2025 00:25:38 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id BF3E615D9C6; Wed, 15 Oct 2025 07:24:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 5E98C29FE6F; Wed, 15 Oct 2025 07:25:20 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Damien Bergamini , Clement Mathieu--Drif , Akihiko Odaki , "Michael S. Tsirkin" , Michael Tokarev Subject: [Stable-10.1.2 01/11] pcie_sriov: Fix broken MMIO accesses from SR-IOV VFs Date: Wed, 15 Oct 2025 07:25:05 +0300 Message-ID: <20251015042520.68556-1-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502459766154100 Content-Type: text/plain; charset="utf-8" From: Damien Bergamini Starting with commit cab1398a60eb, SR-IOV VFs are realized as soon as pcie_sriov_pf_init() is called. Because pcie_sriov_pf_init() must be called before pcie_sriov_pf_init_vf_bar(), the VF BARs types won't be known when the VF realize function calls pcie_sriov_vf_register_bar(). This breaks the memory regions of the VFs (for instance with igbvf): $ lspci ... Region 0: Memory at 281a00000 (64-bit, prefetchable) [virtual] [size=3D= 16K] Region 3: Memory at 281a20000 (64-bit, prefetchable) [virtual] [size=3D= 16K] $ info mtree ... address-space: pci_bridge_pci_mem 0000000000000000-ffffffffffffffff (prio 0, i/o): pci_bridge_pci 0000000081a00000-0000000081a03fff (prio 1, i/o): igbvf-mmio 0000000081a20000-0000000081a23fff (prio 1, i/o): igbvf-msix and causes MMIO accesses to fail: Invalid write at addr 0x281A01520, size 4, region '(null)', reason: rej= ected Invalid read at addr 0x281A00C40, size 4, region '(null)', reason: reje= cted To fix this, VF BARs are now registered with pci_register_bar() which has a type parameter and pcie_sriov_vf_register_bar() is removed. Fixes: cab1398a60eb ("pcie_sriov: Reuse SR-IOV VF device instances") Signed-off-by: Damien Bergamini Signed-off-by: Clement Mathieu--Drif Reviewed-by: Akihiko Odaki Reviewed-by: Michael S. Tsirkin Message-ID: <20250901151314.1038020-1-clement.mathieu--drif@eviden.com> Signed-off-by: Michael S. Tsirkin (cherry picked from commit 2e54e5fda779a7ba45578884276dca62462f7a06) Signed-off-by: Michael Tokarev diff --git a/docs/pcie_sriov.txt b/docs/pcie_sriov.txt index ab2142807f..00d7bd93fd 100644 --- a/docs/pcie_sriov.txt +++ b/docs/pcie_sriov.txt @@ -72,8 +72,7 @@ setting up a BAR for a VF. 2) Similarly in the implementation of the virtual function, you need to make it a PCI Express device and add a similar set of capabilities except for the SR/IOV capability. Then you need to set up the VF BARs as - subregions of the PFs SR/IOV VF BARs by calling - pcie_sriov_vf_register_bar() instead of the normal pci_register_bar() c= all: + subregions of the PFs SR/IOV VF BARs by calling pci_register_bar(): =20 pci_your_vf_dev_realize( ... ) { @@ -83,7 +82,7 @@ setting up a BAR for a VF. pcie_ari_init(d, 0x100); ... memory_region_init(mr, ... ) - pcie_sriov_vf_register_bar(d, bar_nr, mr); + pci_register_bar(d, bar_nr, bar_type, mr); ... } =20 diff --git a/hw/net/igbvf.c b/hw/net/igbvf.c index 31d72c4977..9b0db8f841 100644 --- a/hw/net/igbvf.c +++ b/hw/net/igbvf.c @@ -251,10 +251,12 @@ static void igbvf_pci_realize(PCIDevice *dev, Error *= *errp) =20 memory_region_init_io(&s->mmio, OBJECT(dev), &mmio_ops, s, "igbvf-mmio= ", IGBVF_MMIO_SIZE); - pcie_sriov_vf_register_bar(dev, IGBVF_MMIO_BAR_IDX, &s->mmio); + pci_register_bar(dev, IGBVF_MMIO_BAR_IDX, PCI_BASE_ADDRESS_MEM_TYPE_64= | + PCI_BASE_ADDRESS_MEM_PREFETCH, &s->mmio); =20 memory_region_init(&s->msix, OBJECT(dev), "igbvf-msix", IGBVF_MSIX_SIZ= E); - pcie_sriov_vf_register_bar(dev, IGBVF_MSIX_BAR_IDX, &s->msix); + pci_register_bar(dev, IGBVF_MSIX_BAR_IDX, PCI_BASE_ADDRESS_MEM_TYPE_64= | + PCI_BASE_ADDRESS_MEM_PREFETCH, &s->msix); =20 ret =3D msix_init(dev, IGBVF_MSIX_VEC_NUM, &s->msix, IGBVF_MSIX_BAR_ID= X, 0, &s->msix, IGBVF_MSIX_BAR_IDX, 0x2000, 0x70, errp); diff --git a/hw/nvme/ctrl.c b/hw/nvme/ctrl.c index f5ee6bf260..cd81f73997 100644 --- a/hw/nvme/ctrl.c +++ b/hw/nvme/ctrl.c @@ -8708,12 +8708,8 @@ static bool nvme_init_pci(NvmeCtrl *n, PCIDevice *pc= i_dev, Error **errp) msix_table_offset); memory_region_add_subregion(&n->bar0, 0, &n->iomem); =20 - if (pci_is_vf(pci_dev)) { - pcie_sriov_vf_register_bar(pci_dev, 0, &n->bar0); - } else { - pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY | - PCI_BASE_ADDRESS_MEM_TYPE_64, &n->bar0); - } + pci_register_bar(pci_dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY | + PCI_BASE_ADDRESS_MEM_TYPE_64, &n->bar0); =20 ret =3D msix_init(pci_dev, nr_vectors, &n->bar0, 0, msix_table_offset, diff --git a/hw/pci/pci.c b/hw/pci/pci.c index c70b5ceeba..4fe2626f9e 100644 --- a/hw/pci/pci.c +++ b/hw/pci/pci.c @@ -1490,9 +1490,6 @@ void pci_register_bar(PCIDevice *pci_dev, int region_= num, : pci_get_bus(pci_dev)->address_space_mem; =20 if (pci_is_vf(pci_dev)) { - PCIDevice *pf =3D pci_dev->exp.sriov_vf.pf; - assert(!pf || type =3D=3D pf->exp.sriov_pf.vf_bar_type[region_num]= ); - r->addr =3D pci_bar_address(pci_dev, region_num, r->type, r->size); if (r->addr !=3D PCI_BAR_UNMAPPED) { memory_region_add_subregion_overlap(r->address_space, diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c index 8a4bf0d6f7..29474d749a 100644 --- a/hw/pci/pcie_sriov.c +++ b/hw/pci/pcie_sriov.c @@ -242,17 +242,6 @@ void pcie_sriov_pf_init_vf_bar(PCIDevice *dev, int reg= ion_num, dev->exp.sriov_pf.vf_bar_type[region_num] =3D type; } =20 -void pcie_sriov_vf_register_bar(PCIDevice *dev, int region_num, - MemoryRegion *memory) -{ - uint8_t type; - - assert(dev->exp.sriov_vf.pf); - type =3D dev->exp.sriov_vf.pf->exp.sriov_pf.vf_bar_type[region_num]; - - return pci_register_bar(dev, region_num, type, memory); -} - static gint compare_vf_devfns(gconstpointer a, gconstpointer b) { return (*(PCIDevice **)a)->devfn - (*(PCIDevice **)b)->devfn; diff --git a/include/hw/pci/pcie_sriov.h b/include/hw/pci/pcie_sriov.h index aeaa38cf34..b0ea6a62c7 100644 --- a/include/hw/pci/pcie_sriov.h +++ b/include/hw/pci/pcie_sriov.h @@ -37,10 +37,6 @@ void pcie_sriov_pf_exit(PCIDevice *dev); void pcie_sriov_pf_init_vf_bar(PCIDevice *dev, int region_num, uint8_t type, dma_addr_t size); =20 -/* Instantiate a bar for a VF */ -void pcie_sriov_vf_register_bar(PCIDevice *dev, int region_num, - MemoryRegion *memory); - /** * pcie_sriov_pf_init_from_user_created_vfs() - Initialize PF with user-cr= eated * VFs, adding ARI to PF --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502433648480.59615840409947; Tue, 14 Oct 2025 21:27:13 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5B-00005H-4z; Wed, 15 Oct 2025 00:25:49 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t59-000055-74; Wed, 15 Oct 2025 00:25:47 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t52-0002jD-VX; Wed, 15 Oct 2025 00:25:46 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id D6F9615D9C7; Wed, 15 Oct 2025 07:24:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 720D529FE70; Wed, 15 Oct 2025 07:25:20 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, ShengYi Hung , Michael Tokarev Subject: [Stable-10.1.2 02/11] hid: fix incorrect return value for hid Date: Wed, 15 Oct 2025 07:25:06 +0300 Message-ID: <20251015042520.68556-2-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502442780158500 Content-Type: text/plain; charset="utf-8" From: ShengYi Hung The return value of hid_keyboard_write is used to set the packet's actual_l= ength and pass to xhci directly to allow guest know how many byte actually proces= sed. Therefore, return 1 to indicate a successful transfer or it will be considered as a wrong xfer. Signed-off-by: ShengYi Hung Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev (cherry picked from commit 1c0f5142d921525f1023152eac63d2ff3d33e3b2) Signed-off-by: Michael Tokarev diff --git a/hw/input/hid.c b/hw/input/hid.c index 76bedc1844..de24cd0ef0 100644 --- a/hw/input/hid.c +++ b/hw/input/hid.c @@ -478,6 +478,7 @@ int hid_keyboard_write(HIDState *hs, uint8_t *buf, int = len) ledstate |=3D QEMU_CAPS_LOCK_LED; } kbd_put_ledstate(ledstate); + return 1; } return 0; } --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502432631326.1103737793279; Tue, 14 Oct 2025 21:27:12 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5F-00006n-9v; Wed, 15 Oct 2025 00:25:53 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5B-00005L-Bi; Wed, 15 Oct 2025 00:25:49 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t54-0002jN-Cb; Wed, 15 Oct 2025 00:25:49 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id E7A4315D9C8; Wed, 15 Oct 2025 07:24:58 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 8A00629FE71; Wed, 15 Oct 2025 07:25:20 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, nanliu , Thomas Huth , Michael Tokarev Subject: [Stable-10.1.2 03/11] docs/devel: Correct uefi-vars-x64 device name Date: Wed, 15 Oct 2025 07:25:07 +0300 Message-ID: <20251015042520.68556-3-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502442545154100 Content-Type: text/plain; charset="utf-8" From: nanliu The documentation for UEFI variable storage in uefi-vars.rst incorrectly listed the device name as `uefi-vars-x86`. The correct device name as implemented in the source code is `uefi-vars-x64`. This commit updates the documentation to use the correct name, aligning it with the implementation. Signed-off-by: Nana Liu Reviewed-by: Thomas Huth Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev (cherry picked from commit f65918497cc6b9034ce8f81a4df1d6407e110367) Signed-off-by: Michael Tokarev diff --git a/docs/devel/uefi-vars.rst b/docs/devel/uefi-vars.rst index 0151a26a0a..b4013b5d12 100644 --- a/docs/devel/uefi-vars.rst +++ b/docs/devel/uefi-vars.rst @@ -34,7 +34,7 @@ configures the shared buffer location and size, and traps= to the host to process the requests. =20 The ``uefi-vars`` device implements the UEFI virtual device. It comes -in ``uefi-vars-x86`` and ``uefi-vars-sysbus`` flavours. The device +in ``uefi-vars-x64`` and ``uefi-vars-sysbus`` flavours. The device reimplements the handlers needed, specifically ``EfiSmmVariableProtocol`` and ``VarCheckPolicyLibMmiHandler``. It also consumes events (``EfiEndOfDxeEventGroup``, @@ -57,7 +57,7 @@ usage on x86_64 .. code:: =20 qemu-system-x86_64 \ - -device uefi-vars-x86,jsonfile=3D/path/to/vars.json + -device uefi-vars-x64,jsonfile=3D/path/to/vars.json =20 usage on aarch64 ---------------- --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502677457740.7799778170576; Tue, 14 Oct 2025 21:31:17 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5K-00008g-Uq; Wed, 15 Oct 2025 00:25:59 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5J-000089-8i; Wed, 15 Oct 2025 00:25:57 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5B-0002kA-JX; Wed, 15 Oct 2025 00:25:57 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 08FB015D9C9; Wed, 15 Oct 2025 07:24:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 9B55329FE72; Wed, 15 Oct 2025 07:25:20 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Stefan Hajnoczi , Akihiko Odaki , "Michael S. Tsirkin" , Qing Wang , Michael Tokarev Subject: [Stable-10.1.2 04/11] pcie_sriov: make pcie_sriov_pf_exit() safe on non-SR-IOV devices Date: Wed, 15 Oct 2025 07:25:08 +0300 Message-ID: <20251015042520.68556-4-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502679457158500 Content-Type: text/plain; charset="utf-8" From: Stefan Hajnoczi Commit 3f9cfaa92c96 ("virtio-pci: Implement SR-IOV PF") added an unconditional call from virtio_pci_exit() to pcie_sriov_pf_exit(). pcie_sriov_pf_exit() reads from the SR-IOV Capability in Configuration Space: uint8_t *cfg =3D dev->config + dev->exp.sriov_cap; ... unparent_vfs(dev, pci_get_word(cfg + PCI_SRIOV_TOTAL_VF)); ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ This results in undefined behavior when dev->exp.sriov_cap is 0 because this is not an SR-IOV device. For example, unparent_vfs() segfaults when total_vfs happens to be non-zero. Fix this by returning early from pcie_sriov_pf_exit() when dev->exp.sriov_cap is 0 because this is not an SR-IOV device. Cc: Akihiko Odaki Cc: Michael S. Tsirkin Reported-by: Qing Wang Buglink: https://issues.redhat.com/browse/RHEL-116443 Signed-off-by: Stefan Hajnoczi Reviewed-by: Akihiko Odaki Fixes: cab1398a60eb ("pcie_sriov: Reuse SR-IOV VF device instances") Reviewed-by: Michael S. Tsirkin Message-ID: <20250924155153.579495-1-stefanha@redhat.com> Signed-off-by: Michael S. Tsirkin (cherry picked from commit bab681f752048c3bc22d561b1d314c7ec16419c9) Signed-off-by: Michael Tokarev diff --git a/hw/pci/pcie_sriov.c b/hw/pci/pcie_sriov.c index 29474d749a..c4f88f0975 100644 --- a/hw/pci/pcie_sriov.c +++ b/hw/pci/pcie_sriov.c @@ -195,7 +195,9 @@ bool pcie_sriov_pf_init(PCIDevice *dev, uint16_t offset, =20 void pcie_sriov_pf_exit(PCIDevice *dev) { - uint8_t *cfg =3D dev->config + dev->exp.sriov_cap; + if (dev->exp.sriov_cap =3D=3D 0) { + return; + } =20 if (dev->exp.sriov_pf.vf_user_created) { uint16_t ven_id =3D pci_get_word(dev->config + PCI_VENDOR_ID); @@ -211,6 +213,8 @@ void pcie_sriov_pf_exit(PCIDevice *dev) pci_config_set_device_id(dev->exp.sriov_pf.vf[i]->config, vf_d= ev_id); } } else { + uint8_t *cfg =3D dev->config + dev->exp.sriov_cap; + unparent_vfs(dev, pci_get_word(cfg + PCI_SRIOV_TOTAL_VF)); } } --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 176050243263323.208143906936698; Tue, 14 Oct 2025 21:27:12 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5N-00009o-Jv; Wed, 15 Oct 2025 00:26:01 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5J-00008K-F7; Wed, 15 Oct 2025 00:25:57 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5D-0002kr-Ek; Wed, 15 Oct 2025 00:25:57 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 1BAE915D9CA; Wed, 15 Oct 2025 07:24:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id B0ADE29FE73; Wed, 15 Oct 2025 07:25:20 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Peter Maydell , =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= , Richard Henderson , Michael Tokarev Subject: [Stable-10.1.2 05/11] target/arm: Don't set HCR.RW for AArch32 only CPUs Date: Wed, 15 Oct 2025 07:25:09 +0300 Message-ID: <20251015042520.68556-5-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, T_SPF_TEMPERROR=0.01 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502442461154100 From: Peter Maydell In commit 39ec3fc0301 we fixed a bug where we were not implementing HCR_EL2.RW as RAO/WI for CPUs where EL1 doesn't support AArch32. However, we got the condition wrong, so we now set this bit even on CPUs which have no AArch64 support at all. This is wrong because the AArch32 HCR register defines this bit as RES0. Correct the condition we use for forcing HCR_RW to be set. Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3128 Fixes: 39ec3fc0301 ("target/arm: HCR_EL2.RW should be RAO/WI if EL1 doesn't= support AArch32") Signed-off-by: Peter Maydell Reviewed-by: Philippe Mathieu-Daud=C3=A9 Reviewed-by: Richard Henderson Message-id: 20250925115723.1293233-1-peter.maydell@linaro.org (cherry picked from commit a23e719ca8e80d22eafe4b2b57833918d439fa0c) Signed-off-by: Michael Tokarev diff --git a/target/arm/helper.c b/target/arm/helper.c index 0c1299ff84..e2ef4ea2cc 100644 --- a/target/arm/helper.c +++ b/target/arm/helper.c @@ -3728,7 +3728,8 @@ static void do_hcr_write(CPUARMState *env, uint64_t v= alue, uint64_t valid_mask) value &=3D valid_mask; =20 /* RW is RAO/WI if EL1 is AArch64 only */ - if (!cpu_isar_feature(aa64_aa32_el1, cpu)) { + if (arm_feature(env, ARM_FEATURE_AARCH64) && + !cpu_isar_feature(aa64_aa32_el1, cpu)) { value |=3D HCR_RW; } =20 --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502452285804.9931298749212; Tue, 14 Oct 2025 21:27:32 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5R-0000Al-NZ; Wed, 15 Oct 2025 00:26:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5P-0000AG-NS; Wed, 15 Oct 2025 00:26:03 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5L-0002mM-F4; Wed, 15 Oct 2025 00:26:03 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 35FC815D9CB; Wed, 15 Oct 2025 07:24:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id C318F29FE74; Wed, 15 Oct 2025 07:25:20 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Jim Shu , Alistair Francis , Michael Tokarev Subject: [Stable-10.1.2 06/11] target/riscv: Fix the mepc when sspopchk triggers the exception Date: Wed, 15 Oct 2025 07:25:10 +0300 Message-ID: <20251015042520.68556-6-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502452415158500 Content-Type: text/plain; charset="utf-8" From: Jim Shu When sspopchk is in the middle of TB and triggers the SW check exception, it should update PC from gen_update_pc(). If not, RISC-V mepc CSR will get wrong PC address which is still at the start of TB. Signed-off-by: Jim Shu Reviewed-by: Alistair Francis Message-ID: <20250924074818.230010-2-jim.shu@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit c851052a77fd79300708df2070297b5428b4be8d) Signed-off-by: Michael Tokarev diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc b/target/riscv/i= nsn_trans/trans_rvzicfiss.c.inc index b0096adcd0..45686af4d6 100644 --- a/target/riscv/insn_trans/trans_rvzicfiss.c.inc +++ b/target/riscv/insn_trans/trans_rvzicfiss.c.inc @@ -40,6 +40,7 @@ static bool trans_sspopchk(DisasContext *ctx, arg_sspopch= k *a) tcg_gen_brcond_tl(TCG_COND_EQ, data, rs1, skip); tcg_gen_st_tl(tcg_constant_tl(RISCV_EXCP_SW_CHECK_BCFI_TVAL), tcg_env, offsetof(CPURISCVState, sw_check_code)); + gen_update_pc(ctx, 0); gen_helper_raise_exception(tcg_env, tcg_constant_i32(RISCV_EXCP_SW_CHECK)); gen_set_label(skip); --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502436047670.4344543310806; Tue, 14 Oct 2025 21:27:16 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5R-0000Ah-7h; Wed, 15 Oct 2025 00:26:05 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5P-0000AN-W1; Wed, 15 Oct 2025 00:26:04 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5L-0002mS-FP; Wed, 15 Oct 2025 00:26:03 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 4FF4115D9CC; Wed, 15 Oct 2025 07:24:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id DCEF429FE75; Wed, 15 Oct 2025 07:25:20 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Jim Shu , Alistair Francis , Michael Tokarev Subject: [Stable-10.1.2 07/11] target/riscv: Fix SSP CSR error handling in VU/VS mode Date: Wed, 15 Oct 2025 07:25:11 +0300 Message-ID: <20251015042520.68556-7-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502442782158500 Content-Type: text/plain; charset="utf-8" From: Jim Shu In VU/VS mode, accessing $ssp CSR will trigger the virtual instruction exception instead of illegal instruction exception if SSE is disabled via xenvcfg CSRs. This is from RISC-V CFI v1.0 spec ch2.2.4. Shadow Stack Pointer Signed-off-by: Jim Shu Reviewed-by: Alistair Francis Message-ID: <20250924074818.230010-3-jim.shu@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 84c1605b7606d810ded4c1c3a2717f158dc89e3f) Signed-off-by: Michael Tokarev diff --git a/target/riscv/csr.c b/target/riscv/csr.c index 5824928d95..94d15c9241 100644 --- a/target/riscv/csr.c +++ b/target/riscv/csr.c @@ -204,6 +204,8 @@ static RISCVException cfi_ss(CPURISCVState *env, int cs= rno) #if !defined(CONFIG_USER_ONLY) if (env->debugger) { return RISCV_EXCP_NONE; + } else if (env->virt_enabled) { + return RISCV_EXCP_VIRT_INSTRUCTION_FAULT; } #endif return RISCV_EXCP_ILLEGAL_INST; --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502564260860.7673081245459; Tue, 14 Oct 2025 21:29:24 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5c-0000Gs-HH; Wed, 15 Oct 2025 00:26:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5Z-0000Ex-8b; Wed, 15 Oct 2025 00:26:13 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5R-0002nZ-Nh; Wed, 15 Oct 2025 00:26:12 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 5F04B15D9CD; Wed, 15 Oct 2025 07:24:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 0307329FE76; Wed, 15 Oct 2025 07:25:21 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Jim Shu , Alistair Francis , Michael Tokarev Subject: [Stable-10.1.2 08/11] target/riscv: Fix ssamoswap error handling Date: Wed, 15 Oct 2025 07:25:12 +0300 Message-ID: <20251015042520.68556-8-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502567951158500 Content-Type: text/plain; charset="utf-8" From: Jim Shu Follow the RISC-V CFI v1.0 spec [1] to fix the exception type when ssamoswap is disabled by xSSE. [1] RISC-V CFI spec v1.0, ch2.7 Atomic Swap from a Shadow Stack Location Signed-off-by: Jim Shu Reviewed-by: Alistair Francis Message-ID: <20250924074818.230010-4-jim.shu@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 0b16c7b6a854d461cdfd418769b51d58e43dd92a) Signed-off-by: Michael Tokarev diff --git a/target/riscv/helper.h b/target/riscv/helper.h index f712b1c368..c82bacdc39 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -1284,3 +1284,8 @@ DEF_HELPER_4(vgmul_vv, void, ptr, ptr, env, i32) DEF_HELPER_5(vsm4k_vi, void, ptr, ptr, i32, env, i32) DEF_HELPER_4(vsm4r_vv, void, ptr, ptr, env, i32) DEF_HELPER_4(vsm4r_vs, void, ptr, ptr, env, i32) + +/* CFI (zicfiss) helpers */ +#ifndef CONFIG_USER_ONLY +DEF_HELPER_1(ssamoswap_disabled, void, env) +#endif diff --git a/target/riscv/insn_trans/trans_rvzicfiss.c.inc b/target/riscv/i= nsn_trans/trans_rvzicfiss.c.inc index 45686af4d6..f4a1c12ca0 100644 --- a/target/riscv/insn_trans/trans_rvzicfiss.c.inc +++ b/target/riscv/insn_trans/trans_rvzicfiss.c.inc @@ -91,7 +91,11 @@ static bool trans_ssamoswap_w(DisasContext *ctx, arg_amo= swap_w *a) } =20 if (!ctx->bcfi_enabled) { +#ifndef CONFIG_USER_ONLY + gen_helper_ssamoswap_disabled(tcg_env); +#else return false; +#endif } =20 TCGv dest =3D dest_gpr(ctx, a->rd); @@ -116,7 +120,11 @@ static bool trans_ssamoswap_d(DisasContext *ctx, arg_a= moswap_w *a) } =20 if (!ctx->bcfi_enabled) { +#ifndef CONFIG_USER_ONLY + gen_helper_ssamoswap_disabled(tcg_env); +#else return false; +#endif } =20 TCGv dest =3D dest_gpr(ctx, a->rd); diff --git a/target/riscv/op_helper.c b/target/riscv/op_helper.c index 110292e84d..8382aa94cb 100644 --- a/target/riscv/op_helper.c +++ b/target/riscv/op_helper.c @@ -717,4 +717,53 @@ target_ulong helper_hyp_hlvx_wu(CPURISCVState *env, ta= rget_ulong addr) return cpu_ldl_code_mmu(env, addr, oi, ra); } =20 +void helper_ssamoswap_disabled(CPURISCVState *env) +{ + int exception =3D RISCV_EXCP_ILLEGAL_INST; + + /* + * Here we follow the RISC-V CFI spec [1] to implement the exception t= ype + * of ssamoswap* instruction. + * + * [1] RISC-V CFI spec v1.0, ch2.7 Atomic Swap from a Shadow Stack Loc= ation + * + * Note: We have already checked some conditions in trans_* functions: + * 1. The effective priv mode is not M-mode. + * 2. The xSSE specific to the effictive priv mode is disabled. + */ + if (!get_field(env->menvcfg, MENVCFG_SSE)) { + /* + * Disabled M-mode SSE always trigger illegal instruction when + * current priv mode is not M-mode. + */ + exception =3D RISCV_EXCP_ILLEGAL_INST; + goto done; + } + + if (!riscv_has_ext(env, RVS)) { + /* S-mode is not implemented */ + exception =3D RISCV_EXCP_ILLEGAL_INST; + goto done; + } else if (env->virt_enabled) { + /* + * VU/VS-mode with disabled xSSE will trigger the virtual instruct= ion + * exception. + */ + exception =3D RISCV_EXCP_VIRT_INSTRUCTION_FAULT; + goto done; + } else { + /* + * U-mode with disabled S-mode SSE will trigger the illegal instru= ction + * exception. + * + * Note: S-mode is already handled in the disabled M-mode SSE case. + */ + exception =3D RISCV_EXCP_ILLEGAL_INST; + goto done; + } + +done: + riscv_raise_exception(env, exception, GETPC()); +} + #endif /* !CONFIG_USER_ONLY */ --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502784230351.36940379057773; Tue, 14 Oct 2025 21:33:04 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5b-0000FN-31; Wed, 15 Oct 2025 00:26:15 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5Y-0000Db-DA; Wed, 15 Oct 2025 00:26:12 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5S-0002nk-CI; Wed, 15 Oct 2025 00:26:12 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 6D1D215D9CE; Wed, 15 Oct 2025 07:24:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 111E429FE77; Wed, 15 Oct 2025 07:25:21 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Max Chou , Alistair Francis , Michael Tokarev Subject: [Stable-10.1.2 09/11] target/riscv: rvv: Fix vslide1[up|down].vx unexpected result when XLEN=32 and SEW=64 Date: Wed, 15 Oct 2025 07:25:13 +0300 Message-ID: <20251015042520.68556-9-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502786295158500 Content-Type: text/plain; charset="utf-8" From: Max Chou When XLEN is 32 and SEW is 64, the original implementation of vslide1up.vx and vslide1down.vx helper functions fills the 32-bit value of rs1 into the first element of the destination vector register (rd), which is a 64-bit element. This commit attempted to resolve the issue by extending the rs1 value to 64 bits during the TCG translation phase to ensure that the helper functions won't lost the higer 32 bits. Signed-off-by: Max Chou Acked-by: Alistair Francis Message-ID: <20250124073325.2467664-1-max.chou@sifive.com> Signed-off-by: Alistair Francis (cherry picked from commit 81d1885dcc4424fec6761120f6e251eb3408fb8e) Signed-off-by: Michael Tokarev diff --git a/target/riscv/helper.h b/target/riscv/helper.h index c82bacdc39..b785456ee0 100644 --- a/target/riscv/helper.h +++ b/target/riscv/helper.h @@ -1101,14 +1101,14 @@ DEF_HELPER_6(vslidedown_vx_b, void, ptr, ptr, tl, p= tr, env, i32) DEF_HELPER_6(vslidedown_vx_h, void, ptr, ptr, tl, ptr, env, i32) DEF_HELPER_6(vslidedown_vx_w, void, ptr, ptr, tl, ptr, env, i32) DEF_HELPER_6(vslidedown_vx_d, void, ptr, ptr, tl, ptr, env, i32) -DEF_HELPER_6(vslide1up_vx_b, void, ptr, ptr, tl, ptr, env, i32) -DEF_HELPER_6(vslide1up_vx_h, void, ptr, ptr, tl, ptr, env, i32) -DEF_HELPER_6(vslide1up_vx_w, void, ptr, ptr, tl, ptr, env, i32) -DEF_HELPER_6(vslide1up_vx_d, void, ptr, ptr, tl, ptr, env, i32) -DEF_HELPER_6(vslide1down_vx_b, void, ptr, ptr, tl, ptr, env, i32) -DEF_HELPER_6(vslide1down_vx_h, void, ptr, ptr, tl, ptr, env, i32) -DEF_HELPER_6(vslide1down_vx_w, void, ptr, ptr, tl, ptr, env, i32) -DEF_HELPER_6(vslide1down_vx_d, void, ptr, ptr, tl, ptr, env, i32) +DEF_HELPER_6(vslide1up_vx_b, void, ptr, ptr, i64, ptr, env, i32) +DEF_HELPER_6(vslide1up_vx_h, void, ptr, ptr, i64, ptr, env, i32) +DEF_HELPER_6(vslide1up_vx_w, void, ptr, ptr, i64, ptr, env, i32) +DEF_HELPER_6(vslide1up_vx_d, void, ptr, ptr, i64, ptr, env, i32) +DEF_HELPER_6(vslide1down_vx_b, void, ptr, ptr, i64, ptr, env, i32) +DEF_HELPER_6(vslide1down_vx_h, void, ptr, ptr, i64, ptr, env, i32) +DEF_HELPER_6(vslide1down_vx_w, void, ptr, ptr, i64, ptr, env, i32) +DEF_HELPER_6(vslide1down_vx_d, void, ptr, ptr, i64, ptr, env, i32) =20 DEF_HELPER_6(vfslide1up_vf_h, void, ptr, ptr, i64, ptr, env, i32) DEF_HELPER_6(vfslide1up_vf_w, void, ptr, ptr, i64, ptr, env, i32) diff --git a/target/riscv/insn_trans/trans_rvv.c.inc b/target/riscv/insn_tr= ans/trans_rvv.c.inc index 71f98fb350..f4b5460340 100644 --- a/target/riscv/insn_trans/trans_rvv.c.inc +++ b/target/riscv/insn_trans/trans_rvv.c.inc @@ -3561,7 +3561,6 @@ static bool slideup_check(DisasContext *s, arg_rmrr *= a) } =20 GEN_OPIVX_TRANS(vslideup_vx, slideup_check) -GEN_OPIVX_TRANS(vslide1up_vx, slideup_check) GEN_OPIVI_TRANS(vslideup_vi, IMM_ZX, vslideup_vx, slideup_check) =20 static bool slidedown_check(DisasContext *s, arg_rmrr *a) @@ -3572,9 +3571,56 @@ static bool slidedown_check(DisasContext *s, arg_rmr= r *a) } =20 GEN_OPIVX_TRANS(vslidedown_vx, slidedown_check) -GEN_OPIVX_TRANS(vslide1down_vx, slidedown_check) GEN_OPIVI_TRANS(vslidedown_vi, IMM_ZX, vslidedown_vx, slidedown_check) =20 +typedef void gen_helper_vslide1_vx(TCGv_ptr, TCGv_ptr, TCGv_i64, TCGv_ptr, + TCGv_env, TCGv_i32); + +#define GEN_OPIVX_VSLIDE1_TRANS(NAME, CHECK) \ +static bool trans_##NAME(DisasContext *s, arg_rmrr *a) \ +{ \ + if (CHECK(s, a)) { \ + static gen_helper_vslide1_vx * const fns[4] =3D { \ + gen_helper_##NAME##_b, gen_helper_##NAME##_h, \ + gen_helper_##NAME##_w, gen_helper_##NAME##_d, \ + }; \ + \ + TCGv_ptr dest, src2, mask; \ + TCGv_i64 src1; \ + TCGv_i32 desc; \ + uint32_t data =3D 0; \ + \ + dest =3D tcg_temp_new_ptr(); \ + mask =3D tcg_temp_new_ptr(); \ + src2 =3D tcg_temp_new_ptr(); \ + src1 =3D tcg_temp_new_i64(); \ + \ + data =3D FIELD_DP32(data, VDATA, VM, a->vm); \ + data =3D FIELD_DP32(data, VDATA, LMUL, s->lmul); \ + data =3D FIELD_DP32(data, VDATA, VTA, s->vta); \ + data =3D FIELD_DP32(data, VDATA, VTA_ALL_1S, s->cfg_vta_all_1s); \ + data =3D FIELD_DP32(data, VDATA, VMA, s->vma); \ + desc =3D tcg_constant_i32(simd_desc(s->cfg_ptr->vlenb, \ + s->cfg_ptr->vlenb, data)); \ + \ + tcg_gen_addi_ptr(dest, tcg_env, vreg_ofs(s, a->rd)); \ + tcg_gen_addi_ptr(src2, tcg_env, vreg_ofs(s, a->rs2)); \ + tcg_gen_addi_ptr(mask, tcg_env, vreg_ofs(s, 0)); \ + tcg_gen_ext_tl_i64(src1, get_gpr(s, a->rs1, EXT_SIGN)); \ + \ + fns[s->sew](dest, mask, src1, src2, tcg_env, desc); \ + \ + tcg_gen_movi_tl(cpu_vstart, 0); \ + finalize_rvv_inst(s); \ + \ + return true; \ + } \ + return false; \ +} + +GEN_OPIVX_VSLIDE1_TRANS(vslide1up_vx, slideup_check) +GEN_OPIVX_VSLIDE1_TRANS(vslide1down_vx, slidedown_check) + /* Vector Floating-Point Slide Instructions */ static bool fslideup_check(DisasContext *s, arg_rmrr *a) { diff --git a/target/riscv/vector_helper.c b/target/riscv/vector_helper.c index 7c67d67a13..41ea223106 100644 --- a/target/riscv/vector_helper.c +++ b/target/riscv/vector_helper.c @@ -5198,11 +5198,11 @@ GEN_VEXT_VSLIE1UP(16, H2) GEN_VEXT_VSLIE1UP(32, H4) GEN_VEXT_VSLIE1UP(64, H8) =20 -#define GEN_VEXT_VSLIDE1UP_VX(NAME, BITWIDTH) \ -void HELPER(NAME)(void *vd, void *v0, target_ulong s1, void *vs2, \ - CPURISCVState *env, uint32_t desc) \ -{ \ - vslide1up_##BITWIDTH(vd, v0, s1, vs2, env, desc); \ +#define GEN_VEXT_VSLIDE1UP_VX(NAME, BITWIDTH) \ +void HELPER(NAME)(void *vd, void *v0, uint64_t s1, void *vs2, \ + CPURISCVState *env, uint32_t desc) \ +{ \ + vslide1up_##BITWIDTH(vd, v0, s1, vs2, env, desc); \ } =20 /* vslide1up.vx vd, vs2, rs1, vm # vd[0]=3Dx[rs1], vd[i+1] =3D vs2[i] */ @@ -5249,11 +5249,11 @@ GEN_VEXT_VSLIDE1DOWN(16, H2) GEN_VEXT_VSLIDE1DOWN(32, H4) GEN_VEXT_VSLIDE1DOWN(64, H8) =20 -#define GEN_VEXT_VSLIDE1DOWN_VX(NAME, BITWIDTH) \ -void HELPER(NAME)(void *vd, void *v0, target_ulong s1, void *vs2, \ - CPURISCVState *env, uint32_t desc) \ -{ \ - vslide1down_##BITWIDTH(vd, v0, s1, vs2, env, desc); \ +#define GEN_VEXT_VSLIDE1DOWN_VX(NAME, BITWIDTH) \ +void HELPER(NAME)(void *vd, void *v0, uint64_t s1, void *vs2, \ + CPURISCVState *env, uint32_t desc) \ +{ \ + vslide1down_##BITWIDTH(vd, v0, s1, vs2, env, desc); \ } =20 /* vslide1down.vx vd, vs2, rs1, vm # vd[i] =3D vs2[i+1], vd[vl-1]=3Dx[rs1]= */ --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502688063220.0048133930219; Tue, 14 Oct 2025 21:31:28 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5i-0000MV-LO; Wed, 15 Oct 2025 00:26:23 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5g-0000K1-En; Wed, 15 Oct 2025 00:26:20 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5b-0002pp-QX; Wed, 15 Oct 2025 00:26:20 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 7C10115D9CF; Wed, 15 Oct 2025 07:24:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 1FAF829FE78; Wed, 15 Oct 2025 07:25:21 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Paolo Bonzini , Hector Cao , Michael Tokarev Subject: [Stable-10.1.2 10/11] target/i386: add compatibility property for arch_capabilities Date: Wed, 15 Oct 2025 07:25:14 +0300 Message-ID: <20251015042520.68556-10-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502693258158500 Content-Type: text/plain; charset="utf-8" From: Paolo Bonzini Prior to v10.1, if requested by user, arch-capabilities is always on despite the fact that CPUID advertises it to be off/unvailable. This causes a migration issue for VMs that are run on a machine without arch-capabilities and expect this feature to be present on the destination host with QEMU 10.1. Add a compatibility property to restore the legacy behavior for all machines with version prior to 10.1. To preserve the functionality (added by 10.1) of turning off ARCH_CAPABILITIES where Windows does not like it, use directly the guest CPU vendor: x86_cpu_get_supported_feature_word is not KVM-specific and therefore should not necessarily use the host CPUID. Co-authored-by: Hector Cao Signed-off-by: Hector Cao Fixes: d3a24134e37 ("target/i386: do not expose ARCH_CAPABILITIES on AMD CP= U", 2025-07-17) Signed-off-by: Paolo Bonzini (cherry picked from commit e9efa4a77168ac2816bf9471f878252ce6224710) Signed-off-by: Michael Tokarev diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 2f58e73d33..2504365bc2 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -84,6 +84,7 @@ GlobalProperty pc_compat_10_0[] =3D { { TYPE_X86_CPU, "x-consistent-cache", "false" }, { TYPE_X86_CPU, "x-vendor-cpuid-only-v2", "false" }, + { TYPE_X86_CPU, "x-arch-cap-always-on", "true" }, }; const size_t pc_compat_10_0_len =3D G_N_ELEMENTS(pc_compat_10_0); =20 diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 6d85149e6e..fe369bb128 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -7539,6 +7539,20 @@ uint64_t x86_cpu_get_supported_feature_word(X86CPU *= cpu, FeatureWord w) #endif break; =20 + case FEAT_7_0_EDX: + /* + * Windows does not like ARCH_CAPABILITIES on AMD machines at all. + * Do not show the fake ARCH_CAPABILITIES MSR that KVM sets up, + * except if needed for migration. + * + * When arch_cap_always_on is removed, this tweak can move to + * kvm_arch_get_supported_cpuid. + */ + if (cpu && IS_AMD_CPU(&cpu->env) && !cpu->arch_cap_always_on) { + unavail =3D CPUID_7_0_EDX_ARCH_CAPABILITIES; + } + break; + default: break; } @@ -10004,6 +10018,9 @@ static const Property x86_cpu_properties[] =3D { true), DEFINE_PROP_BOOL("x-l1-cache-per-thread", X86CPU, l1_cache_per_core, t= rue), DEFINE_PROP_BOOL("x-force-cpuid-0x1f", X86CPU, force_cpuid_0x1f, false= ), + + DEFINE_PROP_BOOL("x-arch-cap-always-on", X86CPU, + arch_cap_always_on, false), }; =20 #ifndef CONFIG_USER_ONLY diff --git a/target/i386/cpu.h b/target/i386/cpu.h index e0be7a7406..414ca968e8 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -2314,6 +2314,12 @@ struct ArchCPU { /* Forcefully disable KVM PV features not exposed in guest CPUIDs */ bool kvm_pv_enforce_cpuid; =20 + /* + * Expose arch-capabilities unconditionally even on AMD models, for ba= ckwards + * compatibility with QEMU <10.1. + */ + bool arch_cap_always_on; + /* Number of physical address bits supported */ uint32_t phys_bits; =20 diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c index 5621200be0..96035c27cd 100644 --- a/target/i386/kvm/kvm.c +++ b/target/i386/kvm/kvm.c @@ -503,12 +503,8 @@ uint32_t kvm_arch_get_supported_cpuid(KVMState *s, uin= t32_t function, * Linux v4.17-v4.20 incorrectly return ARCH_CAPABILITIES on SVM h= osts. * We can detect the bug by checking if MSR_IA32_ARCH_CAPABILITIES= is * returned by KVM_GET_MSR_INDEX_LIST. - * - * But also, because Windows does not like ARCH_CAPABILITIES on AMD - * mcahines at all, do not show the fake ARCH_CAPABILITIES MSR that - * KVM sets up. */ - if (!has_msr_arch_capabs || !(edx & CPUID_7_0_EDX_ARCH_CAPABILITIE= S)) { + if (!has_msr_arch_capabs) { ret &=3D ~CPUID_7_0_EDX_ARCH_CAPABILITIES; } } else if (function =3D=3D 7 && index =3D=3D 1 && reg =3D=3D R_EAX) { --=20 2.47.3 From nobody Fri Nov 14 18:20:00 2025 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=qemu-devel-bounces+importer=patchew.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) by mx.zohomail.com with SMTPS id 1760502752150392.591653007147; Tue, 14 Oct 2025 21:32:32 -0700 (PDT) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1v8t5l-0000RL-FD; Wed, 15 Oct 2025 00:26:25 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5i-0000N3-La; Wed, 15 Oct 2025 00:26:22 -0400 Received: from isrv.corpit.ru ([212.248.84.144]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1v8t5e-0002qR-Jh; Wed, 15 Oct 2025 00:26:22 -0400 Received: from tsrv.corpit.ru (tsrv.tls.msk.ru [192.168.177.2]) by isrv.corpit.ru (Postfix) with ESMTP id 8AFBF15D9D0; Wed, 15 Oct 2025 07:24:59 +0300 (MSK) Received: from think4mjt.tls.msk.ru (mjtthink.wg.tls.msk.ru [192.168.177.146]) by tsrv.corpit.ru (Postfix) with ESMTP id 2ECE829FE79; Wed, 15 Oct 2025 07:25:21 +0300 (MSK) From: Michael Tokarev To: qemu-devel@nongnu.org Cc: qemu-stable@nongnu.org, Hector Cao , Paolo Bonzini , Michael Tokarev Subject: [Stable-10.1.2 11/11] target/i386: add compatibility property for pdcm feature Date: Wed, 15 Oct 2025 07:25:15 +0300 Message-ID: <20251015042520.68556-11-mjt@tls.msk.ru> X-Mailer: git-send-email 2.47.3 In-Reply-To: References: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Received-SPF: pass (zohomail.com: domain of gnu.org designates 209.51.188.17 as permitted sender) client-ip=209.51.188.17; envelope-from=qemu-devel-bounces+importer=patchew.org@nongnu.org; helo=lists.gnu.org; Received-SPF: pass client-ip=212.248.84.144; envelope-from=mjt@tls.msk.ru; helo=isrv.corpit.ru X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: qemu-devel-bounces+importer=patchew.org@nongnu.org Sender: qemu-devel-bounces+importer=patchew.org@nongnu.org X-ZM-MESSAGEID: 1760502754557154100 Content-Type: text/plain; charset="utf-8" From: Hector Cao The pdcm feature is supposed to be disabled when PMU is not available. Up until v10.1, pdcm feature is enabled even when PMU is off. This behavior has been fixed but this change breaks the migration of VMs that are run with QEMU < 10.0 and expect the pdcm feature to be enabled on the destination host. This commit restores the legacy behavior for machines with version prior to 10.1 to allow the migration from older QEMU to QEMU 10.1. Signed-off-by: Hector Cao Link: https://lore.kernel.org/r/20250910115733.21149-3-hector.cao@canonical= .com Fixes: e68ec298090 ("i386/cpu: Move adjustment of CPUID_EXT_PDCM before fea= ture_dependencies[] check", 2025-06-20) [Move property from migration object to CPU. - Paolo] Signed-off-by: Paolo Bonzini (cherry picked from commit 6529f31e0dccadb532c80b36e3efe7aef83f9cad) Signed-off-by: Michael Tokarev diff --git a/hw/i386/pc.c b/hw/i386/pc.c index 2504365bc2..0861e329b5 100644 --- a/hw/i386/pc.c +++ b/hw/i386/pc.c @@ -85,6 +85,7 @@ GlobalProperty pc_compat_10_0[] =3D { { TYPE_X86_CPU, "x-consistent-cache", "false" }, { TYPE_X86_CPU, "x-vendor-cpuid-only-v2", "false" }, { TYPE_X86_CPU, "x-arch-cap-always-on", "true" }, + { TYPE_X86_CPU, "x-pdcm-on-even-without-pmu", "true" }, }; const size_t pc_compat_10_0_len =3D G_N_ELEMENTS(pc_compat_10_0); =20 diff --git a/target/i386/cpu.c b/target/i386/cpu.c index fe369bb128..ab18de894e 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -7908,6 +7908,11 @@ void cpu_x86_cpuid(CPUX86State *env, uint32_t index,= uint32_t count, /* Fixup overflow: max value for bits 23-16 is 255. */ *ebx |=3D MIN(num, 255) << 16; } + if (cpu->pdcm_on_even_without_pmu) { + if (!cpu->enable_pmu) { + *ecx &=3D ~CPUID_EXT_PDCM; + } + } break; case 2: { /* cache info: needed for Pentium Pro compatibility */ const CPUCaches *caches; @@ -8958,9 +8963,11 @@ void x86_cpu_expand_features(X86CPU *cpu, Error **er= rp) } } =20 - /* PDCM is fixed1 bit for TDX */ - if (!cpu->enable_pmu && !is_tdx_vm()) { - env->features[FEAT_1_ECX] &=3D ~CPUID_EXT_PDCM; + if (!cpu->pdcm_on_even_without_pmu) { + /* PDCM is fixed1 bit for TDX */ + if (!cpu->enable_pmu && !is_tdx_vm()) { + env->features[FEAT_1_ECX] &=3D ~CPUID_EXT_PDCM; + } } =20 for (i =3D 0; i < ARRAY_SIZE(feature_dependencies); i++) { @@ -10021,6 +10028,8 @@ static const Property x86_cpu_properties[] =3D { =20 DEFINE_PROP_BOOL("x-arch-cap-always-on", X86CPU, arch_cap_always_on, false), + DEFINE_PROP_BOOL("x-pdcm-on-even-without-pmu", X86CPU, + pdcm_on_even_without_pmu, false), }; =20 #ifndef CONFIG_USER_ONLY diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 414ca968e8..42168f1d6d 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -2320,6 +2320,12 @@ struct ArchCPU { */ bool arch_cap_always_on; =20 + /* + * Backwards compatibility with QEMU <10.1. The PDCM feature is now di= sabled when + * PMU is not available, but prior to 10.1 it was enabled even if PMU = is off. + */ + bool pdcm_on_even_without_pmu; + /* Number of physical address bits supported */ uint32_t phys_bits; =20 --=20 2.47.3