| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| | |
| |
| |
| |
| |
| |
| | |
It is added already by rust.doctest.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
Reported by clippy, fix it.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| | |
These were dropped by mistake when extracting the crates.
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The version in the system might be too old for QEMU; this will be
especially true if Rust is going to be enabled by default.
Adjust the docs to suggest using pyvenv/bin/meson, which is in fact
what the "make" wrappers will be running internally.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
| |\ \
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
staging
* New functional tests to check via the vmstate-static-checker.py script
* New functional tests for CD-ROM boot on hppa
* Skip functional tests on more exotic network errors, too
* Fix another issue with htags in the gitlab CI
* Some additional minor fixes to various functional tests
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCgAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmjTkIkRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbUZCA/9Fb3bVlK108aD5ipuMLlgsXlRI+leEQC6
# h8BJgrb1GvYLlxEguHZJcSIxQN0F6TZsj31xWjpsSMNQro7tbmBcDZtj9FkCrAuG
# E99tG67A6RCTeFbqCfi19QlU9C0UOhJPPEkzZ56D+jik9NJKSG0fM0OFVEt0vBEt
# NLFrfOS6Tgc4XP6qXDXQ7v61SldZtJdDEvkMo2CkXqxu8pDz4vw8G6CSMWPfCH5v
# vkZydxLw38mkp8OtGX/tYiGn5s7/N59B29nlDkfuyOaJXjjKb+kid1XE58Y5R3Lm
# FYEuyGYgOcycH/hLiFtAFQpYYxy2yrbaHnySCP/GkMftmynz2w49hCvXca6gtcxO
# MFwzxdzDkGpPGhgANP9P3xNuZceObq6nKOdlo/tI5vG3rQp5V/n6A8T3JWIWgRHd
# 71HNPYlLf53lYLbiOPAZ9SRaPjElcnJoIF0jrplOWfz8vo1NzanPV4MMOw480uFW
# HDD77dZWrFTox1Unmv1E/TS/85h5b93dbnG9XRiUUn+k8TGtBA71kDme2KEdTZzw
# 3eNkOHUyc6RIwaSjBHWKOfXsaxa9EmS33dfg/jiJ9EpyGie30/faGhK1SiMr9HEp
# 35s4qcpFE71eZKRqXojv8XQJmc5uRCIa30MWGwl0QoU1XaLrF2NUEPECdZRNOBCO
# Jrb+UWMEIsE=
# =RTPq
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 23 Sep 2025 11:32:41 PM PDT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [unknown]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [unknown]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2025-09-24' of https://gitlab.com/thuth/qemu:
tests/functional: treat unknown exceptions as transient faults
tests/functional: retry when seeing ConnectionError exception
tests: Fix "make check-functional" for targets without thorough tests
tests/functional/hppa: Add a CD-ROM boot test for qemu-system-hppa
.gitlab-ci.d/buildtest.yml: Unset CI_COMMIT_DESCRIPTION for htags
tests/functional: use self.log for all logging
tests/functional: Use vmstate-static-checker.py to test data from v7.2
tests/data/vmstate-static-checker: Add dump files from QEMU 7.2.17
tests/functional: Test whether the vmstate-static-checker script works fine
tests: Move the old vmstate-static-checker files to tests/data/
tests/functional/s390x/test_pxelinux: Fix warnings from pylint
tests/functional/m68k: Use proper polling in the next-cube test
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
To maximise the robustness of the functional tests we want to treat most
asset download failures as non-fatal to the test suite. Instead it
should just skip the tests which need that particular asset. The only
time aim to make it fatal is for 404 errors which are highly likely to
reflect genuine problems to be fixed.
We catch certain exception classes and handle them as transient errors,
but unfortunately it is proving difficult to predict what exception
classes urlopen() is capable of raising, with new possibilities being
discovered.
To provide a fail-safe, treat the generic Exception class as being a
transient error too. This may well mask certain genuine bugs, but it is
preferrable to prioritize running the test suite to the greatest extent
practical.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250918125746.1165658-3-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
This base class is used for many different socket connection
errors, corresponding to ECONNRESET, ECONNREFUSED, ECONNABORTED
and more. Most of these are things you might expect to see every
now and then as transient flaws. We should thus retry the asset
download when seeing them.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250918125746.1165658-2-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
If QEMU gets configured for a single target that does not have
any thorough functional tests, "make check-functional" currently
fails with the error message "No rule to make target 'check-func'".
This happens because "check-func" only gets defined for thorough
tests (quick ones get added to "check-func-quick" instead).
The same problem can happen with the quick tests for targets that
do not have any functional test at all. To fix it, simply make sure
that the targets are always available in the Makefile.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Closes: https://gitlab.com/qemu-project/qemu/-/issues/3119
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250918125154.126072-1-thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Add a test which boots a HP-UX firmware upgrade CD-ROM. It exercise
the PCI LSI53C895A SCSI controller. The ISO image comes from:
https://web.archive.org/web/20101204061612/http://ftp.parisc-linux.org/kernels/712/PF_C7120023
The test is very quick, less than 3s.
Based on an old patch from Philippe that has been posted here:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg651012.html
Suggested-by: Sven Schnelle <svens@stackframe.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
[thuth: Adjusted the patch to the functional framework,
and adjusted the commit message]
Message-ID: <20250918122447.105861-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
In commit 52a21689cd829 we added a workaround for a bug in older
versions of htags where they fail with a weird error message if the
environment is too large. However, we missed one variable which
gitlab CI can set to the body of the commit message:
CI_COMMIT_DESCRIPTION.
Add this to the variables we unset when running htags, so that
the 'pages' job doesn't fail if the most recent commit happens
to have a very large commit message.
Cc: qemu-stable@nongnu.org
Fixes: 52a21689cd8 (".gitlab-ci.d/buildtest.yml: Work around htags bug when environment is large")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20250916163030.1467893-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Some tests are creating their on logger category which means any
output they log is not captured in base.log.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
[thuth: drop changes to reverse_debugging.py (it's WIP in other patches)]
Message-ID: <20250912182200.643909-7-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We've got this nice vmstate-static-checker.py script that can help to
detect screw-ups in the migration states. Unfortunately, it's currently
only run manually, which can be cumbersome. Let's run it from a functional
test automatically with the reference data from QEMU 7.2, so that we get
at least a basic coverage here. Since the test can fail when the checker
script detects a false positive, mark the test with a skipFlakyTest
decorator for now, so that it is only run when the user also set the
QEMU_TEST_FLAKY_TESTS environment variable.
Acked-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250912100755.316518-5-thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
For automatic tests, we need reference files from older QEMU versions.
QEMU 7.2 is a long term stable release, so it's a good candidate for
checking whether the migration could still work correctly. Let's add the
files from that version that have been taken with the "-dump-vmstate"
parameter of QEMU (compiled with single machines and the configure switch
"--without-default-devices" to keep the json files reasonable small).
Some devices also have been removed manually from the json files, e.g.
the "pci-bridge" (which can be disabled in later QEMU versions via Kconfig),
and some Linux-related devices like "scsi-block" and "scsi-generic" and
KVM-related devices. Without removing them, we might get errors otherwise
if these devices have not been compiled into the destination QEMU build.
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250912100755.316518-4-thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
We've got two vmstate dump files in the repository which are meant
for verifying whether the vmstate-static-checker.py works as expected.
Since running this manually is a cumbersome job, let's add an automated
test for this instead that runs the script with the two dump files
and checks for the expected output.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250912100755.316518-3-thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
All other test data resides in tests/data/, so let's move the dump
files here, too.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250912100755.316518-2-thuth@redhat.com>
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
pylint complains about wrong indentation in one of the lines and
that the pxelinux_cfg_contents is a constant that should be written
with capital letters. While we're at it, also add the missing doc
strings.
Reviewed-by: Jared Rossi <jrossi@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20250912085251.274294-1-thuth@redhat.com>
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The next-cube tests currently sleep for 2 seconds to wait for the
guest's display to come up with the expected results. That's bad
since there is still a theoretical race left here, and since there
are two subtests, the whole test takes more than 4 seconds this way.
Looking at what the firmware does, there is a better way instead of
blindly waiting for two seconds: The firmware is writing some values
to the FPU registers during a test (and never touches them again
afterwards, so we can be sure about the final values), so we can
poll for the right values in those registers to know when we reached
a state when the display is initialized for sure. We just have to
also make sure to not look for text anymore that is only printed
after the FPU test has been done by the guest firmware.
This way the whole tests finishes in less than 1 second here, and
there should be no race condition here anymore.
Message-ID: <20250909074817.84661-1-thuth@redhat.com>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
hw/pci-host/{dino,astro}: Don't call pci_register_root_bus() in init
target/sparc: Loosen various decode for v7
linux-user: Add syscall dispatch support
tcg/optimize: Fix folding of vector bitsel
include/hw/core/cpu: Introduce MMUIdxMap
include/hw/core/cpu: Introduce cpu_tlb_fast
include/hw/core/cpu: Invert the indexing into CPUTLBDescFast
accel/tcg: Remove dead mmap_unlock() call in invalidate_phys_page_range
accel/tcg: Remove cpu_loop_exit_restore() stub
accel/tcg: Properly unlink a TB linked to itself
accel/tcg: Introduce and use tb_flush__exclusive_or_serial
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmjUP5MdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/qEwgAt6uSXMVTXykr6uxW
# 321nMEMEB2Av5LHQwvgRW/BOAWCKDNtxHHn3tcfvOLKcFHR+agZqTHBvOKGgPGSo
# fPkoHRMlcb3pKxhttX66qZhDiaMNRALtajVNkelKUso4BtESkW1v4yQVNLr1Rk6+
# f/xg4noX2gSh56VDMGLgcTR5wvTNycTIq3909zPmO4YPVQjwUPSYkB227LyBRLYg
# R6EQOzn45oQuFfMYukjNQczibkZ7NV8mW7XmbfiMXwvK1yA/F75eN+B9sJKqS44d
# ww/rurQdIYZFwPPPqz3XZmztg0n9syE9VHkliYmAoJRtbgc0obQHt9M7UfLwW2TM
# NXYlNw==
# =HVcw
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 24 Sep 2025 11:59:31 AM PDT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-misc-20250924' of https://gitlab.com/rth7680/qemu: (32 commits)
accel/tcg: Remove cpu_loop_exit_restore() stub
accel/tcg: Remove dead mmap_unlock() call in invalidate_phys_page_range
accel/tcg: Improve buffer overflow in tb_gen_code
accel/tcg: Create queue_tb_flush from tb_flush
linux-user: Split out begin_parallel_context
plugins: Use tb_flush__exclusive_or_serial
accel/tcg: Move post-load tb_flush to vm_change_state hook
accel/tcg: Split out tb_flush__exclusive_or_serial
hw/ppc/spapr: Use tb_invalidate_phys_range in h_page_init
target/riscv: Record misa_ext in TCGTBCPUState.cs_base
target/alpha: Simplify call_pal implementation
gdbstub: Remove tb_flush uses
tests/tcg/multiarch: Add tb-link test
accel/tcg: Properly unlink a TB linked to itself
target/hppa: Adjust mmu indexes to begin with 0
include/hw/core/cpu: Invert the indexing into CPUTLBDescFast
include/hw/core/cpu: Introduce cpu_tlb_fast
include/hw/core/cpu: Introduce MMUIdxMap
tcg/optimize: Fix folding of vector bitsel
hw/pci-host/astro: Don't call pci_regsiter_root_bus() in init
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Not needed since commit 63e7af20352 ("hw/mips: Restrict ITU to TCG").
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250924165039.52250-1-philmd@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since commit a97d5d2c8be ("accel/tcg: Use interval tree for TBs in
user-only mode") this code is guarded with #ifdef'ry and only build
for system emulation where mmap_unlock() is meaningless. Remove the
call.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250924164824.51971-1-philmd@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
If we only have one vcpu, or within cpu_exec_step_atomic,
we needn't jump all the way back out to the cpu loop to
empty the code gen buffer.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Rename the function and remove the path which
performs the flush immediately.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Move the test/flush/set block to a new function.
Use tb_flush__exclusive_or_serial while we're at it.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| | |
In all cases, we are already within start_exclusive.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
We need not call tb_flush once per cpu, only once per vmload.
By moving the call from cpu_common_post_load to a tcg-specific
vm_change_state_handler, we do even better than that: we only
flush when called from HMP triggered loadvm, when we had old
state to flush.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Expose a routine to be called when no cpus are running.
Simplify the do_tb_flush run_on_cpu callback, because
that is explicitly called with start_exclusive; there
is no need for the mmap_lock as well.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
We only need invalidate tbs from a single page, not flush
all translations.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The tb_flush within write_misa was incorrect. It assumed
that we could adjust the ISA of the current processor and
discard all TB and all would be well. But MISA is per vcpu,
so globally flushing TB does not mean that the TB matches
the MISA of any given vcpu.
By recording misa in the tb state, we ensure that the code
generated matches the vcpu.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Since 288a5fe980f, we don't link translation blocks
directly to palcode entry points. If we load palbr
from env instead of encoding the constant, we avoid
all need for tb_flush().
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
This hasn't been needed since d828b92b8a6
("accel/tcg: Introduce CF_BP_PAGE").
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| | |
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When we remove dest from orig's links, we lose the link
that we rely on later to reset links. This can lead to
failure to release from spinlock with self-modifying code.
Cc: qemu-stable@nongnu.org
Reported-by: 李威威 <liweiwei@kubuds.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Tested-by: Anton Johansson <anjo@rev.ng>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This is a logical reversion of 2ad04500543, though
there have been additions to the set of mmu indexes
since then. The impetus to that original patch,
"9-15 will use shorter assembler instructions when
run on a x86-64 host" is now handled generically.
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This array is within CPUNegativeOffsetState, which means the
last element of the array has an offset from env with the
smallest magnitude. This can be encoded into fewer bits
when generating TCG fast path memory references.
When we changed the NB_MMU_MODES to be a global constant,
rather than a per-target value, we pessimized the code
generated for targets which use only a few mmu indexes.
By inverting the array index, we counteract that.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Encapsulate access to cpu->neg.tlb.f[] in a function.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
Use a typedef instead of uint16_t directly when
describing sets of mmu indexes.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
It looks like a typo. When the false value (C) is the constant -1, the
correct fold should be: R = B | ~A
Reproducer (LoongArch64 assembly):
.text
.globl _start
_start:
vldi $vr1, 3073
vldi $vr2, 1023
vbitsel.v $vr0, $vr2, $vr1, $vr2
vpickve2gr.d $a1, $vr0, 1
xori $a0, $a1, 1
li.w $a7, 93
syscall 0
Fixes: e58b977238e3 ("tcg/optimize: Optimize bitsel_vec")
Link: https://github.com/llvm/llvm-project/issues/159610
Signed-off-by: WANG Rui <wangrui@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250919124901.2756538-1-wangrui@loongson.cn>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the astro PCI host bridge device, we call pci_register_root_bus()
in the device's instance_init. This is a problem for two reasons
* the PCI bridge is then available to the rest of the simulation
(e.g. via pci_qdev_find_device()), even though it hasn't
yet been realized
* we do not attempt to unregister in an instance_deinit,
which means that if you go through an instance_init -> deinit
lifecycle the freed memory for the host-bridge device is
left on the pci_host_bridges list
ASAN reports the resulting use-after-free:
==1776584==ERROR: AddressSanitizer: heap-use-after-free on address 0x51f00000cb00 at pc 0x5b2d460a89b5 bp 0x7ffef7617f50 sp 0x7ffef7617f48
WRITE of size 8 at 0x51f00000cb00 thread T0
#0 0x5b2d460a89b4 in pci_host_bus_register /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:608:5
#1 0x5b2d46093566 in pci_root_bus_internal_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:677:5
#2 0x5b2d460935e0 in pci_root_bus_new /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:706:5
#3 0x5b2d46093fe5 in pci_register_root_bus /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:751:11
#4 0x5b2d46fe2335 in elroy_pcihost_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci-host/astro.c:455:16
0x51f00000cb00 is located 1664 bytes inside of 3456-byte region [0x51f00000c480,0x51f00000d200)
freed by thread T0 here:
#0 0x5b2d4582385a in free (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/qemu-system-hppa+0x17ad85a) (BuildId: 692b49eedc6fb0ef618bbb6784a09311b3b7f1e8)
#1 0x5b2d47160723 in object_finalize /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/object.c:734:9
#2 0x5b2d471589db in object_unref /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/object.c:1232:9
#3 0x5b2d477d373c in qmp_device_list_properties /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/qom-qmp-cmds.c:237:5
previously allocated by thread T0 here:
#0 0x5b2d45823af3 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/qemu-system-hppa+0x17adaf3) (BuildId: 692b49eedc6fb0ef618bbb6784a09311b3b7f1e8)
#1 0x79728fa08b09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x5b2d471595fc in object_new_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/object.c:767:15
#3 0x5b2d47159409 in object_new_with_class /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/object.c:782:12
#4 0x5b2d477d29a5 in qmp_device_list_properties /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/qom-qmp-cmds.c:206:11
Cc: qemu-stable@nongnu.org
Fixes: e029bb00a79be ("hw/pci-host: Add Astro system bus adapter found on PA-RISC machines")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3118
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250918114259.1802337-3-peter.maydell@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
In the dino PCI host bridge device, we call pci_register_root_bus()
in the device's instance_init. This is a problem for two reasons
* the PCI bridge is then available to the rest of the simulation
(e.g. via pci_qdev_find_device()), even though it hasn't
yet been realized
* we do not attempt to unregister in an instance_deinit,
which means that if you go through an instance_init -> deinit
lifecycle the freed memory for the host-bridge device is
left on the pci_host_bridges list
ASAN reports the resulting use-after-free:
==1771223==ERROR: AddressSanitizer: heap-use-after-free on address 0x527000018f80 at pc 0x5b4b9d3369b5 bp 0x7ffd01929980 sp 0x7ffd01929978
WRITE of size 8 at 0x527000018f80 thread T0
#0 0x5b4b9d3369b4 in pci_host_bus_register /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:608:5
#1 0x5b4b9d321566 in pci_root_bus_internal_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:677:5
#2 0x5b4b9d3215e0 in pci_root_bus_new /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:706:5
#3 0x5b4b9d321fe5 in pci_register_root_bus /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci/pci.c:751:11
#4 0x5b4b9d390521 in dino_pcihost_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../hw/pci-host/dino.c:473:16
0x527000018f80 is located 1664 bytes inside of 12384-byte region [0x527000018900,0x52700001b960)
freed by thread T0 here:
#0 0x5b4b9cab185a in free (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/qemu-system-hppa+0x17ad85a) (BuildId: ca496bb2e4fc750ebd289b448bad8d99c0ecd140)
#1 0x5b4b9e3ee723 in object_finalize /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/object.c:734:9
#2 0x5b4b9e3e69db in object_unref /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/object.c:1232:9
#3 0x5b4b9ea6173c in qmp_device_list_properties /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/qom-qmp-cmds.c:237:5
#4 0x5b4b9ec4e0f3 in qmp_marshal_device_list_properties /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/qapi/qapi-commands-qdev.c:65:14
previously allocated by thread T0 here:
#0 0x5b4b9cab1af3 in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/qemu-system-hppa+0x17adaf3) (BuildId: ca496bb2e4fc750ebd289b448bad8d99c0ecd140)
#1 0x799d8270eb09 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x62b09) (BuildId: 1eb6131419edb83b2178b682829a6913cf682d75)
#2 0x5b4b9e3e75fc in object_new_with_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/object.c:767:15
#3 0x5b4b9e3e7409 in object_new_with_class /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/object.c:782:12
#4 0x5b4b9ea609a5 in qmp_device_list_properties /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/hppa-asan/../../qom/qom-qmp-cmds.c:206:11
where we allocated one instance of the dino device, put it on the
list, freed it, and then trying to allocate a second instance touches
the freed memory on the pci_host_bridges list.
Fix this by deferring all the setup of memory regions and registering
the PCI bridge to the device's realize method. This brings it into
line with almost all other PCI host bridges, which call
pci_register_root_bus() in realize.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3118
Fixes: 63901b6cc4d8b4 ("dino: move PCI bus initialisation to dino_pcihost_init()")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20250918114259.1802337-2-peter.maydell@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| | |
For v7, bits [12:5] are ignored for !imm.
For v8, those same bits are reserved, but are not trapped.
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
For v7, bits [18:0] are ignored.
For v8, bits [18:14] are reserved and bits [13:0] are ignored.
Fixes: e8325dc02d0 ("target/sparc: Move RDTBR, FLUSHW to decodetree")
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
For v7, bits [18:0] are ignored.
For v8, bits [18:14] are reserved and bits [13:0] are ignored.
Fixes: 5d617bfba07 ("target/sparc: Move RDWIM, RDPR to decodetree")
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
For v7, bits [18:0] are ignored.
For v8, bits [18:14] are reserved and bits [13:0] are ignored.
Fixes: 668bb9b755e ("target/sparc: Move RDPSR, RDHPR to decodetree")
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Bits [18:0] are not decoded with v7, and for v8 unused values
of rs1 simply produce undefined results.
Fixes: af25071c1d ("target/sparc: Move RDASR, STBAR, MEMBAR to decodetree")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Solaris 8 appears to have a bug whereby it executes v9 MEMBAR
instructions when booting a freshly installed image. According
to the SPARC v8 architecture manual, whilst bits 13 and bits 12-0
of the "Read State Register Instructions" are notionally zero,
they are marked as unused (i.e. ignored).
Fixes: af25071c1d ("target/sparc: Move RDASR, STBAR, MEMBAR to decodetree")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/3097
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
|
| | |
| |
| |
| |
| |
| |
| | |
Use ## to drop the preceding comma if __VA_ARGS__ is empty.
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
This commit adds support for the `prctl(PR_SET_SYSCALL_USER_DISPATCH)`
function in the Linux userspace emulator.
It is implemented as a fully host-independent function, by forcing
a SIGSYS early during syscall handling, if the PC is outside the
allowed range.
Since disabled SUD is indistinguishable from enabled SUD with
always-allowed region length == ~0, this encoding is used
instead of introducing a new flag.
Tested on [uglendix][1], will probably also apply to software like
tiny-wine, rpcsx, limbo, lazypoline, vicar, sysfail and endokernel,
to name a few.
[1]: https://sr.ht/~arusekk/uglendix
Signed-off-by: Arusekk <floss@arusekk.pl>
Message-ID: <20250711225226.14652-1-floss@arusekk.pl>
[rth: Split out is_vdso_sigreturn region matching and other minor tweaks.]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
When a target does not support a vdso, we generate a sigtramp page.
The only thing on this page is a (set of) signal return syscalls.
We do not need to narrowly restrict the vdso_sigreturn_region;
simply record the entire page for all such targets.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| | |
| |
| |
| |
| |
| |
| | |
Mark the regions which contain sigreturn syscalls within
each vdso. Rebuild the shared objects.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
| |/
|
|
|
|
|
| |
These variables will be populated from the vdso, and used
for detecting whether we are executing the sigreturn.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|