packages/qemu
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!726 QEMU update to viersion 6.2.0-67(master)

Browse Source 
From: @flyking001 
Reviewed-by: @yezengruan, @aven6 
Signed-off-by: @aven6
This commit is contained in:
openeuler-ci-bot 2023-03-29 01:17:08 +00:00 committed by Gitee
commit 05240ecdf2
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
36 changed files with 33105 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

758
Add-PowerManager-support.patch Normal file
View File

@ -0,0 +1,758 @@
From 1fc8fa6cd621c17988b043c1b3abe9ccb189a1d7 Mon Sep 17 00:00:00 2001
From: lixianglai <lixianglai@loongson.cn>
Date: Tue, 7 Feb 2023 06:34:32 -0500
Subject: [PATCH] Add PowerManager support.
Add Loongarch ACPI power management device simulation.
Signed-off-by: lixianglai <lixianglai@loongson.cn>
---
hw/acpi/Kconfig | 8 +
hw/acpi/larch_7a.c | 616 +++++++++++++++++++++++++++++++++++++++++
hw/acpi/meson.build | 1 +
include/hw/acpi/ls7a.h | 79 ++++++
4 files changed, 704 insertions(+)
create mode 100644 hw/acpi/larch_7a.c
create mode 100644 include/hw/acpi/ls7a.h
diff --git a/hw/acpi/Kconfig b/hw/acpi/Kconfig
index 622b0b50b7..245c5554df 100644
--- a/hw/acpi/Kconfig
+++ b/hw/acpi/Kconfig
@@ -15,6 +15,14 @@ config ACPI_X86_ICH
bool
select ACPI_X86
+config ACPI_LOONGARCH
+ bool
+ select ACPI
+ select ACPI_CPU_HOTPLUG
+ select ACPI_MEMORY_HOTPLUG
+ select ACPI_PIIX4
+ select ACPI_PCIHP
+
config ACPI_CPU_HOTPLUG
bool
diff --git a/hw/acpi/larch_7a.c b/hw/acpi/larch_7a.c
new file mode 100644
index 0000000000..59b43170ff
--- /dev/null
+++ b/hw/acpi/larch_7a.c
@@ -0,0 +1,616 @@
+/*
+ * Loongarch acpi emulation
+ *
+ * Copyright (c) 2023 Loongarch Technology
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "qemu/osdep.h"
+#include "sysemu/sysemu.h"
+#include "sysemu/runstate.h"
+#include "sysemu/reset.h"
+#include "hw/hw.h"
+#include "hw/irq.h"
+#include "hw/acpi/acpi.h"
+#include "hw/acpi/ls7a.h"
+#include "hw/nvram/fw_cfg.h"
+#include "qemu/config-file.h"
+#include "qapi/opts-visitor.h"
+#include "qapi/qapi-events-run-state.h"
+#include "qapi/error.h"
+#include "hw/loongarch/ls7a.h"
+#include "hw/mem/pc-dimm.h"
+#include "hw/mem/nvdimm.h"
+#include "migration/vmstate.h"
+
+static void ls7a_pm_update_sci_fn(ACPIREGS *regs)
+{
+ LS7APCIPMRegs *pm = container_of(regs, LS7APCIPMRegs, acpi_regs);
+ acpi_update_sci(&pm->acpi_regs, pm->irq);
+}
+
+static uint64_t ls7a_gpe_readb(void *opaque, hwaddr addr, unsigned width)
+{
+ LS7APCIPMRegs *pm = opaque;
+ return acpi_gpe_ioport_readb(&pm->acpi_regs, addr);
+}
+
+static void ls7a_gpe_writeb(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ LS7APCIPMRegs *pm = opaque;
+ acpi_gpe_ioport_writeb(&pm->acpi_regs, addr, val);
+ acpi_update_sci(&pm->acpi_regs, pm->irq);
+}
+
+static const MemoryRegionOps ls7a_gpe_ops = {
+ .read = ls7a_gpe_readb,
+ .write = ls7a_gpe_writeb,
+ .valid.min_access_size = 1,
+ .valid.max_access_size = 8,
+ .impl.min_access_size = 1,
+ .impl.max_access_size = 1,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+#define VMSTATE_GPE_ARRAY(_field, _state) \
+{ \
+ .name = (stringify(_field)), .version_id = 0, .num = ACPI_GPE0_LEN, \
+ .info = &vmstate_info_uint8, .size = sizeof(uint8_t), \
+ .flags = VMS_ARRAY | VMS_POINTER, \
+ .offset = vmstate_offset_pointer(_state, _field, uint8_t), \
+}
+
+static uint64_t ls7a_reset_readw(void *opaque, hwaddr addr, unsigned width)
+{
+ return 0;
+}
+
+static void ls7a_reset_writew(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ if (val & 1) {
+ qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET);
+ }
+}
+
+static const MemoryRegionOps ls7a_reset_ops = {
+ .read = ls7a_reset_readw,
+ .write = ls7a_reset_writew,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static bool vmstate_test_use_memhp(void *opaque)
+{
+ LS7APCIPMRegs *s = opaque;
+ return s->acpi_memory_hotplug.is_enabled;
+}
+
+static const VMStateDescription vmstate_memhp_state = {
+ .name = "ls7a_pm/memhp",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .needed = vmstate_test_use_memhp,
+ .fields = (VMStateField[]){ VMSTATE_MEMORY_HOTPLUG(acpi_memory_hotplug,
+ LS7APCIPMRegs),
+ VMSTATE_END_OF_LIST() }
+};
+
+static const VMStateDescription vmstate_cpuhp_state = {
+ .name = "ls7a_pm/cpuhp",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .minimum_version_id_old = 1,
+ .fields =
+ (VMStateField[]){ VMSTATE_CPU_HOTPLUG(cpuhp_state, LS7APCIPMRegs),
+ VMSTATE_END_OF_LIST() }
+};
+
+const VMStateDescription vmstate_ls7a_pm = {
+ .name = "ls7a_pm",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .fields =
+ (VMStateField[]){
+ VMSTATE_UINT16(acpi_regs.pm1.evt.sts, LS7APCIPMRegs),
+ VMSTATE_UINT16(acpi_regs.pm1.evt.en, LS7APCIPMRegs),
+ VMSTATE_UINT16(acpi_regs.pm1.cnt.cnt, LS7APCIPMRegs),
+ VMSTATE_TIMER_PTR(acpi_regs.tmr.timer, LS7APCIPMRegs),
+ VMSTATE_INT64(acpi_regs.tmr.overflow_time, LS7APCIPMRegs),
+ VMSTATE_GPE_ARRAY(acpi_regs.gpe.sts, LS7APCIPMRegs),
+ VMSTATE_GPE_ARRAY(acpi_regs.gpe.en, LS7APCIPMRegs),
+ VMSTATE_END_OF_LIST() },
+ .subsections = (const VMStateDescription *[]){ &vmstate_memhp_state,
+ &vmstate_cpuhp_state, NULL }
+};
+
+static inline int64_t acpi_pm_tmr_get_clock(void)
+{
+ return muldiv64(qemu_clock_get_ns(QEMU_CLOCK_VIRTUAL), PM_TIMER_FREQUENCY,
+ NANOSECONDS_PER_SECOND);
+}
+
+static uint32_t acpi_pm_tmr_get(ACPIREGS *ar)
+{
+ uint32_t d = acpi_pm_tmr_get_clock();
+ return d & 0xffffff;
+}
+
+static void acpi_pm_tmr_timer(void *opaque)
+{
+ ACPIREGS *ar = opaque;
+ qemu_system_wakeup_request(QEMU_WAKEUP_REASON_PMTIMER, NULL);
+ ar->tmr.update_sci(ar);
+}
+
+static uint64_t acpi_pm_tmr_read(void *opaque, hwaddr addr, unsigned width)
+{
+ return acpi_pm_tmr_get(opaque);
+}
+
+static void acpi_pm_tmr_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ /* nothing */
+}
+
+static const MemoryRegionOps acpi_pm_tmr_ops = {
+ .read = acpi_pm_tmr_read,
+ .write = acpi_pm_tmr_write,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ls7a_pm_tmr_init(ACPIREGS *ar, acpi_update_sci_fn update_sci,
+ MemoryRegion *parent, uint64_t offset)
+{
+ ar->tmr.update_sci = update_sci;
+ ar->tmr.timer = timer_new_ns(QEMU_CLOCK_VIRTUAL, acpi_pm_tmr_timer, ar);
+ memory_region_init_io(&ar->tmr.io, memory_region_owner(parent),
+ &acpi_pm_tmr_ops, ar, "acpi-tmr", 4);
+ memory_region_add_subregion(parent, offset, &ar->tmr.io);
+}
+
+static void acpi_pm1_evt_write_sts(ACPIREGS *ar, uint16_t val)
+{
+ uint16_t pm1_sts = acpi_pm1_evt_get_sts(ar);
+ if (pm1_sts & val & ACPI_BITMASK_TIMER_STATUS) {
+ /* if TMRSTS is reset, then compute the new overflow time */
+ acpi_pm_tmr_calc_overflow_time(ar);
+ }
+ ar->pm1.evt.sts &= ~val;
+}
+
+static uint64_t acpi_pm_evt_read(void *opaque, hwaddr addr, unsigned width)
+{
+ ACPIREGS *ar = opaque;
+ switch (addr) {
+ case 0:
+ return acpi_pm1_evt_get_sts(ar);
+ case 4:
+ return ar->pm1.evt.en;
+ default:
+ return 0;
+ }
+}
+
+static void acpi_pm1_evt_write_en(ACPIREGS *ar, uint16_t val)
+{
+ ar->pm1.evt.en = val;
+ qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_RTC,
+ val & ACPI_BITMASK_RT_CLOCK_ENABLE);
+ qemu_system_wakeup_enable(QEMU_WAKEUP_REASON_PMTIMER,
+ val & ACPI_BITMASK_TIMER_ENABLE);
+}
+
+static void acpi_pm_evt_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ ACPIREGS *ar = opaque;
+ switch (addr) {
+ case 0:
+ acpi_pm1_evt_write_sts(ar, val);
+ ar->pm1.evt.update_sci(ar);
+ break;
+ case 4:
+ acpi_pm1_evt_write_en(ar, val);
+ ar->pm1.evt.update_sci(ar);
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps acpi_pm_evt_ops = {
+ .read = acpi_pm_evt_read,
+ .write = acpi_pm_evt_write,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void ls7a_pm1_evt_init(ACPIREGS *ar, acpi_update_sci_fn update_sci,
+ MemoryRegion *parent, uint64_t offset)
+{
+ ar->pm1.evt.update_sci = update_sci;
+ memory_region_init_io(&ar->pm1.evt.io, memory_region_owner(parent),
+ &acpi_pm_evt_ops, ar, "acpi-evt", 8);
+ memory_region_add_subregion(parent, offset, &ar->pm1.evt.io);
+}
+
+static uint64_t acpi_pm_cnt_read(void *opaque, hwaddr addr, unsigned width)
+{
+ ACPIREGS *ar = opaque;
+ return ar->pm1.cnt.cnt;
+}
+
+/* ACPI PM1aCNT */
+static void acpi_pm1_cnt_write(ACPIREGS *ar, uint16_t val)
+{
+ ar->pm1.cnt.cnt = val & ~(ACPI_BITMASK_SLEEP_ENABLE);
+ if (val & ACPI_BITMASK_SLEEP_ENABLE) {
+ /* change suspend type */
+ uint16_t sus_typ = (val >> 10) & 7;
+ switch (sus_typ) {
+ /* s3,s4 not support */
+ case 5:
+ case 6:
+ warn_report("acpi s3,s4 state not support");
+ break;
+ /* s5: soft off */
+ case 7:
+ qemu_system_shutdown_request(SHUTDOWN_CAUSE_GUEST_SHUTDOWN);
+ break;
+ default:
+ break;
+ }
+ }
+}
+
+static void acpi_pm_cnt_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned width)
+{
+ acpi_pm1_cnt_write(opaque, val);
+}
+
+static const MemoryRegionOps acpi_pm_cnt_ops = {
+ .read = acpi_pm_cnt_read,
+ .write = acpi_pm_cnt_write,
+ .valid.min_access_size = 4,
+ .valid.max_access_size = 4,
+ .endianness = DEVICE_LITTLE_ENDIAN,
+};
+
+static void acpi_notify_wakeup(Notifier *notifier, void *data)
+{
+ ACPIREGS *ar = container_of(notifier, ACPIREGS, wakeup);
+ WakeupReason *reason = data;
+
+ switch (*reason) {
+ case QEMU_WAKEUP_REASON_RTC:
+ ar->pm1.evt.sts |=
+ (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_RT_CLOCK_STATUS);
+ break;
+ case QEMU_WAKEUP_REASON_PMTIMER:
+ ar->pm1.evt.sts |=
+ (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_TIMER_STATUS);
+ break;
+ case QEMU_WAKEUP_REASON_OTHER:
+ /*
+ * ACPI_BITMASK_WAKE_STATUS should be set on resume.
+ * Pretend that resume was caused by power button
+ */
+ ar->pm1.evt.sts |=
+ (ACPI_BITMASK_WAKE_STATUS | ACPI_BITMASK_POWER_BUTTON_STATUS);
+ break;
+ default:
+ break;
+ }
+}
+
+static void ls7a_pm1_cnt_init(ACPIREGS *ar, MemoryRegion *parent,
+ bool disable_s3, bool disable_s4, uint8_t s4_val,
+ uint64_t offset)
+{
+ FWCfgState *fw_cfg;
+
+ ar->pm1.cnt.s4_val = s4_val;
+ ar->wakeup.notify = acpi_notify_wakeup;
+ qemu_register_wakeup_notifier(&ar->wakeup);
+ memory_region_init_io(&ar->pm1.cnt.io, memory_region_owner(parent),
+ &acpi_pm_cnt_ops, ar, "acpi-cnt", 4);
+ memory_region_add_subregion(parent, offset, &ar->pm1.cnt.io);
+
+ fw_cfg = fw_cfg_find();
+ if (fw_cfg) {
+ uint8_t suspend[6] = { 128, 0, 0, 129, 128, 128 };
+ suspend[3] = 1 | ((!disable_s3) << 7);
+ suspend[4] = s4_val | ((!disable_s4) << 7);
+ fw_cfg_add_file(fw_cfg, "etc/system-states", g_memdup(suspend, 6), 6);
+ }
+}
+
+static void ls7a_pm_reset(void *opaque)
+{
+ LS7APCIPMRegs *pm = opaque;
+
+ acpi_pm1_evt_reset(&pm->acpi_regs);
+ acpi_pm1_cnt_reset(&pm->acpi_regs);
+ acpi_pm_tmr_reset(&pm->acpi_regs);
+ acpi_gpe_reset(&pm->acpi_regs);
+
+ acpi_update_sci(&pm->acpi_regs, pm->irq);
+}
+
+static void pm_powerdown_req(Notifier *n, void *opaque)
+{
+ LS7APCIPMRegs *pm = container_of(n, LS7APCIPMRegs, powerdown_notifier);
+
+ acpi_pm1_evt_power_down(&pm->acpi_regs);
+}
+
+void ls7a_pm_init(LS7APCIPMRegs *pm, qemu_irq *pic)
+{
+ unsigned long base, gpe_len, acpi_aci_irq;
+
+ /*
+ * ls7a board acpi hardware info, including
+ * acpi system io base address
+ * acpi gpe length
+ * acpi sci irq number
+ */
+ base = ACPI_IO_BASE;
+ gpe_len = ACPI_GPE0_LEN;
+ acpi_aci_irq = ACPI_SCI_IRQ;
+
+ pm->irq = pic[acpi_aci_irq - 64];
+ memory_region_init(&pm->iomem, NULL, "ls7a_pm", ACPI_IO_SIZE);
+ memory_region_add_subregion(get_system_memory(), base, &pm->iomem);
+
+ cpu_hotplug_hw_init(get_system_memory(), NULL, &pm->cpuhp_state,
+ CPU_HOTPLUG_BASE);
+
+ ls7a_pm_tmr_init(&pm->acpi_regs, ls7a_pm_update_sci_fn, &pm->iomem,
+ LS7A_PM_TMR_BLK);
+ ls7a_pm1_evt_init(&pm->acpi_regs, ls7a_pm_update_sci_fn, &pm->iomem,
+ LS7A_PM_EVT_BLK);
+ ls7a_pm1_cnt_init(&pm->acpi_regs, &pm->iomem, false, false, 2,
+ LS7A_PM_CNT_BLK);
+
+ acpi_gpe_init(&pm->acpi_regs, gpe_len);
+ memory_region_init_io(&pm->iomem_gpe, NULL, &ls7a_gpe_ops, pm, "acpi-gpe0",
+ gpe_len);
+ memory_region_add_subregion(&pm->iomem, LS7A_GPE0_STS_REG, &pm->iomem_gpe);
+
+ memory_region_init_io(&pm->iomem_reset, NULL, &ls7a_reset_ops, pm,
+ "acpi-reset", 4);
+ memory_region_add_subregion(&pm->iomem, LS7A_GPE0_RESET_REG,
+ &pm->iomem_reset);
+
+ qemu_register_reset(ls7a_pm_reset, pm);
+
+ pm->powerdown_notifier.notify = pm_powerdown_req;
+ qemu_register_powerdown_notifier(&pm->powerdown_notifier);
+
+ if (pm->acpi_memory_hotplug.is_enabled) {
+ acpi_memory_hotplug_init(get_system_memory(), NULL,
+ &pm->acpi_memory_hotplug,
+ MEMORY_HOTPLUG_BASE);
+ }
+}
+
+static void ls7a_pm_get_gpe0_blk(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ uint64_t value = ACPI_IO_BASE + LS7A_GPE0_STS_REG;
+
+ visit_type_uint64(v, name, &value, errp);
+}
+
+static bool ls7a_pm_get_memory_hotplug_support(Object *obj, Error **errp)
+{
+ LS7APCIState *ls7a = get_ls7a_type(obj);
+
+ return ls7a->pm.acpi_memory_hotplug.is_enabled;
+}
+
+static void ls7a_pm_set_memory_hotplug_support(Object *obj, bool value,
+ Error **errp)
+{
+ LS7APCIState *ls7a = get_ls7a_type(obj);
+
+ ls7a->pm.acpi_memory_hotplug.is_enabled = value;
+}
+
+static void ls7a_pm_get_disable_s3(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ LS7APCIPMRegs *pm = opaque;
+ uint8_t value = pm->disable_s3;
+
+ visit_type_uint8(v, name, &value, errp);
+}
+
+static void ls7a_pm_set_disable_s3(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ LS7APCIPMRegs *pm = opaque;
+ Error *local_err = NULL;
+ uint8_t value;
+
+ visit_type_uint8(v, name, &value, &local_err);
+ if (local_err) {
+ goto out;
+ }
+ pm->disable_s3 = value;
+out:
+ error_propagate(errp, local_err);
+}
+
+static void ls7a_pm_get_disable_s4(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ LS7APCIPMRegs *pm = opaque;
+ uint8_t value = pm->disable_s4;
+
+ visit_type_uint8(v, name, &value, errp);
+}
+
+static void ls7a_pm_set_disable_s4(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ LS7APCIPMRegs *pm = opaque;
+ Error *local_err = NULL;
+ uint8_t value;
+
+ visit_type_uint8(v, name, &value, &local_err);
+ if (local_err) {
+ goto out;
+ }
+ pm->disable_s4 = value;
+out:
+ error_propagate(errp, local_err);
+}
+
+static void ls7a_pm_get_s4_val(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ LS7APCIPMRegs *pm = opaque;
+ uint8_t value = pm->s4_val;
+
+ visit_type_uint8(v, name, &value, errp);
+}
+
+static void ls7a_pm_set_s4_val(Object *obj, Visitor *v, const char *name,
+ void *opaque, Error **errp)
+{
+ LS7APCIPMRegs *pm = opaque;
+ Error *local_err = NULL;
+ uint8_t value;
+
+ visit_type_uint8(v, name, &value, &local_err);
+ if (local_err) {
+ goto out;
+ }
+ pm->s4_val = value;
+out:
+ error_propagate(errp, local_err);
+}
+
+void ls7a_pm_add_properties(Object *obj, LS7APCIPMRegs *pm, Error **errp)
+{
+ static const uint32_t gpe0_len = ACPI_GPE0_LEN;
+ pm->acpi_memory_hotplug.is_enabled = true;
+ pm->disable_s3 = 0;
+ pm->disable_s4 = 0;
+ pm->s4_val = 2;
+
+ object_property_add_uint32_ptr(obj, ACPI_PM_PROP_PM_IO_BASE,
+ &pm->pm_io_base, OBJ_PROP_FLAG_READ);
+ object_property_add(obj, ACPI_PM_PROP_GPE0_BLK, "uint32",
+ ls7a_pm_get_gpe0_blk, NULL, NULL, pm);
+ object_property_add_uint32_ptr(obj, ACPI_PM_PROP_GPE0_BLK_LEN, &gpe0_len,
+ OBJ_PROP_FLAG_READ);
+ object_property_add_bool(obj, "memory-hotplug-support",
+ ls7a_pm_get_memory_hotplug_support,
+ ls7a_pm_set_memory_hotplug_support);
+ object_property_add(obj, ACPI_PM_PROP_S3_DISABLED, "uint8",
+ ls7a_pm_get_disable_s3, ls7a_pm_set_disable_s3, NULL,
+ pm);
+ object_property_add(obj, ACPI_PM_PROP_S4_DISABLED, "uint8",
+ ls7a_pm_get_disable_s4, ls7a_pm_set_disable_s4, NULL,
+ pm);
+ object_property_add(obj, ACPI_PM_PROP_S4_VAL, "uint8", ls7a_pm_get_s4_val,
+ ls7a_pm_set_s4_val, NULL, pm);
+}
+
+void ls7a_pm_device_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
+ Error **errp)
+{
+ LS7APCIState *ls7a = get_ls7a_type(OBJECT(hotplug_dev));
+
+ if (ls7a->pm.acpi_memory_hotplug.is_enabled &&
+ object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
+ if (object_dynamic_cast(OBJECT(dev), TYPE_NVDIMM)) {
+ nvdimm_acpi_plug_cb(hotplug_dev, dev);
+ } else {
+ acpi_memory_plug_cb(hotplug_dev, &ls7a->pm.acpi_memory_hotplug,
+ dev, errp);
+ }
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+ acpi_cpu_plug_cb(hotplug_dev, &ls7a->pm.cpuhp_state, dev, errp);
+ } else {
+ error_setg(errp,
+ "acpi: device plug request for not supported device"
+ " type: %s",
+ object_get_typename(OBJECT(dev)));
+ }
+}
+
+void ls7a_pm_device_unplug_request_cb(HotplugHandler *hotplug_dev,
+ DeviceState *dev, Error **errp)
+{
+ LS7APCIState *ls7a = get_ls7a_type(OBJECT(hotplug_dev));
+
+ if (ls7a->pm.acpi_memory_hotplug.is_enabled &&
+ object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
+ acpi_memory_unplug_request_cb(
+ hotplug_dev, &ls7a->pm.acpi_memory_hotplug, dev, errp);
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+ acpi_cpu_unplug_request_cb(hotplug_dev, &ls7a->pm.cpuhp_state, dev,
+ errp);
+ } else {
+ error_setg(errp,
+ "acpi: device unplug request for not supported device"
+ " type: %s",
+ object_get_typename(OBJECT(dev)));
+ }
+}
+
+void ls7a_pm_device_unplug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
+ Error **errp)
+{
+ LS7APCIState *ls7a = get_ls7a_type(OBJECT(hotplug_dev));
+
+ if (ls7a->pm.acpi_memory_hotplug.is_enabled &&
+ object_dynamic_cast(OBJECT(dev), TYPE_PC_DIMM)) {
+ acpi_memory_unplug_cb(&ls7a->pm.acpi_memory_hotplug, dev, errp);
+ } else if (object_dynamic_cast(OBJECT(dev), TYPE_CPU)) {
+ acpi_cpu_unplug_cb(&ls7a->pm.cpuhp_state, dev, errp);
+ } else {
+ error_setg(errp,
+ "acpi: device unplug for not supported device"
+ " type: %s",
+ object_get_typename(OBJECT(dev)));
+ }
+}
+
+void ls7a_pm_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
+{
+ LS7APCIState *ls7a = get_ls7a_type(OBJECT(adev));
+
+ acpi_memory_ospm_status(&ls7a->pm.acpi_memory_hotplug, list);
+ acpi_cpu_ospm_status(&ls7a->pm.cpuhp_state, list);
+}
+
+void ls7a_send_gpe(AcpiDeviceIf *adev, AcpiEventStatusBits ev)
+{
+ LS7APCIState *ls7a = get_ls7a_type(OBJECT(adev));
+
+ acpi_send_gpe_event(&ls7a->pm.acpi_regs, ls7a->pm.irq, ev);
+}
diff --git a/hw/acpi/meson.build b/hw/acpi/meson.build
index 448ea6afb4..4718d143fc 100644
--- a/hw/acpi/meson.build
+++ b/hw/acpi/meson.build
@@ -6,6 +6,7 @@ acpi_ss.add(files(
'core.c',
'utils.c',
))
+acpi_ss.add(when: 'CONFIG_ACPI_LOONGARCH', if_true: files('larch_7a.c'))
acpi_ss.add(when: 'CONFIG_ACPI_CPU_HOTPLUG', if_true: files('cpu.c', 'cpu_hotplug.c'))
acpi_ss.add(when: 'CONFIG_ACPI_CPU_HOTPLUG', if_false: files('acpi-cpu-hotplug-stub.c'))
acpi_ss.add(when: 'CONFIG_ACPI_MEMORY_HOTPLUG', if_true: files('memory_hotplug.c'))
diff --git a/include/hw/acpi/ls7a.h b/include/hw/acpi/ls7a.h
new file mode 100644
index 0000000000..295baa4b5a
--- /dev/null
+++ b/include/hw/acpi/ls7a.h
@@ -0,0 +1,79 @@
+/*
+ * QEMU GMCH/LS7A PCI PM Emulation
+ *
+ * Copyright (c) 2023 Loongarch Technology
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#ifndef HW_ACPI_LS7A_H
+#define HW_ACPI_LS7A_H
+
+#include "hw/acpi/acpi.h"
+#include "hw/acpi/cpu_hotplug.h"
+#include "hw/acpi/cpu.h"
+#include "hw/acpi/memory_hotplug.h"
+#include "hw/acpi/acpi_dev_interface.h"
+#include "hw/acpi/tco.h"
+
+#define CPU_HOTPLUG_BASE 0x1e000000
+#define MEMORY_HOTPLUG_BASE 0x1e00000c
+
+typedef struct LS7APCIPMRegs {
+ /*
+ * In ls7a spec says that pm1_cnt register is 32bit width and
+ * that the upper 16bits are reserved and unused.
+ * PM1a_CNT_BLK = 2 in FADT so it is defined as uint16_t.
+ */
+ ACPIREGS acpi_regs;
+
+ MemoryRegion iomem;
+ MemoryRegion iomem_gpe;
+ MemoryRegion iomem_smi;
+ MemoryRegion iomem_reset;
+
+ qemu_irq irq; /* SCI */
+
+ uint32_t pm_io_base;
+ Notifier powerdown_notifier;
+
+ bool cpu_hotplug_legacy;
+ AcpiCpuHotplug gpe_cpu;
+ CPUHotplugState cpuhp_state;
+
+ MemHotplugState acpi_memory_hotplug;
+
+ uint8_t disable_s3;
+ uint8_t disable_s4;
+ uint8_t s4_val;
+} LS7APCIPMRegs;
+
+void ls7a_pm_init(LS7APCIPMRegs *ls7a, qemu_irq *sci_irq);
+
+void ls7a_pm_iospace_update(LS7APCIPMRegs *pm, uint32_t pm_io_base);
+extern const VMStateDescription vmstate_ls7a_pm;
+
+void ls7a_pm_add_properties(Object *obj, LS7APCIPMRegs *pm, Error **errp);
+
+void ls7a_pm_device_plug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
+ Error **errp);
+void ls7a_pm_device_unplug_request_cb(HotplugHandler *hotplug_dev,
+ DeviceState *dev, Error **errp);
+void ls7a_pm_device_unplug_cb(HotplugHandler *hotplug_dev, DeviceState *dev,
+ Error **errp);
+
+void ls7a_pm_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list);
+
+void ls7a_send_gpe(AcpiDeviceIf *adev, AcpiEventStatusBits ev);
+#endif /* HW_ACPI_LS7A_H */
--
2.27.0

402
Add-RTC-support.patch Normal file
View File

@ -0,0 +1,402 @@
From 1b831c95e652d185c20efe74457927f5d7e35153 Mon Sep 17 00:00:00 2001
From: lixianglai <lixianglai@loongson.cn>
Date: Tue, 7 Feb 2023 06:35:16 -0500
Subject: [PATCH] Add RTC support.
Add Loongarch real-time clock device simulation.
Signed-off-by: lixianglai <lixianglai@loongson.cn>
---
hw/meson.build | 1 +
hw/timer/Kconfig | 2 +
hw/timer/ls7a_rtc.c | 343 +++++++++++++++++++++++++++++++++++++++++++
hw/timer/meson.build | 1 +
4 files changed, 347 insertions(+)
create mode 100644 hw/timer/ls7a_rtc.c
diff --git a/hw/meson.build b/hw/meson.build
index f39c1f7e70..a9a078ec33 100644
--- a/hw/meson.build
+++ b/hw/meson.build
@@ -17,6 +17,7 @@ subdir('intc')
subdir('ipack')
subdir('ipmi')
subdir('isa')
+subdir('loongarch')
subdir('mem')
subdir('misc')
subdir('net')
diff --git a/hw/timer/Kconfig b/hw/timer/Kconfig
index 010be7ed1f..b395c72d7d 100644
--- a/hw/timer/Kconfig
+++ b/hw/timer/Kconfig
@@ -60,3 +60,5 @@ config STELLARIS_GPTM
config AVR_TIMER16
bool
+config LS7A_RTC
+ bool
diff --git a/hw/timer/ls7a_rtc.c b/hw/timer/ls7a_rtc.c
new file mode 100644
index 0000000000..56c2695654
--- /dev/null
+++ b/hw/timer/ls7a_rtc.c
@@ -0,0 +1,343 @@
+/*
+ * Loongarch rtc emulation
+ *
+ * Copyright (c) 2023 Loongarch Technology
+ *
+ * This program is free software; you can redistribute it and/or modify it
+ * under the terms and conditions of the GNU General Public License,
+ * version 2 or later, as published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
+ * more details.
+ *
+ * You should have received a copy of the GNU General Public License along with
+ * this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ */
+
+#include "qemu/osdep.h"
+#include "hw/sysbus.h"
+#include "hw/irq.h"
+#include "include/hw/register.h"
+#include "qemu/timer.h"
+#include "sysemu/sysemu.h"
+#include "qemu/cutils.h"
+#include "qemu/log.h"
+#include "qemu-common.h"
+#include "migration/vmstate.h"
+
+#ifdef DEBUG_LS7A_RTC
+#define DPRINTF \
+ (fmt, ...) do \
+ { \
+ printf("ls7a_rtc: " fmt, ##__VA_ARGS__); \
+ } \
+ while (0)
+#else
+#define DPRINTF \
+ (fmt, ...) do \
+ { \
+ } \
+ while (0)
+#endif
+
+#define SYS_TOYTRIM 0x20
+#define SYS_TOYWRITE0 0x24
+#define SYS_TOYWRITE1 0x28
+#define SYS_TOYREAD0 0x2C
+#define SYS_TOYREAD1 0x30
+#define SYS_TOYMATCH0 0x34
+#define SYS_TOYMATCH1 0x38
+#define SYS_TOYMATCH2 0x3C
+#define SYS_RTCCTRL 0x40
+#define SYS_RTCTRIM 0x60
+#define SYS_RTCWRTIE0 0x64
+#define SYS_RTCREAD0 0x68
+#define SYS_RTCMATCH0 0x6C
+#define SYS_RTCMATCH1 0x70
+#define SYS_RTCMATCH2 0x74
+
+/**
+ ** shift bits and filed mask
+ **/
+#define TOY_MON_MASK 0x3f
+#define TOY_DAY_MASK 0x1f
+#define TOY_HOUR_MASK 0x1f
+#define TOY_MIN_MASK 0x3f
+#define TOY_SEC_MASK 0x3f
+#define TOY_MSEC_MASK 0xf
+
+#define TOY_MON_SHIFT 26
+#define TOY_DAY_SHIFT 21
+#define TOY_HOUR_SHIFT 16
+#define TOY_MIN_SHIFT 10
+#define TOY_SEC_SHIFT 4
+#define TOY_MSEC_SHIFT 0
+
+#define TOY_MATCH_YEAR_MASK 0x3f
+#define TOY_MATCH_MON_MASK 0xf
+#define TOY_MATCH_DAY_MASK 0x1f
+#define TOY_MATCH_HOUR_MASK 0x1f
+#define TOY_MATCH_MIN_MASK 0x3f
+#define TOY_MATCH_SEC_MASK 0x3f
+
+#define TOY_MATCH_YEAR_SHIFT 26
+#define TOY_MATCH_MON_SHIFT 22
+#define TOY_MATCH_DAY_SHIFT 17
+#define TOY_MATCH_HOUR_SHIFT 12
+#define TOY_MATCH_MIN_SHIFT 6
+#define TOY_MATCH_SEC_SHIFT 0
+
+#define TOY_ENABLE_BIT (1U << 11)
+
+#define TYPE_LS7A_RTC "ls7a_rtc"
+#define LS7A_RTC(obj) OBJECT_CHECK(LS7A_RTCState, (obj), TYPE_LS7A_RTC)
+
+typedef struct LS7A_RTCState {
+ SysBusDevice parent_obj;
+
+ MemoryRegion iomem;
+ QEMUTimer *timer;
+ /*
+ * Needed to preserve the tick_count across migration, even if the
+ * absolute value of the rtc_clock is different on the source and
+ * destination.
+ */
+ int64_t offset;
+ int64_t data;
+ int64_t save_alarm_offset;
+ int tidx;
+ uint32_t toymatch[3];
+ uint32_t toytrim;
+ uint32_t cntrctl;
+ uint32_t rtctrim;
+ uint32_t rtccount;
+ uint32_t rtcmatch[3];
+ qemu_irq toy_irq;
+} LS7A_RTCState;
+
+enum {
+ TOYEN = 1UL << 11,
+ RTCEN = 1UL << 13,
+};
+
+static uint64_t ls7a_rtc_read(void *opaque, hwaddr addr, unsigned size)
+{
+ LS7A_RTCState *s = (LS7A_RTCState *)opaque;
+ struct tm tm;
+ unsigned int val = 0;
+
+ switch (addr) {
+ case SYS_TOYREAD0:
+ qemu_get_timedate(&tm, s->offset);
+ val = (((tm.tm_mon + 1) & TOY_MON_MASK) << TOY_MON_SHIFT) |
+ (((tm.tm_mday) & TOY_DAY_MASK) << TOY_DAY_SHIFT) |
+ (((tm.tm_hour) & TOY_HOUR_MASK) << TOY_HOUR_SHIFT) |
+ (((tm.tm_min) & TOY_MIN_MASK) << TOY_MIN_SHIFT) |
+ (((tm.tm_sec) & TOY_SEC_MASK) << TOY_SEC_SHIFT) | 0x0;
+ break;
+ case SYS_TOYREAD1:
+ qemu_get_timedate(&tm, s->offset);
+ val = tm.tm_year;
+ break;
+ case SYS_TOYMATCH0:
+ val = s->toymatch[0];
+ break;
+ case SYS_TOYMATCH1:
+ val = s->toymatch[1];
+ break;
+ case SYS_TOYMATCH2:
+ val = s->toymatch[2];
+ break;
+ case SYS_RTCCTRL:
+ val = s->cntrctl;
+ break;
+ case SYS_RTCREAD0:
+ val = s->rtccount;
+ break;
+ case SYS_RTCMATCH0:
+ val = s->rtcmatch[0];
+ break;
+ case SYS_RTCMATCH1:
+ val = s->rtcmatch[1];
+ break;
+ case SYS_RTCMATCH2:
+ val = s->rtcmatch[2];
+ break;
+ default:
+ break;
+ }
+ return val;
+}
+
+static void ls7a_rtc_write(void *opaque, hwaddr addr, uint64_t val,
+ unsigned size)
+{
+ LS7A_RTCState *s = (LS7A_RTCState *)opaque;
+ struct tm tm;
+ int64_t alarm_offset, year_diff, expire_time;
+
+ switch (addr) {
+ case SYS_TOYWRITE0:
+ qemu_get_timedate(&tm, s->offset);
+ tm.tm_sec = (val >> TOY_SEC_SHIFT) & TOY_SEC_MASK;
+ tm.tm_min = (val >> TOY_MIN_SHIFT) & TOY_MIN_MASK;
+ tm.tm_hour = (val >> TOY_HOUR_SHIFT) & TOY_HOUR_MASK;
+ tm.tm_mday = ((val >> TOY_DAY_SHIFT) & TOY_DAY_MASK);
+ tm.tm_mon = ((val >> TOY_MON_SHIFT) & TOY_MON_MASK) - 1;
+ s->offset = qemu_timedate_diff(&tm);
+ break;
+ case SYS_TOYWRITE1:
+ qemu_get_timedate(&tm, s->offset);
+ tm.tm_year = val;
+ s->offset = qemu_timedate_diff(&tm);
+ break;
+ case SYS_TOYMATCH0:
+ s->toymatch[0] = val;
+ qemu_get_timedate(&tm, s->offset);
+ tm.tm_sec = (val >> TOY_MATCH_SEC_SHIFT) & TOY_MATCH_SEC_MASK;
+ tm.tm_min = (val >> TOY_MATCH_MIN_SHIFT) & TOY_MATCH_MIN_MASK;
+ tm.tm_hour = ((val >> TOY_MATCH_HOUR_SHIFT) & TOY_MATCH_HOUR_MASK);
+ tm.tm_mday = ((val >> TOY_MATCH_DAY_SHIFT) & TOY_MATCH_DAY_MASK);
+ tm.tm_mon = ((val >> TOY_MATCH_MON_SHIFT) & TOY_MATCH_MON_MASK) - 1;
+ year_diff = ((val >> TOY_MATCH_YEAR_SHIFT) & TOY_MATCH_YEAR_MASK);
+ year_diff = year_diff - (tm.tm_year & TOY_MATCH_YEAR_MASK);
+ tm.tm_year = tm.tm_year + year_diff;
+ alarm_offset = qemu_timedate_diff(&tm) - s->offset;
+ if ((alarm_offset < 0) && (alarm_offset > -5)) {
+ alarm_offset = 0;
+ }
+ expire_time = qemu_clock_get_ms(rtc_clock);
+ expire_time += ((alarm_offset * 1000) + 100);
+ timer_mod(s->timer, expire_time);
+ break;
+ case SYS_TOYMATCH1:
+ s->toymatch[1] = val;
+ break;
+ case SYS_TOYMATCH2:
+ s->toymatch[2] = val;
+ break;
+ case SYS_RTCCTRL:
+ s->cntrctl = val;
+ break;
+ case SYS_RTCWRTIE0:
+ s->rtccount = val;
+ break;
+ case SYS_RTCMATCH0:
+ s->rtcmatch[0] = val;
+ break;
+ case SYS_RTCMATCH1:
+ val = s->rtcmatch[1];
+ break;
+ case SYS_RTCMATCH2:
+ val = s->rtcmatch[2];
+ break;
+ default:
+ break;
+ }
+}
+
+static const MemoryRegionOps ls7a_rtc_ops = {
+ .read = ls7a_rtc_read,
+ .write = ls7a_rtc_write,
+ .endianness = DEVICE_NATIVE_ENDIAN,
+ .valid = {
+ .min_access_size = 4,
+ .max_access_size = 4,
+ },
+
+};
+
+static void toy_timer(void *opaque)
+{
+ LS7A_RTCState *s = (LS7A_RTCState *)opaque;
+
+ if (s->cntrctl & TOY_ENABLE_BIT) {
+ qemu_irq_pulse(s->toy_irq);
+ }
+}
+
+static void ls7a_rtc_realize(DeviceState *dev, Error **errp)
+{
+ SysBusDevice *sbd = SYS_BUS_DEVICE(dev);
+ LS7A_RTCState *d = LS7A_RTC(sbd);
+ memory_region_init_io(&d->iomem, NULL, &ls7a_rtc_ops, (void *)d,
+ "ls7a_rtc", 0x100);
+
+ sysbus_init_irq(sbd, &d->toy_irq);
+
+ sysbus_init_mmio(sbd, &d->iomem);
+ d->timer = timer_new_ms(rtc_clock, toy_timer, d);
+ timer_mod(d->timer, qemu_clock_get_ms(rtc_clock) + 100);
+ d->offset = 0;
+}
+
+static int ls7a_rtc_pre_save(void *opaque)
+{
+ LS7A_RTCState *s = (LS7A_RTCState *)opaque;
+ struct tm tm;
+ int64_t year_diff, value;
+
+ value = s->toymatch[0];
+ qemu_get_timedate(&tm, s->offset);
+ tm.tm_sec = (value >> TOY_MATCH_SEC_SHIFT) & TOY_MATCH_SEC_MASK;
+ tm.tm_min = (value >> TOY_MATCH_MIN_SHIFT) & TOY_MATCH_MIN_MASK;
+ tm.tm_hour = ((value >> TOY_MATCH_HOUR_SHIFT) & TOY_MATCH_HOUR_MASK);
+ tm.tm_mday = ((value >> TOY_MATCH_DAY_SHIFT) & TOY_MATCH_DAY_MASK);
+ tm.tm_mon = ((value >> TOY_MATCH_MON_SHIFT) & TOY_MATCH_MON_MASK) - 1;
+ year_diff = ((value >> TOY_MATCH_YEAR_SHIFT) & TOY_MATCH_YEAR_MASK);
+ year_diff = year_diff - (tm.tm_year & TOY_MATCH_YEAR_MASK);
+ tm.tm_year = tm.tm_year + year_diff;
+ s->save_alarm_offset = qemu_timedate_diff(&tm) - s->offset;
+
+ return 0;
+}
+
+static int ls7a_rtc_post_load(void *opaque, int version_id)
+{
+ LS7A_RTCState *s = (LS7A_RTCState *)opaque;
+ int64_t expire_time;
+
+ expire_time = qemu_clock_get_ms(rtc_clock) + (s->save_alarm_offset * 1000);
+ timer_mod(s->timer, expire_time);
+
+ return 0;
+}
+
+static const VMStateDescription vmstate_ls7a_rtc = {
+ .name = "ls7a_rtc",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .pre_save = ls7a_rtc_pre_save,
+ .post_load = ls7a_rtc_post_load,
+ .fields =
+ (VMStateField[]){ VMSTATE_INT64(offset, LS7A_RTCState),
+ VMSTATE_INT64(save_alarm_offset, LS7A_RTCState),
+ VMSTATE_UINT32(toymatch[0], LS7A_RTCState),
+ VMSTATE_UINT32(cntrctl, LS7A_RTCState),
+ VMSTATE_END_OF_LIST() }
+};
+
+static void ls7a_rtc_class_init(ObjectClass *klass, void *data)
+{
+ DeviceClass *dc = DEVICE_CLASS(klass);
+ dc->vmsd = &vmstate_ls7a_rtc;
+ dc->realize = ls7a_rtc_realize;
+ dc->desc = "ls7a rtc";
+}
+
+static const TypeInfo ls7a_rtc_info = {
+ .name = TYPE_LS7A_RTC,
+ .parent = TYPE_SYS_BUS_DEVICE,
+ .instance_size = sizeof(LS7A_RTCState),
+ .class_init = ls7a_rtc_class_init,
+};
+
+static void ls7a_rtc_register_types(void)
+{
+ type_register_static(&ls7a_rtc_info);
+}
+
+type_init(ls7a_rtc_register_types)
diff --git a/hw/timer/meson.build b/hw/timer/meson.build
index 03092e2ceb..e841a2f6ee 100644
--- a/hw/timer/meson.build
+++ b/hw/timer/meson.build
@@ -16,6 +16,7 @@ softmmu_ss.add(when: 'CONFIG_EXYNOS4', if_true: files('exynos4210_mct.c'))
softmmu_ss.add(when: 'CONFIG_EXYNOS4', if_true: files('exynos4210_pwm.c'))
softmmu_ss.add(when: 'CONFIG_GRLIB', if_true: files('grlib_gptimer.c'))
softmmu_ss.add(when: 'CONFIG_HPET', if_true: files('hpet.c'))
+softmmu_ss.add(when: 'CONFIG_LS7A_RTC', if_true: files('ls7a_rtc.c'))
softmmu_ss.add(when: 'CONFIG_I8254', if_true: files('i8254_common.c', 'i8254.c'))
softmmu_ss.add(when: 'CONFIG_IMX', if_true: files('imx_epit.c'))
softmmu_ss.add(when: 'CONFIG_IMX', if_true: files('imx_gpt.c'))
--
2.27.0

28
Add-bios.patch Normal file
View File

@ -0,0 +1,28 @@
From 6921fc74a9a58445e453eeb3c2ee74cead690ee4 Mon Sep 17 00:00:00 2001
From: lixianglai <lixianglai@loongson.cn>
Date: Tue, 7 Feb 2023 07:22:18 -0500
Subject: [PATCH] Add bios.
Add loongarch bios.
Signed-off-by: lixianglai <lixianglai@loongson.cn>
---
pc-bios/meson.build | 2 ++
1 files changed, 2 insertions(+)
diff --git a/pc-bios/meson.build b/pc-bios/meson.build
index 05e9065ad6..f2a1d111a1 100644
--- a/pc-bios/meson.build
+++ b/pc-bios/meson.build
@@ -86,6 +86,8 @@ blobs = files(
'opensbi-riscv32-generic-fw_dynamic.elf',
'opensbi-riscv64-generic-fw_dynamic.elf',
'npcm7xx_bootrom.bin',
+ 'loongarch_bios.bin',
+ 'loongarch_vars.bin',
)
if get_option('install_blobs')
--
2.27.0

104
Add-command-line.patch Normal file
View File

@ -0,0 +1,104 @@
From a88f2d12afb6a6b5b3d97983cea95d6088f0bf04 Mon Sep 17 00:00:00 2001
From: lixianglai <lixianglai@loongson.cn>
Date: Tue, 7 Feb 2023 07:21:17 -0500
Subject: [PATCH] Add command line.
Add loongarch command support.
Signed-off-by: lixianglai <lixianglai@loongson.cn>
---
include/sysemu/arch_init.h | 1 +
qapi/machine-target.json | 6 ++++--
qapi/machine.json | 2 +-
qapi/misc-target.json | 1 +
qemu-options.hx | 2 +-
softmmu/qdev-monitor.c | 2 +-
6 files changed, 9 insertions(+), 5 deletions(-)
diff --git a/include/sysemu/arch_init.h b/include/sysemu/arch_init.h
index 1cf27baa7c..0907b92cd1 100644
--- a/include/sysemu/arch_init.h
+++ b/include/sysemu/arch_init.h
@@ -25,6 +25,7 @@ enum {
QEMU_ARCH_AVR = (1 << 21),
QEMU_ARCH_HEXAGON = (1 << 22),
QEMU_ARCH_SW64 = (1 << 23),
+ QEMU_ARCH_LOONGARCH64 = (1 << 24),
};
extern const uint32_t arch_type;
diff --git a/qapi/machine-target.json b/qapi/machine-target.json
index f5ec4bc172..682dc86b42 100644
--- a/qapi/machine-target.json
+++ b/qapi/machine-target.json
@@ -324,7 +324,8 @@
'TARGET_ARM',
'TARGET_I386',
'TARGET_S390X',
- 'TARGET_MIPS' ] } }
+ 'TARGET_MIPS',
+ 'TARGET_LOONGARCH64' ] } }
##
# @query-cpu-definitions:
@@ -340,4 +341,5 @@
'TARGET_ARM',
'TARGET_I386',
'TARGET_S390X',
- 'TARGET_MIPS' ] } }
+ 'TARGET_MIPS',
+ 'TARGET_LOONGARCH64' ] } }
diff --git a/qapi/machine.json b/qapi/machine.json
index 03cfb268a4..31b0350b99 100644
--- a/qapi/machine.json
+++ b/qapi/machine.json
@@ -34,7 +34,7 @@
'mips64el', 'mipsel', 'nios2', 'or1k', 'ppc',
'ppc64', 'riscv32', 'riscv64', 'rx', 's390x', 'sh4',
'sh4eb', 'sparc', 'sparc64', 'tricore',
- 'x86_64', 'xtensa', 'xtensaeb' ] }
+ 'x86_64', 'xtensa', 'xtensaeb', 'loongarch64' ] }
##
# @CpuS390State:
diff --git a/qapi/misc-target.json b/qapi/misc-target.json
index 4bc45d2474..63cebef573 100644
--- a/qapi/misc-target.json
+++ b/qapi/misc-target.json
@@ -33,6 +33,7 @@
'TARGET_PPC64',
'TARGET_S390X',
'TARGET_SH4',
+ 'TARGET_LOONGARCH64',
'TARGET_SPARC' ] } }
##
diff --git a/qemu-options.hx b/qemu-options.hx
index 047d28a357..e62bb6bebd 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -2533,7 +2533,7 @@ DEF("smbios", HAS_ARG, QEMU_OPTION_smbios,
" specify SMBIOS type 17 fields\n"
"-smbios type=41[,designation=str][,kind=str][,instance=%d][,pcidev=str]\n"
" specify SMBIOS type 41 fields\n",
- QEMU_ARCH_I386 | QEMU_ARCH_ARM)
+ QEMU_ARCH_I386 | QEMU_ARCH_ARM | QEMU_ARCH_LOONGARCH64)
SRST
``-smbios file=binary``
Load SMBIOS entry from binary file.
diff --git a/softmmu/qdev-monitor.c b/softmmu/qdev-monitor.c
index 142352b24e..4ca4e92ce2 100644
--- a/softmmu/qdev-monitor.c
+++ b/softmmu/qdev-monitor.c
@@ -62,7 +62,7 @@ typedef struct QDevAlias
QEMU_ARCH_MIPS | QEMU_ARCH_PPC | \
QEMU_ARCH_RISCV | QEMU_ARCH_SH4 | \
QEMU_ARCH_SPARC | QEMU_ARCH_XTENSA | \
- QEMU_ARCH_SW64)
+ QEMU_ARCH_SW64 | QEMU_ARCH_LOONGARCH64)
#define QEMU_ARCH_VIRTIO_CCW (QEMU_ARCH_S390X)
#define QEMU_ARCH_VIRTIO_MMIO (QEMU_ARCH_M68K)
--
2.27.0

255
Add-compile-script.patch Normal file
View File

@ -0,0 +1,255 @@
From 6668690dee884342e29103b5df1ab751bb236bba Mon Sep 17 00:00:00 2001
From: lixianglai <lixianglai@loongson.cn>
Date: Tue, 7 Feb 2023 07:22:58 -0500
Subject: [PATCH] Add compile script.
Modify the compile script for loongarch.
Signed-off-by: lixianglai <lixianglai@loongson.cn>
---
.../devices/loongarch64-softmmu/default.mak | 158 ++++++++++++++++++
configs/targets/loongarch64-softmmu.mak | 3 +
configure | 5 +
meson.build | 7 +-
4 files changed, 172 insertions(+), 1 deletion(-)
create mode 100644 configs/devices/loongarch64-softmmu/default.mak
create mode 100644 configs/targets/loongarch64-softmmu.mak
diff --git a/configs/devices/loongarch64-softmmu/default.mak b/configs/devices/loongarch64-softmmu/default.mak
new file mode 100644
index 0000000000..c4cc246833
--- /dev/null
+++ b/configs/devices/loongarch64-softmmu/default.mak
@@ -0,0 +1,158 @@
+# Default configuration for loongarch-softmmu
+
+CONFIG_PCI=y
+CONFIG_ACPI_PCI=y
+# For now, CONFIG_IDE_CORE requires ISA, so we enable it here
+CONFIG_ISA_BUS=y
+CONFIG_VIRTIO_PCI=y
+
+CONFIG_VGA_PCI=y
+CONFIG_ACPI_SMBUS=y
+CONFIG_VHOST_USER_SCSI=y
+CONFIG_VHOST_USER_BLK=y
+CONFIG_VIRTIO=y
+CONFIG_VIRTIO_BALLOON=y
+CONFIG_VIRTIO_BLK=y
+CONFIG_VIRTIO_CRYPTO=y
+CONFIG_VIRTIO_GPU=y
+CONFIG_VIRTIO_INPUT=y
+CONFIG_VIRTIO_NET=y
+CONFIG_VIRTIO_RNG=y
+CONFIG_SCSI=y
+CONFIG_VIRTIO_SCSI=y
+CONFIG_VIRTIO_SERIAL=y
+
+CONFIG_USB_UHCI=y
+CONFIG_USB_OHCI=y
+CONFIG_USB_OHCI_PCI=y
+CONFIG_USB_XHCI=y
+CONFIG_USB_XHCI_NEC=y
+CONFIG_NE2000_PCI=y
+CONFIG_EEPRO100_PCI=y
+CONFIG_PCNET_PCI=y
+CONFIG_PCNET_COMMON=y
+CONFIG_AC97=y
+CONFIG_HDA=y
+CONFIG_ES1370=y
+CONFIG_SCSI=y
+CONFIG_LSI_SCSI_PCI=y
+CONFIG_VMW_PVSCSI_SCSI_PCI=y
+CONFIG_MEGASAS_SCSI_PCI=y
+CONFIG_MPTSAS_SCSI_PCI=y
+CONFIG_RTL8139_PCI=y
+CONFIG_E1000_PCI=y
+CONFIG_IDE_CORE=y
+CONFIG_IDE_QDEV=y
+CONFIG_IDE_PCI=y
+CONFIG_AHCI=y
+CONFIG_AHCI_ICH9=y
+CONFIG_ESP=y
+CONFIG_ESP_PCI=y
+CONFIG_SERIAL=y
+CONFIG_SERIAL_ISA=y
+CONFIG_SERIAL_PCI=y
+CONFIG_CAN_BUS=y
+CONFIG_CAN_SJA1000=y
+CONFIG_CAN_PCI=y
+CONFIG_USB_UHCI=y
+CONFIG_USB_OHCI=y
+CONFIG_USB_XHCI=y
+CONFIG_USB_XHCI_NEC=y
+CONFIG_NE2000_PCI=y
+CONFIG_EEPRO100_PCI=y
+CONFIG_PCNET_PCI=y
+CONFIG_PCNET_COMMON=y
+CONFIG_AC97=y
+CONFIG_HDA=y
+CONFIG_ES1370=y
+CONFIG_SCSI=y
+CONFIG_LSI_SCSI_PCI=y
+CONFIG_VMW_PVSCSI_SCSI_PCI=y
+CONFIG_MEGASAS_SCSI_PCI=y
+CONFIG_MPTSAS_SCSI_PCI=y
+CONFIG_RTL8139_PCI=y
+CONFIG_E1000_PCI=y
+CONFIG_IDE_CORE=y
+CONFIG_IDE_QDEV=y
+CONFIG_IDE_PCI=y
+CONFIG_AHCI=y
+CONFIG_ESP=y
+CONFIG_ESP_PCI=y
+CONFIG_SERIAL=y
+CONFIG_SERIAL_ISA=y
+CONFIG_SERIAL_PCI=y
+CONFIG_CAN_BUS=y
+CONFIG_CAN_SJA1000=y
+CONFIG_CAN_PCI=y
+
+CONFIG_SPICE=y
+CONFIG_QXL=y
+CONFIG_ESP=y
+CONFIG_SCSI=y
+CONFIG_VGA_ISA=y
+CONFIG_VGA_ISA_MM=y
+CONFIG_VGA_CIRRUS=y
+CONFIG_VMWARE_VGA=y
+CONFIG_VIRTIO_VGA=y
+CONFIG_SERIAL=y
+CONFIG_SERIAL_ISA=y
+CONFIG_PARALLEL=y
+CONFIG_I8254=y
+CONFIG_PCSPK=y
+CONFIG_PCKBD=y
+CONFIG_FDC=y
+CONFIG_ACPI=y
+CONFIG_ACPI_MEMORY_HOTPLUG=y
+CONFIG_ACPI_NVDIMM=y
+CONFIG_ACPI_CPU_HOTPLUG=y
+CONFIG_APM=y
+CONFIG_I8257=y
+CONFIG_PIIX4=y
+CONFIG_IDE_ISA=y
+CONFIG_IDE_PIIX=y
+CONFIG_MIPSNET=y
+CONFIG_PFLASH_CFI01=y
+CONFIG_I8259=y
+CONFIG_MC146818RTC=y
+CONFIG_ISA_TESTDEV=y
+CONFIG_EMPTY_SLOT=y
+CONFIG_I2C=y
+CONFIG_DIMM=y
+CONFIG_MEM_DEVICE=y
+
+# Arch Specified CONFIG defines
+CONFIG_IDE_VIA=y
+CONFIG_VT82C686=y
+CONFIG_RC4030=y
+CONFIG_DP8393X=y
+CONFIG_DS1225Y=y
+CONFIG_FITLOADER=y
+CONFIG_SMBIOS=y
+
+CONFIG_PCIE_PORT=y
+CONFIG_I82801B11=y
+CONFIG_XIO3130=y
+CONFIG_PCI_EXPRESS=y
+CONFIG_MSI_NONBROKEN=y
+CONFIG_IOH3420=y
+CONFIG_SD=y
+CONFIG_SDHCI=y
+CONFIG_VIRTFS=y
+CONFIG_VIRTIO_9P=y
+CONFIG_USB_EHCI=y
+CONFIG_USB_EHCI_PCI=y
+CONFIG_USB_EHCI_SYSBUS=y
+CONFIG_USB_STORAGE_BOT=y
+CONFIG_TPM_EMULATOR=y
+CONFIG_TPM_TIS=y
+CONFIG_PLATFORM_BUS=y
+CONFIG_TPM_TIS_SYSBUS=y
+CONFIG_ACPI_LOONGARCH=y
+CONFIG_LS7A_RTC=y
+
+#vfio config
+CONFIG_VFIO=y
+CONFIG_VFIO_PCI=y
+CONFIG_VFIO_PLATFORM=y
+CONFIG_VFIO_XGMAC=y
+CONFIG_VFIO_AMD_XGBE=y
diff --git a/configs/targets/loongarch64-softmmu.mak b/configs/targets/loongarch64-softmmu.mak
new file mode 100644
index 0000000000..c42dfbbd9c
--- /dev/null
+++ b/configs/targets/loongarch64-softmmu.mak
@@ -0,0 +1,3 @@
+TARGET_ARCH=loongarch64
+TARGET_SUPPORTS_MTTCG=y
+TARGET_XML_FILES= gdb-xml/loongarch-base64.xml gdb-xml/loongarch-fpu.xml
diff --git a/configure b/configure
index 2576d1c693..a84dc891cc 100755
--- a/configure
+++ b/configure
@@ -579,6 +579,8 @@ elif check_define __arm__ ; then
cpu="arm"
elif check_define __aarch64__ ; then
cpu="aarch64"
+elif check_define __loongarch__ ; then
+ cpu="loongarch64"
else
cpu=$(uname -m)
fi
@@ -604,6 +606,9 @@ case "$cpu" in
aarch64)
cpu="aarch64"
;;
+ loongarch64)
+ cpu="loongarch64"
+ ;;
mips*)
cpu="mips"
;;
diff --git a/meson.build b/meson.build
index d0bbceffe1..d80426b3e8 100644
--- a/meson.build
+++ b/meson.build
@@ -56,7 +56,7 @@ python = import('python').find_installation()
supported_oses = ['windows', 'freebsd', 'netbsd', 'openbsd', 'darwin', 'sunos', 'linux']
supported_cpus = ['ppc', 'ppc64', 's390x', 'riscv', 'x86', 'x86_64',
- 'arm', 'aarch64', 'mips', 'mips64', 'sparc', 'sparc64', 'sw64']
+ 'arm', 'aarch64', 'mips', 'mips64', 'sparc', 'sparc64', 'sw64', 'loongarch64']
cpu = host_machine.cpu_family()
@@ -83,6 +83,8 @@ elif cpu in ['mips', 'mips64']
kvm_targets = ['mips-softmmu', 'mipsel-softmmu', 'mips64-softmmu', 'mips64el-softmmu']
elif cpu == 'sw64'
kvm_targets = ['sw64-softmmu']
+elif cpu == 'loongarch64'
+ kvm_targets = ['loongarch64-softmmu']
else
kvm_targets = []
endif
@@ -367,6 +369,8 @@ if not get_option('tcg').disabled()
tcg_arch = 'ppc'
elif config_host['ARCH'] in ['sw64']
tcg_arch = 'sw64'
+ elif config_host['ARCH'] == 'loongarch64'
+ tcg_arch = 'loongarch64'
endif
add_project_arguments('-iquote', meson.current_source_dir() / 'tcg' / tcg_arch,
language: ['c', 'cpp', 'objc'])
@@ -1822,6 +1826,7 @@ disassemblers = {
'sh4' : ['CONFIG_SH4_DIS'],
'sparc' : ['CONFIG_SPARC_DIS'],
'xtensa' : ['CONFIG_XTENSA_DIS'],
+ 'loongarch64' : ['CONFIG_LOONGARCH_DIS'],
'sw64' : ['CONFIG_SW64_DIS'],
}
if link_language == 'cpp'
--
2.27.0

2882
Add-disas-gdb.patch Normal file
View File

File diff suppressed because it is too large Load Diff

1999
Add-linux-headers-and-linux-user.patch Normal file
View File

File diff suppressed because it is too large Load Diff

6181
Add-loongarch-machine.patch Normal file
View File

File diff suppressed because it is too large Load Diff

15466
Add-target-loongarch64.patch Normal file
View File

File diff suppressed because it is too large Load Diff

3009
Add-tcg.patch Normal file
View File

File diff suppressed because it is too large Load Diff

BIN
BinDir.tar.gz
View File

Binary file not shown.

52
arm-virt-Correct-timing-of-executing-cpu_synchronize.patch Normal file
View File

@ -0,0 +1,52 @@
From c3f86c199885506cfddde0dfc235c04e0897d591 Mon Sep 17 00:00:00 2001
From: Kunkun Jiang <jiangkunkun@huawei.com>
Date: Tue, 14 Feb 2023 20:33:40 +0800
Subject: [PATCH] arm/virt: Correct timing of executing
cpu_synchronize_post_init for hot-plugged cpus
When the CPU starts normally, cpu_synchronize_post_init is executed
after GICv3 is implemented. This order should be followed when dealing
with hot-plugged CPUs.
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
---
hw/arm/virt.c | 1 +
hw/core/cpu-common.c | 6 ++----
2 files changed, 3 insertions(+), 4 deletions(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 4716f9baaa..7d5b332594 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2798,6 +2798,7 @@ static void virt_cpu_plug(HotplugHandler *hotplug_dev,
}
/* Register CPU reset and trigger it manually */
+ cpu_synchronize_post_init(cs);
cpu_synchronize_state(cs);
cpu_hotplug_register_reset(ncpu);
cpu_hotplug_reset_manually(ncpu);
diff --git a/hw/core/cpu-common.c b/hw/core/cpu-common.c
index b8d1d820cb..2213840260 100644
--- a/hw/core/cpu-common.c
+++ b/hw/core/cpu-common.c
@@ -206,14 +206,12 @@ static void cpu_common_realizefn(DeviceState *dev, Error **errp)
}
}
+#ifdef __aarch64__
if (dev->hotplugged) {
cpu_synchronize_post_init(cpu);
-
-#ifdef __aarch64__
- if (!kvm_enabled())
-#endif
cpu_resume(cpu);
}
+#endif
/* NOTE: latest generic point where the cpu is fully realized */
trace_init_vcpu(cpu);
--
2.27.0

58
arm-virt-Correct-timing-of-pause-all-vcpus-for-hot-p.patch Normal file
View File

@ -0,0 +1,58 @@
From 41f30679648676d4d62b1ae9026dde77fa9895d5 Mon Sep 17 00:00:00 2001
From: Kunkun Jiang <jiangkunkun@huawei.com>
Date: Tue, 14 Feb 2023 20:39:07 +0800
Subject: [PATCH] arm/virt: Correct timing of pause all vcpus for hot-plugged
CPUs
When dealing with hot-plugging cpus, it may fail when realize cpu.
Such a failure would make paused vcpus unrecoverable. So we only
pause all vcpus when needed. Add removed some unnecessary checks.
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
---
hw/arm/virt.c | 15 ++++++++-------
1 file changed, 8 insertions(+), 7 deletions(-)
diff --git a/hw/arm/virt.c b/hw/arm/virt.c
index 7d5b332594..4c876fcf16 100644
--- a/hw/arm/virt.c
+++ b/hw/arm/virt.c
@@ -2747,13 +2747,6 @@ static void virt_cpu_pre_plug(HotplugHandler *hotplug_dev,
&error_abort);
}
}
-
- /* If we use KVM accel, we should pause all vcpus to
- * allow hot access of vcpu registers.
- */
- if (dev->hotplugged && kvm_enabled()) {
- pause_all_vcpus();
- }
}
static void virt_cpu_plug(HotplugHandler *hotplug_dev,
@@ -2773,6 +2766,10 @@ static void virt_cpu_plug(HotplugHandler *hotplug_dev,
/* For CPU that is cold/hot plugged */
if (ncpu >= ms->smp.cpus) {
+ if (dev->hotplugged) {
+ pause_all_vcpus();
+ }
+
/* Realize GIC related parts of CPU */
assert(vms->gic_version == 3);
gicv3 = ARM_GICV3_COMMON(vms->gic);
@@ -2803,6 +2800,10 @@ static void virt_cpu_plug(HotplugHandler *hotplug_dev,
cpu_hotplug_register_reset(ncpu);
cpu_hotplug_reset_manually(ncpu);
cpu_synchronize_post_reset(cs);
+
+ if (dev->hotplugged) {
+ resume_all_vcpus();
+ }
}
if (dev->hotplugged && kvm_enabled()) {
--
2.27.0

124
block-backend-prevent-dangling-BDS-pointers-across-a.patch Normal file
View File

@ -0,0 +1,124 @@
From 6363172843fd756c61d6a3725ad5b3a385eddc87 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Tue, 21 Mar 2023 03:02:58 +0000
Subject: [PATCH] block-backend: prevent dangling BDS pointers across
aio_poll() mainline inclusion commit 1e3552dbd28359d35967b7c28dc86cde1bc29205
category: bugfix
---------------------------------------------------------------
The BlockBackend root child can change when aio_poll() is invoked. This
happens when a temporary filter node is removed upon blockjob
completion, for example.
Functions in block/block-backend.c must be aware of this when using a
blk_bs() pointer across aio_poll() because the BlockDriverState refcnt
may reach 0, resulting in a stale pointer.
One example is scsi_device_purge_requests(), which calls blk_drain() to
wait for in-flight requests to cancel. If the backup blockjob is active,
then the BlockBackend root child is a temporary filter BDS owned by the
blockjob. The blockjob can complete during bdrv_drained_begin() and the
last reference to the BDS is released when the temporary filter node is
removed. This results in a use-after-free when blk_drain() calls
bdrv_drained_end(bs) on the dangling pointer.
Explicitly hold a reference to bs across block APIs that invoke
aio_poll().
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2021778
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2036178
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220111153613.25453-2-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
block/block-backend.c | 19 +++++++++++++++++--
1 file changed, 17 insertions(+), 2 deletions(-)
diff --git a/block/block-backend.c b/block/block-backend.c
index 49d236b2a4..3a757fb746 100644
--- a/block/block-backend.c
+++ b/block/block-backend.c
@@ -840,16 +840,22 @@ BlockBackend *blk_by_public(BlockBackendPublic *public)
void blk_remove_bs(BlockBackend *blk)
{
ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
- BlockDriverState *bs;
BdrvChild *root;
notifier_list_notify(&blk->remove_bs_notifiers, blk);
if (tgm->throttle_state) {
- bs = blk_bs(blk);
+ BlockDriverState *bs = blk_bs(blk);
+
+ /*
+ * Take a ref in case blk_bs() changes across bdrv_drained_begin(), for
+ * example, if a temporary filter node is removed by a blockjob.
+ */
+ bdrv_ref(bs);
bdrv_drained_begin(bs);
throttle_group_detach_aio_context(tgm);
throttle_group_attach_aio_context(tgm, qemu_get_aio_context());
bdrv_drained_end(bs);
+ bdrv_unref(bs);
}
blk_update_root_state(blk);
@@ -1731,6 +1737,7 @@ void blk_drain(BlockBackend *blk)
BlockDriverState *bs = blk_bs(blk);
if (bs) {
+ bdrv_ref(bs);
bdrv_drained_begin(bs);
}
@@ -1740,6 +1747,7 @@ void blk_drain(BlockBackend *blk)
if (bs) {
bdrv_drained_end(bs);
+ bdrv_unref(bs);
}
}
@@ -2112,10 +2120,13 @@ static int blk_do_set_aio_context(BlockBackend *blk, AioContext *new_context,
int ret;
if (bs) {
+ bdrv_ref(bs);
+
if (update_root_node) {
ret = bdrv_child_try_set_aio_context(bs, new_context, blk->root,
errp);
if (ret < 0) {
+ bdrv_unref(bs);
return ret;
}
}
@@ -2125,6 +2136,8 @@ static int blk_do_set_aio_context(BlockBackend *blk, AioContext *new_context,
throttle_group_attach_aio_context(tgm, new_context);
bdrv_drained_end(bs);
}
+
+ bdrv_unref(bs);
}
blk->ctx = new_context;
@@ -2394,11 +2407,13 @@ void blk_io_limits_disable(BlockBackend *blk)
ThrottleGroupMember *tgm = &blk->public.throttle_group_member;
assert(tgm->throttle_state);
if (bs) {
+ bdrv_ref(bs);
bdrv_drained_begin(bs);
}
throttle_group_unregister_tgm(tgm);
if (bs) {
bdrv_drained_end(bs);
+ bdrv_unref(bs);
}
}
--
2.27.0

48
curl-Fix-error-path-in-curl_open.patch Normal file
View File

@ -0,0 +1,48 @@
From 745dd52e9a737f2d1e16fdc79b0f701d63df3606 Mon Sep 17 00:00:00 2001
From: jianchunfu <jianchunfu_yewu@cmss.chinamobile.com>
Date: Thu, 16 Mar 2023 16:20:44 +0800
Subject: [PATCH] curl: Fix error path in curl_open()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
g_hash_table_destroy() and g_hash_table_foreach_remove() (called by
curl_drop_all_sockets()) both require the table to be non-NULL, or will
print assertion failures (just print, no abort).
There are several paths in curl_open() that can lead to the out_noclean
label without s->sockets being allocated, so clean it only if it has
been allocated.
Example reproducer:
$ qemu-img info -f http ''
qemu-img: GLib: g_hash_table_foreach_remove: assertion 'hash_table != NULL' failed
qemu-img: GLib: g_hash_table_destroy: assertion 'hash_table != NULL' failed
qemu-img: Could not open '': http curl driver cannot handle the URL '' (does not start with 'http://')
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1475
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: jianchunfu <jianchunfu_yewu@cmss.chinamobile.com>
---
block/curl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/block/curl.c b/block/curl.c
index 4a8ae2b269..5aebb08002 100644
--- a/block/curl.c
+++ b/block/curl.c
@@ -821,8 +821,10 @@ out_noclean:
g_free(s->username);
g_free(s->proxyusername);
g_free(s->proxypassword);
- curl_drop_all_sockets(s->sockets);
- g_hash_table_destroy(s->sockets);
+ if (s->sockets) {
+ curl_drop_all_sockets(s->sockets);
+ g_hash_table_destroy(s->sockets);
+ }
qemu_opts_del(opts);
return -EINVAL;
}
--
2.27.0

62
dsoundaudio-fix-crackling-audio-recordings.patch Normal file
View File

@ -0,0 +1,62 @@
From b1985a8f51ce0496aa4e8802c42a64b90f1f891d Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Tue, 21 Mar 2023 02:50:07 +0000
Subject: [PATCH] dsoundaudio: fix crackling audio recordings mainline
inclusion commit 9d90ceb27461d7d0d172fd941b812d511794a6c6 category: bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---------------------------------------------------------------
Audio recordings with the DirectSound backend don't sound right.
A look a the Microsoft online documentation tells us why.
From the DirectSound Programming Guide, Capture Buffer Information:
'You can safely copy data from the buffer only up to the read
cursor.'
Change the code to read up to the read cursor instead of the
capture cursor.
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20211226154017.6067-2-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
audio/dsoundaudio.c | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git a/audio/dsoundaudio.c b/audio/dsoundaudio.c
index cfc79c129e..3dd2c4d4a6 100644
--- a/audio/dsoundaudio.c
+++ b/audio/dsoundaudio.c
@@ -536,13 +536,12 @@ static void *dsound_get_buffer_in(HWVoiceIn *hw, size_t *size)
DSoundVoiceIn *ds = (DSoundVoiceIn *) hw;
LPDIRECTSOUNDCAPTUREBUFFER dscb = ds->dsound_capture_buffer;
HRESULT hr;
- DWORD cpos, rpos, act_size;
+ DWORD rpos, act_size;
size_t req_size;
int err;
void *ret;
- hr = IDirectSoundCaptureBuffer_GetCurrentPosition(
- dscb, &cpos, ds->first_time ? &rpos : NULL);
+ hr = IDirectSoundCaptureBuffer_GetCurrentPosition(dscb, NULL, &rpos);
if (FAILED(hr)) {
dsound_logerr(hr, "Could not get capture buffer position\n");
*size = 0;
@@ -554,7 +553,7 @@ static void *dsound_get_buffer_in(HWVoiceIn *hw, size_t *size)
ds->first_time = false;
}
- req_size = audio_ring_dist(cpos, hw->pos_emul, hw->size_emul);
+ req_size = audio_ring_dist(rpos, hw->pos_emul, hw->size_emul);
req_size = MIN(*size, MIN(req_size, hw->size_emul - hw->pos_emul));
if (req_size == 0) {
--
2.27.0

31
fix-qmp-command-migrate-set-parameters.patch Normal file
View File

@ -0,0 +1,31 @@
From 05526b64c8201bb7395927a81ceef3723c1ce57e Mon Sep 17 00:00:00 2001
From: mayunlong <mayunlong6@huawei.com>
Date: Fri, 23 Dec 2022 10:43:46 +0800
Subject: [PATCH] fix qmp command migrate-set-parameters
params didn't apply after excute qmp command migrate-set-parameters,
this resulted in another qmp command(query-migrate-parameters) error.
Signed-off-by:mayunlong<mayunlong6@huawei.com>
---
migration/migration.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/migration/migration.c b/migration/migration.c
index 33d5832e47..2ec116f901 100644
--- a/migration/migration.c
+++ b/migration/migration.c
@@ -1621,6 +1621,10 @@ static void migrate_params_apply(MigrateSetParameters *params, Error **errp)
s->parameters.decompress_threads = params->decompress_threads;
}
+ if (params->has_compress_method) {
+ s->parameters.compress_method = params->compress_method;
+ }
+
if (params->has_throttle_trigger_threshold) {
s->parameters.throttle_trigger_threshold = params->throttle_trigger_threshold;
}
--
2.27.0

60
hw-acpi-Add-ospm_status-hook-implementation-for-acpi.patch Normal file
View File

@ -0,0 +1,60 @@
From fa15ed1690bbfd95e2df6efafcb034198e9b637a Mon Sep 17 00:00:00 2001
From: Keqian Zhu <zhukeqian1@huawei.com>
Date: Tue, 16 Aug 2022 17:49:57 +0800
Subject: [PATCH] hw/acpi: Add ospm_status hook implementation for acpi-ged
Setup an ARM virtual machine of machine virt and execute qmp "query-acpi-ospm-status"
causes segmentation fault with following dumpstack:
#1 0x0000aaaaab64235c in qmp_query_acpi_ospm_status (errp=errp@entry=0xfffffffff030) at ../monitor/qmp-cmds.c:312
#2 0x0000aaaaabfc4e20 in qmp_marshal_query_acpi_ospm_status (args=<optimized out>, ret=0xffffea4ffe90, errp=0xffffea4ffe88) at qapi/qapi-commands-acpi.c:63
#3 0x0000aaaaabff8ba0 in do_qmp_dispatch_bh (opaque=0xffffea4ffe98) at ../qapi/qmp-dispatch.c:128
#4 0x0000aaaaac02e594 in aio_bh_call (bh=0xffffe0004d80) at ../util/async.c:150
#5 aio_bh_poll (ctx=ctx@entry=0xaaaaad0f6040) at ../util/async.c:178
#6 0x0000aaaaac00bd40 in aio_dispatch (ctx=ctx@entry=0xaaaaad0f6040) at ../util/aio-posix.c:421
#7 0x0000aaaaac02e010 in aio_ctx_dispatch (source=0xaaaaad0f6040, callback=<optimized out>, user_data=<optimized out>) at ../util/async.c:320
#8 0x0000fffff76f6884 in g_main_context_dispatch () at /usr/lib64/libglib-2.0.so.0
#9 0x0000aaaaac0452d4 in glib_pollfds_poll () at ../util/main-loop.c:297
#10 os_host_main_loop_wait (timeout=0) at ../util/main-loop.c:320
#11 main_loop_wait (nonblocking=nonblocking@entry=0) at ../util/main-loop.c:596
#12 0x0000aaaaab5c9e50 in qemu_main_loop () at ../softmmu/runstate.c:734
#13 0x0000aaaaab185370 in qemu_main (argc=argc@entry=47, argv=argv@entry=0xfffffffff518, envp=envp@entry=0x0) at ../softmmu/main.c:38
#14 0x0000aaaaab16f99c in main (argc=47, argv=0xfffffffff518) at ../softmmu/main.c:47
Fixes: ebb62075021a ("hw/acpi: Add ACPI Generic Event Device Support")
Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20220816094957.31700-1-zhukeqian1@huawei.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
---
hw/acpi/generic_event_device.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/hw/acpi/generic_event_device.c b/hw/acpi/generic_event_device.c
index 042a8ef8a5..53e9112d9f 100644
--- a/hw/acpi/generic_event_device.c
+++ b/hw/acpi/generic_event_device.c
@@ -273,6 +273,13 @@ static void acpi_ged_unplug_cb(HotplugHandler *hotplug_dev,
}
}
+static void acpi_ged_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
+{
+ AcpiGedState *s = ACPI_GED(adev);
+
+ acpi_memory_ospm_status(&s->memhp_state, list);
+}
+
static void acpi_ged_send_event(AcpiDeviceIf *adev, AcpiEventStatusBits ev)
{
AcpiGedState *s = ACPI_GED(adev);
@@ -444,6 +451,7 @@ static void acpi_ged_class_init(ObjectClass *class, void *data)
hc->unplug_request = acpi_ged_unplug_request_cb;
hc->unplug = acpi_ged_unplug_cb;
+ adevc->ospm_status = acpi_ged_ospm_status;
adevc->send_event = acpi_ged_send_event;
}
--
2.27.0

28
hw-acpi-Support-acpi-ged-to-report-CPU-s-OST-info.patch Normal file
View File

@ -0,0 +1,28 @@
From 9e8ccc2a868e719233a34946106859461c057ade Mon Sep 17 00:00:00 2001
From: Kunkun Jiang <jiangkunkun@huawei.com>
Date: Tue, 14 Feb 2023 20:28:11 +0800
Subject: [PATCH] hw/acpi: Support acpi-ged to report CPU's OST info
Setup an ARM virtual machine of machine virt and execute qmp
"query-acpi-ospm-status" but can not get the CPU's OST info.
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
---
hw/acpi/generic_event_device.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/hw/acpi/generic_event_device.c b/hw/acpi/generic_event_device.c
index 53e9112d9f..9118681662 100644
--- a/hw/acpi/generic_event_device.c
+++ b/hw/acpi/generic_event_device.c
@@ -278,6 +278,7 @@ static void acpi_ged_ospm_status(AcpiDeviceIf *adev, ACPIOSTInfoList ***list)
AcpiGedState *s = ACPI_GED(adev);
acpi_memory_ospm_status(&s->memhp_state, list);
+ acpi_cpu_ospm_status(&s->cpuhp_state, list);
}
static void acpi_ged_send_event(AcpiDeviceIf *adev, AcpiEventStatusBits ev)
--
2.27.0

47
hw-audio-intel-hda-fix-stream-reset.patch Normal file
View File

@ -0,0 +1,47 @@
From b42ad03f9e1fcdd7cac13789038621173f754294 Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Tue, 21 Mar 2023 02:38:36 +0000
Subject: [PATCH] hw/audio/intel-hda: fix stream reset mainline inclusion
commit ecd5f2882fdd10f798984eb52abd00ffc78c2ef7 category: bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---------------------------------------------------------------
Quote from:
High Definition Audio Specification 1.0a, section 3.3.35
Offset 80: {IOB}SDnCTL Stream Reset (SRST): Writing a 1 causes
the corresponding stream to be reset. The Stream Descriptor
registers (except the SRST bit itself) ... are reset.
Change the code to reset the Stream Descriptor Control and Status
registers except the SRST bit.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/757
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20211226154017.6067-3-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
hw/audio/intel-hda.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/audio/intel-hda.c b/hw/audio/intel-hda.c
index 3aa57d274e..78a47bc08c 100644
--- a/hw/audio/intel-hda.c
+++ b/hw/audio/intel-hda.c
@@ -586,7 +586,7 @@ static void intel_hda_set_st_ctl(IntelHDAState *d, const IntelHDAReg *reg, uint3
if (st->ctl & 0x01) {
/* reset */
dprint(d, 1, "st #%d: reset\n", reg->stream);
- st->ctl = SD_STS_FIFO_READY << 24;
+ st->ctl = SD_STS_FIFO_READY << 24 | SD_CTL_STREAM_RESET;
}
if ((st->ctl & 0x02) != (old & 0x02)) {
uint32_t stnr = (st->ctl >> 20) & 0x0f;
--
2.27.0

85
hw-core-machine-Fix-the-missing-consideration-of-clu.patch Normal file
View File

@ -0,0 +1,85 @@
From bbf1fc67fb642833a23793081e812c36691c4df6 Mon Sep 17 00:00:00 2001
From: Yanan Wang <wangyanan55@huawei.com>
Date: Mon, 6 Mar 2023 20:50:33 +0800
Subject: [PATCH] hw/core/machine:Fix the missing consideration of cluster-id
Commit 5454c00908236 introduced the cluster-id for CPU
topology parameter "cluster", but has not fully considered
all the areas where we need to check cluster-id, e.g, when
assigning CPUs to numa nodes.
If we have multiple clusters and multiple numa nodes for
a guest like below:
-smp cpus=8,maxcpus=8,sockets=1,dies=1,clusters=2,cores=4,threads=1
-numa node nodeid=0,cpus=0-3
-numa node nodeid=1,cpus=4-7
QEMU will wrongly assign all the CPUs to numa0, because there
is no check about cluster_id of each CPU in function
machine_set_cpu_numa_node. Fix it.
Also, fix some other areas which missed to verified cluster-id.
Fixes: 5454c00908236 ("arm/virt: Add CPU topology support")
Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
---
hw/core/machine-hmp-cmds.c | 3 +++
hw/core/machine.c | 15 +++++++++++++++
2 files changed, 18 insertions(+)
diff --git a/hw/core/machine-hmp-cmds.c b/hw/core/machine-hmp-cmds.c
index 4e2f319aeb..c4f63b1d63 100644
--- a/hw/core/machine-hmp-cmds.c
+++ b/hw/core/machine-hmp-cmds.c
@@ -77,6 +77,9 @@ void hmp_hotpluggable_cpus(Monitor *mon, const QDict *qdict)
if (c->has_die_id) {
monitor_printf(mon, " die-id: \"%" PRIu64 "\"\n", c->die_id);
}
+ if (c->has_cluster_id) {
+ monitor_printf(mon, " cluster-id: \"%" PRIu64 "\"\n", c->cluster_id);
+ }
if (c->has_core_id) {
monitor_printf(mon, " core-id: \"%" PRIu64 "\"\n", c->core_id);
}
diff --git a/hw/core/machine.c b/hw/core/machine.c
index 45fb0fd2eb..cb539104a1 100644
--- a/hw/core/machine.c
+++ b/hw/core/machine.c
@@ -686,6 +686,11 @@ void machine_set_cpu_numa_node(MachineState *machine,
return;
}
+ if (props->has_cluster_id && !slot->props.has_cluster_id) {
+ error_setg(errp, "cluster-id is not supported");
+ return;
+ }
+
/* skip slots with explicit mismatch */
if (props->has_thread_id && props->thread_id != slot->props.thread_id) {
continue;
@@ -695,6 +700,10 @@ void machine_set_cpu_numa_node(MachineState *machine,
continue;
}
+ if (props->has_cluster_id && props->cluster_id != slot->props.cluster_id) {
+ continue;
+ }
+
if (props->has_die_id && props->die_id != slot->props.die_id) {
continue;
}
@@ -989,6 +998,12 @@ static char *cpu_slot_to_string(const CPUArchId *cpu)
}
g_string_append_printf(s, "die-id: %"PRId64, cpu->props.die_id);
}
+ if (cpu->props.has_cluster_id) {
+ if (s->len) {
+ g_string_append_printf(s, ", ");
+ }
+ g_string_append_printf(s, "cluster-id: %"PRId64, cpu->props.cluster_id);
+ }
if (cpu->props.has_core_id) {
if (s->len) {
g_string_append_printf(s, ", ");
--
2.27.0

64
hw-net-vmxnet3-Log-guest-triggerable-errors-using-LO.patch Normal file
View File

@ -0,0 +1,64 @@
From ad2660c287ff03d0190eff5f841452e618d368ff Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Fri, 24 Mar 2023 07:16:21 +0000
Subject: [PATCH] hw/net/vmxnet3: Log guest-triggerable errors using
LOG_GUEST_ERROR mainline inclusion commit
f3e5a17593b972a9a6079ccf7677b4389d74d5a1 category: bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---------------------------------------------------------------
The "Interrupt Cause" register (VMXNET3_REG_ICR) is read-only.
Write accesses are ignored. Log them with as LOG_GUEST_ERROR
instead of aborting:
[R +0.239743] writeq 0xe0002031 0x46291a5a55460800
ERROR:hw/net/vmxnet3.c:1819:vmxnet3_io_bar1_write: code should not be reached
Thread 1 "qemu-system-i38" received signal SIGABRT, Aborted.
(gdb) bt
#3 0x74c397d3 in __GI_abort () at abort.c:79
#4 0x76d3cd4c in g_assertion_message (domain=<optimized out>, file=<optimized out>, line=<optimized out>, func=<optimized out>, message=<optimized out>) at ../glib/gtestutils.c:3223
#5 0x76d9d45f in g_assertion_message_expr
(domain=0x0, file=0x59fc2e53 "hw/net/vmxnet3.c", line=1819, func=0x59fc11e0 <__func__.vmxnet3_io_bar1_write> "vmxnet3_io_bar1_write", expr=<optimized out>)
at ../glib/gtestutils.c:3249
#6 0x57e80a3a in vmxnet3_io_bar1_write (opaque=0x62814100, addr=56, val=70, size=4) at hw/net/vmxnet3.c:1819
#7 0x58c2d894 in memory_region_write_accessor (mr=0x62816b90, addr=56, value=0x7fff9450, size=4, shift=0, mask=4294967295, attrs=...) at softmmu/memory.c:492
#8 0x58c2d1d2 in access_with_adjusted_size (addr=56, value=0x7fff9450, size=1, access_size_min=4, access_size_max=4, access_fn=
0x58c2d290 <memory_region_write_accessor>, mr=0x62816b90, attrs=...) at softmmu/memory.c:554
#9 0x58c2bae7 in memory_region_dispatch_write (mr=0x62816b90, addr=56, data=70, op=MO_8, attrs=...) at softmmu/memory.c:1504
#10 0x58bfd034 in flatview_write_continue (fv=0x606000181700, addr=0xe0002038, attrs=..., ptr=0x7fffb9e0, len=1, addr1=56, l=1, mr=0x62816b90)
at softmmu/physmem.c:2782
#11 0x58beba00 in flatview_write (fv=0x606000181700, addr=0xe0002031, attrs=..., buf=0x7fffb9e0, len=8) at softmmu/physmem.c:2822
#12 0x58beb589 in address_space_write (as=0x608000015f20, addr=0xe0002031, attrs=..., buf=0x7fffb9e0, len=8) at softmmu/physmem.c:2914
Reported-by: Dike <dike199774@qq.com>
Reported-by: Duhao <504224090@qq.com>
BugLink: https://bugzilla.redhat.com/show_bug.cgi?id=2032932
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
hw/net/vmxnet3.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/hw/net/vmxnet3.c b/hw/net/vmxnet3.c
index f65af4e9ef..0b7acf7f89 100644
--- a/hw/net/vmxnet3.c
+++ b/hw/net/vmxnet3.c
@@ -1816,7 +1816,9 @@ vmxnet3_io_bar1_write(void *opaque,
case VMXNET3_REG_ICR:
VMW_CBPRN("Write BAR1 [VMXNET3_REG_ICR] = %" PRIx64 ", size %d",
val, size);
- g_assert_not_reached();
+ qemu_log_mask(LOG_GUEST_ERROR,
+ "%s: write to read-only register VMXNET3_REG_ICR\n",
+ TYPE_VMXNET3);
break;
/* Event Cause Register */
--
2.27.0

32
hw-pci-Fix-a-typo.patch Normal file
View File

@ -0,0 +1,32 @@
From c7fe3321e6abb3502a7d4366c9fdbe690bfa9ea9 Mon Sep 17 00:00:00 2001
From: jianchunfu <jianchunfu_yewu@cmss.chinamobile.com>
Date: Fri, 17 Mar 2023 11:04:01 +0800
Subject: [PATCH] hw/pci: Fix a typo
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fix 'interrutp' typo.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: jianchunfu <jianchunfu_yewu@cmss.chinamobile.com>
---
hw/pci/pci.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index 0743dc7c42..b89c36ab80 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -1579,7 +1579,7 @@ void pci_device_set_intx_routing_notifier(PCIDevice *dev,
* 9.1: Interrupt routing. Table 9-1
*
* the PCI Express Base Specification, Revision 2.1
- * 2.2.8.1: INTx interrutp signaling - Rules
+ * 2.2.8.1: INTx interrupt signaling - Rules
* the Implementation Note
* Table 2-20
*/
--
2.27.0

65
hw-pci-Trace-IRQ-routing-on-PCI-topology.patch Normal file
View File

@ -0,0 +1,65 @@
From b5e972454b1c4784c6b8e163016a237c084a1b46 Mon Sep 17 00:00:00 2001
From: jianchunfu <jianchunfu_yewu@cmss.chinamobile.com>
Date: Fri, 17 Mar 2023 11:12:02 +0800
Subject: [PATCH] hw/pci: Trace IRQ routing on PCI topology
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Trace how IRQ are rooted from EP to RC.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: jianchunfu <jianchunfu_yewu@cmss.chinamobile.com>
---
hw/pci/pci.c | 8 ++++++++
hw/pci/trace-events | 1 +
2 files changed, 9 insertions(+)
diff --git a/hw/pci/pci.c b/hw/pci/pci.c
index b89c36ab80..96dcc738f2 100644
--- a/hw/pci/pci.c
+++ b/hw/pci/pci.c
@@ -269,11 +269,15 @@ static void pci_change_irq_level(PCIDevice *pci_dev, int irq_num, int change)
{
PCIBus *bus;
for (;;) {
+ int dev_irq = irq_num;
bus = pci_get_bus(pci_dev);
if (!bus) {
return;
}
irq_num = bus->map_irq(pci_dev, irq_num);
+ trace_pci_route_irq(dev_irq, DEVICE(pci_dev)->canonical_path, irq_num,
+ pci_bus_is_root(bus) ? "root-complex"
+ : DEVICE(bus->parent_dev)->canonical_path);
if (bus->set_irq)
break;
pci_dev = bus->parent_dev;
@@ -1531,8 +1535,12 @@ PCIINTxRoute pci_device_route_intx_to_irq(PCIDevice *dev, int pin)
PCIBus *bus;
do {
+ int dev_irq = pin;
bus = pci_get_bus(dev);
pin = bus->map_irq(dev, pin);
+ trace_pci_route_irq(dev_irq, DEVICE(dev)->canonical_path, pin,
+ pci_bus_is_root(bus) ? "root-complex"
+ : DEVICE(bus->parent_dev)->canonical_path);
dev = bus->parent_dev;
} while (dev);
diff --git a/hw/pci/trace-events b/hw/pci/trace-events
index fc777d0b5e..7e294b7e8a 100644
--- a/hw/pci/trace-events
+++ b/hw/pci/trace-events
@@ -3,6 +3,7 @@
# pci.c
pci_update_mappings_del(void *d, uint32_t bus, uint32_t slot, uint32_t func, int bar, uint64_t addr, uint64_t size) "d=%p %02x:%02x.%x %d,0x%"PRIx64"+0x%"PRIx64
pci_update_mappings_add(void *d, uint32_t bus, uint32_t slot, uint32_t func, int bar, uint64_t addr, uint64_t size) "d=%p %02x:%02x.%x %d,0x%"PRIx64"+0x%"PRIx64
+pci_route_irq(int dev_irq, const char *dev_path, int parent_irq, const char *parent_path) "IRQ %d @%s -> IRQ %d @%s"
# pci_host.c
pci_cfg_read(const char *dev, unsigned devid, unsigned fnid, unsigned offs, unsigned val) "%s %02u:%u @0x%x -> 0x%x"
--
2.27.0

42
hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch Normal file
View File

@ -0,0 +1,42 @@
From 38f8c09d9916e76d2907d68fbe69115aef3a5310 Mon Sep 17 00:00:00 2001
From: Yuval Shaia <yuval.shaia.ml@gmail.com>
Date: Sun, 3 Apr 2022 12:52:34 +0300
Subject: [PATCH] hw/pvrdma: Protect against buggy or malicious guest driver
Guest driver might execute HW commands when shared buffers are not yet
allocated.
This could happen on purpose (malicious guest) or because of some other
guest/host address mapping error.
We need to protect againts such case.
Fixes: CVE-2022-1050
Reported-by: Raven <wxhusst@gmail.com>
Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Message-Id: <20220403095234.2210-1-yuval.shaia.ml@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: liuxiangdong <liuxiangdong5@huawei.com>
---
hw/rdma/vmw/pvrdma_cmd.c | 6 ++++++
1 file changed, 6 insertions(+)
diff --git a/hw/rdma/vmw/pvrdma_cmd.c b/hw/rdma/vmw/pvrdma_cmd.c
index da7ddfa548..89db963c46 100644
--- a/hw/rdma/vmw/pvrdma_cmd.c
+++ b/hw/rdma/vmw/pvrdma_cmd.c
@@ -796,6 +796,12 @@ int pvrdma_exec_cmd(PVRDMADev *dev)
dsr_info = &dev->dsr_info;
+ if (!dsr_info->dsr) {
+ /* Buggy or malicious guest driver */
+ rdma_error_report("Exec command without dsr, req or rsp buffers");
+ goto out;
+ }
+
if (dsr_info->req->hdr.cmd >= sizeof(cmd_handlers) /
sizeof(struct cmd_handler)) {
rdma_error_report("Unsupported command");
--
2.27.0

39
hw-riscv-virt-Simplify-virt_-get-set-_aclint.patch Normal file
View File

@ -0,0 +1,39 @@
From 612fe39ec96f7171501dd3b86af7ca2d9a8efbfe Mon Sep 17 00:00:00 2001
From: jianchunfu <jianchunfu_yewu@cmss.chinamobile.com>
Date: Thu, 16 Mar 2023 16:27:05 +0800
Subject: [PATCH] hw/riscv: virt: Simplify virt_{get,set}_aclint()
There is no need to declare an intermediate "MachineState *ms".
Signed-off-by: Bin Meng <bmeng@tinylab.org>
Signed-off-by: jianchunfu <jianchunfu_yewu@cmss.chinamobile.com>
---
hw/riscv/virt.c | 6 ++----
1 file changed, 2 insertions(+), 4 deletions(-)
diff --git a/hw/riscv/virt.c b/hw/riscv/virt.c
index 3af074148e..cd03ba1d76 100644
--- a/hw/riscv/virt.c
+++ b/hw/riscv/virt.c
@@ -984,16 +984,14 @@ static void virt_machine_instance_init(Object *obj)
static bool virt_get_aclint(Object *obj, Error **errp)
{
- MachineState *ms = MACHINE(obj);
- RISCVVirtState *s = RISCV_VIRT_MACHINE(ms);
+ RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
return s->have_aclint;
}
static void virt_set_aclint(Object *obj, bool value, Error **errp)
{
- MachineState *ms = MACHINE(obj);
- RISCVVirtState *s = RISCV_VIRT_MACHINE(ms);
+ RISCVVirtState *s = RISCV_VIRT_MACHINE(obj);
s->have_aclint = value;
}
--
2.27.0

270
i386-add-notify-VM-exit-support.patch Normal file
View File

@ -0,0 +1,270 @@
From 06d1ed3c9e3b736944e5267ffc8d341801fb758b Mon Sep 17 00:00:00 2001
From: Chenyi Qiang <chenyi.qiang@intel.com>
Date: Thu, 29 Sep 2022 15:20:14 +0800
Subject: [PATCH] i386: add notify VM exit support
from mainline-v7.2.0-rc0
commit e2e69f6bb907a70ac518230c54e98e7abcb0c911
category: feature
feature: Notify VM Exit
bugzilla: https://gitee.com/openeuler/intel-qemu/issues/I6GWQE
Intel-SIG: commit e2e69f6bb907 ("i386: add notify VM exit support")
------------------------------------------------------------------
i386: add notify VM exit support
There are cases that malicious virtual machine can cause CPU stuck (due
to event windows don't open up), e.g., infinite loop in microcode when
nested #AC (CVE-2015-5307). No event window means no event (NMI, SMI and
IRQ) can be delivered. It leads the CPU to be unavailable to host or
other VMs. Notify VM exit is introduced to mitigate such kind of
attacks, which will generate a VM exit if no event window occurs in VM
non-root mode for a specified amount of time (notify window).
A new KVM capability KVM_CAP_X86_NOTIFY_VMEXIT is exposed to user space
so that the user can query the capability and set the expected notify
window when creating VMs. The format of the argument when enabling this
capability is as follows:
Bit 63:32 - notify window specified in qemu command
Bit 31:0 - some flags (e.g. KVM_X86_NOTIFY_VMEXIT_ENABLED is set to
enable the feature.)
Users can configure the feature by a new (x86 only) accel property:
qemu -accel kvm,notify-vmexit=run|internal-error|disable,notify-window=n
The default option of notify-vmexit is run, which will enable the
capability and do nothing if the exit happens. The internal-error option
raises a KVM internal error if it happens. The disable option does not
enable the capability. The default value of notify-window is 0. It is valid
only when notify-vmexit is not disabled. The valid range of notify-window
is non-negative. It is even safe to set it to zero since there's an
internal hardware threshold to be added to ensure no false positive.
Because a notify VM exit may happen with VM_CONTEXT_INVALID set in exit
qualification (no cases are anticipated that would set this bit), which
means VM context is corrupted. It would be reflected in the flags of
KVM_EXIT_NOTIFY exit. If KVM_NOTIFY_CONTEXT_INVALID bit is set, raise a KVM
internal error unconditionally.
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20220929072014.20705-5-chenyi.qiang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Zeng <jason.zeng@intel.com>
---
accel/kvm/kvm-all.c | 2 +
qapi/run-state.json | 17 ++++++++
qemu-options.hx | 11 +++++
target/i386/kvm/kvm.c | 98 +++++++++++++++++++++++++++++++++++++++++++
4 files changed, 128 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 91d93facf2..799d993f6c 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3602,6 +3602,8 @@ static void kvm_accel_instance_init(Object *obj)
s->kernel_irqchip_split = ON_OFF_AUTO_AUTO;
/* KVM dirty ring is by default off */
s->kvm_dirty_ring_size = 0;
+ s->notify_vmexit = NOTIFY_VMEXIT_OPTION_RUN;
+ s->notify_window = 0;
}
static void kvm_accel_class_init(ObjectClass *oc, void *data)
diff --git a/qapi/run-state.json b/qapi/run-state.json
index 43d66d700f..08c38b2c67 100644
--- a/qapi/run-state.json
+++ b/qapi/run-state.json
@@ -638,3 +638,20 @@
{ 'struct': 'MemoryFailureFlags',
'data': { 'action-required': 'bool',
'recursive': 'bool'} }
+
+##
+# @NotifyVmexitOption:
+#
+# An enumeration of the options specified when enabling notify VM exit
+#
+# @run: enable the feature, do nothing and continue if the notify VM exit happens.
+#
+# @internal-error: enable the feature, raise a internal error if the notify
+# VM exit happens.
+#
+# @disable: disable the feature.
+#
+# Since: 7.2
+##
+{ 'enum': 'NotifyVmexitOption',
+ 'data': [ 'run', 'internal-error', 'disable' ] }
\ No newline at end of file
diff --git a/qemu-options.hx b/qemu-options.hx
index 047d28a357..3c9b0f022c 100644
--- a/qemu-options.hx
+++ b/qemu-options.hx
@@ -152,6 +152,7 @@ DEF("accel", HAS_ARG, QEMU_OPTION_accel,
" split-wx=on|off (enable TCG split w^x mapping)\n"
" tb-size=n (TCG translation block cache size)\n"
" dirty-ring-size=n (KVM dirty ring GFN count, default 0)\n"
+ " notify-vmexit=run|internal-error|disable,notify-window=n (enable notify VM exit and set notify window, x86 only)\n"
" thread=single|multi (enable multi-threaded TCG)\n", QEMU_ARCH_ALL)
SRST
``-accel name[,prop=value[,...]]``
@@ -203,6 +204,16 @@ SRST
is disabled (dirty-ring-size=0). When enabled, KVM will instead
record dirty pages in a bitmap.
+ ``notify-vmexit=run|internal-error|disable,notify-window=n``
+ Enables or disables notify VM exit support on x86 host and specify
+ the corresponding notify window to trigger the VM exit if enabled.
+ ``run`` option enables the feature. It does nothing and continue
+ if the exit happens. ``internal-error`` option enables the feature.
+ It raises a internal error. ``disable`` option doesn't enable the feature.
+ This feature can mitigate the CPU stuck issue due to event windows don't
+ open up for a specified of time (i.e. notify-window).
+ Default: notify-vmexit=run,notify-window=0.
+
ERST
DEF("smp", HAS_ARG, QEMU_OPTION_smp,
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index e2f28ce958..b8257e7e5f 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -15,6 +15,7 @@
#include "qemu/osdep.h"
#include "qapi/qapi-events-run-state.h"
#include "qapi/error.h"
+#include "qapi/visitor.h"
#include <sys/ioctl.h>
#include <sys/utsname.h>
#include <sys/syscall.h>
@@ -2496,6 +2497,21 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
}
}
+ if (s->notify_vmexit != NOTIFY_VMEXIT_OPTION_DISABLE &&
+ kvm_check_extension(s, KVM_CAP_X86_NOTIFY_VMEXIT)) {
+ uint64_t notify_window_flags =
+ ((uint64_t)s->notify_window << 32) |
+ KVM_X86_NOTIFY_VMEXIT_ENABLED |
+ KVM_X86_NOTIFY_VMEXIT_USER;
+ ret = kvm_vm_enable_cap(s, KVM_CAP_X86_NOTIFY_VMEXIT, 0,
+ notify_window_flags);
+ if (ret < 0) {
+ error_report("kvm: Failed to enable notify vmexit cap: %s",
+ strerror(-ret));
+ return ret;
+ }
+ }
+
return 0;
}
@@ -4839,6 +4855,9 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
X86CPU *cpu = X86_CPU(cs);
uint64_t code;
int ret;
+ bool ctx_invalid;
+ char str[256];
+ KVMState *state;
switch (run->exit_reason) {
case KVM_EXIT_HLT:
@@ -4894,6 +4913,21 @@ int kvm_arch_handle_exit(CPUState *cs, struct kvm_run *run)
/* already handled in kvm_arch_post_run */
ret = 0;
break;
+ case KVM_EXIT_NOTIFY:
+ ctx_invalid = !!(run->notify.flags & KVM_NOTIFY_CONTEXT_INVALID);
+ state = KVM_STATE(current_accel());
+ sprintf(str, "Encounter a notify exit with %svalid context in"
+ " guest. There can be possible misbehaves in guest."
+ " Please have a look.", ctx_invalid ? "in" : "");
+ if (ctx_invalid ||
+ state->notify_vmexit == NOTIFY_VMEXIT_OPTION_INTERNAL_ERROR) {
+ warn_report("KVM internal error: %s", str);
+ ret = -1;
+ } else {
+ warn_report_once("KVM: %s", str);
+ ret = 0;
+ }
+ break;
default:
fprintf(stderr, "KVM: unknown exit reason %d\n", run->exit_reason);
ret = -1;
@@ -5169,6 +5203,70 @@ void kvm_request_xsave_components(X86CPU *cpu, uint64_t mask)
}
}
+static int kvm_arch_get_notify_vmexit(Object *obj, Error **errp)
+{
+ KVMState *s = KVM_STATE(obj);
+ return s->notify_vmexit;
+}
+
+static void kvm_arch_set_notify_vmexit(Object *obj, int value, Error **errp)
+{
+ KVMState *s = KVM_STATE(obj);
+
+ if (s->fd != -1) {
+ error_setg(errp, "Cannot set properties after the accelerator has been initialized");
+ return;
+ }
+
+ s->notify_vmexit = value;
+}
+
+static void kvm_arch_get_notify_window(Object *obj, Visitor *v,
+ const char *name, void *opaque,
+ Error **errp)
+{
+ KVMState *s = KVM_STATE(obj);
+ uint32_t value = s->notify_window;
+
+ visit_type_uint32(v, name, &value, errp);
+}
+
+static void kvm_arch_set_notify_window(Object *obj, Visitor *v,
+ const char *name, void *opaque,
+ Error **errp)
+{
+ KVMState *s = KVM_STATE(obj);
+ Error *error = NULL;
+ uint32_t value;
+
+ if (s->fd != -1) {
+ error_setg(errp, "Cannot set properties after the accelerator has been initialized");
+ return;
+ }
+
+ visit_type_uint32(v, name, &value, &error);
+ if (error) {
+ error_propagate(errp, error);
+ return;
+ }
+
+ s->notify_window = value;
+}
+
void kvm_arch_accel_class_init(ObjectClass *oc)
{
+ object_class_property_add_enum(oc, "notify-vmexit", "NotifyVMexitOption",
+ &NotifyVmexitOption_lookup,
+ kvm_arch_get_notify_vmexit,
+ kvm_arch_set_notify_vmexit);
+ object_class_property_set_description(oc, "notify-vmexit",
+ "Enable notify VM exit");
+
+ object_class_property_add(oc, "notify-window", "uint32",
+ kvm_arch_get_notify_window,
+ kvm_arch_set_notify_window,
+ NULL, NULL);
+ object_class_property_set_description(oc, "notify-window",
+ "Clock cycles without an event window "
+ "after which a notification VM exit occurs");
}
--
2.27.0

156
i386-kvm-extend-kvm_-get-put-_vcpu_events-to-support.patch Normal file
View File

@ -0,0 +1,156 @@
From 752fe0479931f6ef512b6a048fb50364505ff713 Mon Sep 17 00:00:00 2001
From: Chenyi Qiang <chenyi.qiang@intel.com>
Date: Thu, 29 Sep 2022 15:20:11 +0800
Subject: [PATCH] i386: kvm: extend kvm_{get, put}_vcpu_events to support
pending triple fault
from mainline-v7.2.0-rc0
commit 12f89a39cf3c5760cba82ce68929d748961f62df
category: feature
feature: Notify VM Exit
bugzilla: https://gitee.com/openeuler/intel-qemu/issues/I6GWQE
Intel-SIG: commit 12f89a39cf3c ("i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault")
------------------------------------------------------------------
i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault
For the direct triple faults, i.e. hardware detected and KVM morphed
to VM-Exit, KVM will never lose them. But for triple faults sythesized
by KVM, e.g. the RSM path, if KVM exits to userspace before the request
is serviced, userspace could migrate the VM and lose the triple fault.
A new flag KVM_VCPUEVENT_VALID_TRIPLE_FAULT is defined to signal that
the event.triple_fault_pending field contains a valid state if the
KVM_CAP_X86_TRIPLE_FAULT_EVENT capability is enabled.
Acked-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20220929072014.20705-2-chenyi.qiang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Zeng <jason.zeng@intel.com>
---
target/i386/cpu.c | 1 +
target/i386/cpu.h | 1 +
target/i386/kvm/kvm.c | 20 ++++++++++++++++++++
target/i386/machine.c | 20 ++++++++++++++++++++
4 files changed, 42 insertions(+)
diff --git a/target/i386/cpu.c b/target/i386/cpu.c
index 551b47ab1e..e3cea8397c 100644
--- a/target/i386/cpu.c
+++ b/target/i386/cpu.c
@@ -6018,6 +6018,7 @@ static void x86_cpu_reset(DeviceState *dev)
env->exception_has_payload = false;
env->exception_payload = 0;
env->nmi_injected = false;
+ env->triple_fault_pending = false;
#if !defined(CONFIG_USER_ONLY)
/* We hard-wire the BSP to the first CPU. */
apic_designate_bsp(cpu->apic_state, s->cpu_index == 0);
diff --git a/target/i386/cpu.h b/target/i386/cpu.h
index 290f1beaea..4f7fa87b95 100644
--- a/target/i386/cpu.h
+++ b/target/i386/cpu.h
@@ -1698,6 +1698,7 @@ typedef struct CPUX86State {
uint8_t has_error_code;
uint8_t exception_has_payload;
uint64_t exception_payload;
+ uint8_t triple_fault_pending;
uint32_t ins_len;
uint32_t sipi_vector;
bool tsc_valid;
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index 5b15e0430b..e97d967c73 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -127,6 +127,7 @@ static int has_xsave2;
static int has_xcrs;
static int has_pit_state2;
static int has_exception_payload;
+static int has_triple_fault_event;
static bool has_msr_mcg_ext_ctl;
@@ -2380,6 +2381,16 @@ int kvm_arch_init(MachineState *ms, KVMState *s)
}
}
+ has_triple_fault_event = kvm_check_extension(s, KVM_CAP_X86_TRIPLE_FAULT_EVENT);
+ if (has_triple_fault_event) {
+ ret = kvm_vm_enable_cap(s, KVM_CAP_X86_TRIPLE_FAULT_EVENT, 0, true);
+ if (ret < 0) {
+ error_report("kvm: Failed to enable triple fault event cap: %s",
+ strerror(-ret));
+ return ret;
+ }
+ }
+
ret = kvm_get_supported_msrs(s);
if (ret < 0) {
return ret;
@@ -4004,6 +4015,11 @@ static int kvm_put_vcpu_events(X86CPU *cpu, int level)
}
}
+ if (has_triple_fault_event) {
+ events.flags |= KVM_VCPUEVENT_VALID_TRIPLE_FAULT;
+ events.triple_fault.pending = env->triple_fault_pending;
+ }
+
return kvm_vcpu_ioctl(CPU(cpu), KVM_SET_VCPU_EVENTS, &events);
}
@@ -4073,6 +4089,10 @@ static int kvm_get_vcpu_events(X86CPU *cpu)
}
}
+ if (events.flags & KVM_VCPUEVENT_VALID_TRIPLE_FAULT) {
+ env->triple_fault_pending = events.triple_fault.pending;
+ }
+
env->sipi_vector = events.sipi_vector;
return 0;
diff --git a/target/i386/machine.c b/target/i386/machine.c
index 3977e9d8f8..41cf5c0053 100644
--- a/target/i386/machine.c
+++ b/target/i386/machine.c
@@ -1497,6 +1497,25 @@ static const VMStateDescription vmstate_amx_xtile = {
};
#endif
+static bool triple_fault_needed(void *opaque)
+{
+ X86CPU *cpu = opaque;
+ CPUX86State *env = &cpu->env;
+
+ return env->triple_fault_pending;
+}
+
+static const VMStateDescription vmstate_triple_fault = {
+ .name = "cpu/triple_fault",
+ .version_id = 1,
+ .minimum_version_id = 1,
+ .needed = triple_fault_needed,
+ .fields = (VMStateField[]) {
+ VMSTATE_UINT8(env.triple_fault_pending, X86CPU),
+ VMSTATE_END_OF_LIST()
+ }
+};
+
const VMStateDescription vmstate_x86_cpu = {
.name = "cpu",
.version_id = 12,
@@ -1639,6 +1658,7 @@ const VMStateDescription vmstate_x86_cpu = {
#ifdef TARGET_X86_64
&vmstate_amx_xtile,
#endif
+ &vmstate_triple_fault,
NULL
}
};
--
2.27.0

129
kvm-allow-target-specific-accelerator-properties.patch Normal file
View File

@ -0,0 +1,129 @@
From f90dc9f811195fabd68faf2ca98b2fe5b4fbe3d0 Mon Sep 17 00:00:00 2001
From: Paolo Bonzini <pbonzini@redhat.com>
Date: Thu, 29 Sep 2022 15:20:12 +0800
Subject: [PATCH] kvm: allow target-specific accelerator properties
from mainline-v7.2.0-rc0
commit 3dba0a335cf5c53146b606be6ddfab4df81c464e
category: feature
feature: Notify VM Exit
bugzilla: https://gitee.com/openeuler/intel-qemu/issues/I6GWQE
Intel-SIG: commit 3dba0a335cf5 ("kvm: allow target-specific accelerator properties")
------------------------------------------------------------------
kvm: allow target-specific accelerator properties
Several hypervisor capabilities in KVM are target-specific. When exposed
to QEMU users as accelerator properties (i.e. -accel kvm,prop=value), they
should not be available for all targets.
Add a hook for targets to add their own properties to -accel kvm, for
now no such property is defined.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20220929072014.20705-3-chenyi.qiang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
[ remove changes in target/riscv/kvm.c since riscv kvm is not
supported in qemu-6.2.0 and linux 5.10 ]
Signed-off-by: Jason Zeng <jason.zeng@intel.com>
---
accel/kvm/kvm-all.c | 2 ++
include/sysemu/kvm.h | 2 ++
target/arm/kvm.c | 4 ++++
target/i386/kvm/kvm.c | 4 ++++
target/mips/kvm.c | 4 ++++
target/ppc/kvm.c | 4 ++++
target/s390x/kvm/kvm.c | 4 ++++
7 files changed, 24 insertions(+)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index 946ccb260b..e5681a6cd0 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -3703,6 +3703,8 @@ static void kvm_accel_class_init(ObjectClass *oc, void *data)
NULL, NULL);
object_class_property_set_description(oc, "dirty-ring-size",
"Size of KVM dirty page ring buffer (default: 0, i.e. use bitmap)");
+
+ kvm_arch_accel_class_init(oc);
}
static const TypeInfo kvm_accel_type = {
diff --git a/include/sysemu/kvm.h b/include/sysemu/kvm.h
index 19c5c8402a..1ec9432493 100644
--- a/include/sysemu/kvm.h
+++ b/include/sysemu/kvm.h
@@ -334,6 +334,8 @@ bool kvm_device_supported(int vmfd, uint64_t type);
extern const KVMCapabilityInfo kvm_arch_required_capabilities[];
+void kvm_arch_accel_class_init(ObjectClass *oc);
+
void kvm_arch_pre_run(CPUState *cpu, struct kvm_run *run);
MemTxAttrs kvm_arch_post_run(CPUState *cpu, struct kvm_run *run);
diff --git a/target/arm/kvm.c b/target/arm/kvm.c
index 29ac3f40e0..22ac5bcb97 100644
--- a/target/arm/kvm.c
+++ b/target/arm/kvm.c
@@ -1095,3 +1095,7 @@ bool kvm_arch_cpu_check_are_resettable(void)
{
return true;
}
+
+void kvm_arch_accel_class_init(ObjectClass *oc)
+{
+}
diff --git a/target/i386/kvm/kvm.c b/target/i386/kvm/kvm.c
index e97d967c73..e2f28ce958 100644
--- a/target/i386/kvm/kvm.c
+++ b/target/i386/kvm/kvm.c
@@ -5168,3 +5168,7 @@ void kvm_request_xsave_components(X86CPU *cpu, uint64_t mask)
mask &= ~BIT_ULL(bit);
}
}
+
+void kvm_arch_accel_class_init(ObjectClass *oc)
+{
+}
diff --git a/target/mips/kvm.c b/target/mips/kvm.c
index 086debd9f0..f80ac72dd1 100644
--- a/target/mips/kvm.c
+++ b/target/mips/kvm.c
@@ -1295,3 +1295,7 @@ bool kvm_arch_cpu_check_are_resettable(void)
{
return true;
}
+
+void kvm_arch_accel_class_init(ObjectClass *oc)
+{
+}
diff --git a/target/ppc/kvm.c b/target/ppc/kvm.c
index d73563045b..9693aab3c7 100644
--- a/target/ppc/kvm.c
+++ b/target/ppc/kvm.c
@@ -2975,3 +2975,7 @@ bool kvm_arch_cpu_check_are_resettable(void)
{
return true;
}
+
+void kvm_arch_accel_class_init(ObjectClass *oc)
+{
+}
diff --git a/target/s390x/kvm/kvm.c b/target/s390x/kvm/kvm.c
index 5b1fdb55c4..671d0f179c 100644
--- a/target/s390x/kvm/kvm.c
+++ b/target/s390x/kvm/kvm.c
@@ -2562,3 +2562,7 @@ bool kvm_arch_cpu_check_are_resettable(void)
{
return true;
}
+
+void kvm_arch_accel_class_init(ObjectClass *oc)
+{
+}
--
2.27.0

218
kvm-expose-struct-KVMState.patch Normal file
View File

@ -0,0 +1,218 @@
From 9f7f9fdf2246c653673d07fccc07cdc6b03f8722 Mon Sep 17 00:00:00 2001
From: Chenyi Qiang <chenyi.qiang@intel.com>
Date: Thu, 29 Sep 2022 15:20:13 +0800
Subject: [PATCH] kvm: expose struct KVMState
from mainline-v7.2.0-rc0
commit 5f8a6bce1f1080058ed29d716cae81ea805142ae
category: feature
feature: Notify VM Exit
bugzilla: https://gitee.com/openeuler/intel-qemu/issues/I6GWQE
Intel-SIG: commit 5f8a6bce1f10 ("kvm: expose struct KVMState")
------------------------------------------------------------------
kvm: expose struct KVMState
Expose struct KVMState out of kvm-all.c so that the field of struct
KVMState can be accessed when defining target-specific accelerator
properties.
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20220929072014.20705-4-chenyi.qiang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Zeng <jason.zeng@intel.com>
---
accel/kvm/kvm-all.c | 74 --------------------------------------
include/sysemu/kvm_int.h | 76 ++++++++++++++++++++++++++++++++++++++++
2 files changed, 76 insertions(+), 74 deletions(-)
diff --git a/accel/kvm/kvm-all.c b/accel/kvm/kvm-all.c
index e5681a6cd0..91d93facf2 100644
--- a/accel/kvm/kvm-all.c
+++ b/accel/kvm/kvm-all.c
@@ -72,86 +72,12 @@
do { } while (0)
#endif
-#define KVM_MSI_HASHTAB_SIZE 256
-
struct KVMParkedVcpu {
unsigned long vcpu_id;
int kvm_fd;
QLIST_ENTRY(KVMParkedVcpu) node;
};
-enum KVMDirtyRingReaperState {
- KVM_DIRTY_RING_REAPER_NONE = 0,
- /* The reaper is sleeping */
- KVM_DIRTY_RING_REAPER_WAIT,
- /* The reaper is reaping for dirty pages */
- KVM_DIRTY_RING_REAPER_REAPING,
-};
-
-/*
- * KVM reaper instance, responsible for collecting the KVM dirty bits
- * via the dirty ring.
- */
-struct KVMDirtyRingReaper {
- /* The reaper thread */
- QemuThread reaper_thr;
- volatile uint64_t reaper_iteration; /* iteration number of reaper thr */
- volatile enum KVMDirtyRingReaperState reaper_state; /* reap thr state */
-};
-
-struct KVMState
-{
- AccelState parent_obj;
-
- int nr_slots;
- int fd;
- int vmfd;
- int coalesced_mmio;
- int coalesced_pio;
- struct kvm_coalesced_mmio_ring *coalesced_mmio_ring;
- bool coalesced_flush_in_progress;
- int vcpu_events;
- int robust_singlestep;
- int debugregs;
-#ifdef KVM_CAP_SET_GUEST_DEBUG
- QTAILQ_HEAD(, kvm_sw_breakpoint) kvm_sw_breakpoints;
-#endif
- int max_nested_state_len;
- int many_ioeventfds;
- int intx_set_mask;
- int kvm_shadow_mem;
- bool kernel_irqchip_allowed;
- bool kernel_irqchip_required;
- OnOffAuto kernel_irqchip_split;
- bool sync_mmu;
- uint64_t manual_dirty_log_protect;
- /* The man page (and posix) say ioctl numbers are signed int, but
- * they're not. Linux, glibc and *BSD all treat ioctl numbers as
- * unsigned, and treating them as signed here can break things */
- unsigned irq_set_ioctl;
- unsigned int sigmask_len;
- GHashTable *gsimap;
-#ifdef KVM_CAP_IRQ_ROUTING
- struct kvm_irq_routing *irq_routes;
- int nr_allocated_irq_routes;
- unsigned long *used_gsi_bitmap;
- unsigned int gsi_count;
- QTAILQ_HEAD(, KVMMSIRoute) msi_hashtab[KVM_MSI_HASHTAB_SIZE];
-#endif
- KVMMemoryListener memory_listener;
- QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus;
-
- /* For "info mtree -f" to tell if an MR is registered in KVM */
- int nr_as;
- struct KVMAs {
- KVMMemoryListener *ml;
- AddressSpace *as;
- } *as;
- uint64_t kvm_dirty_ring_bytes; /* Size of the per-vcpu dirty ring */
- uint32_t kvm_dirty_ring_size; /* Number of dirty GFNs per ring */
- struct KVMDirtyRingReaper reaper;
-};
-
KVMState *kvm_state;
bool kvm_kernel_irqchip;
bool kvm_split_irqchip;
diff --git a/include/sysemu/kvm_int.h b/include/sysemu/kvm_int.h
index 1f5487d9b7..3b4adcdc10 100644
--- a/include/sysemu/kvm_int.h
+++ b/include/sysemu/kvm_int.h
@@ -10,6 +10,7 @@
#define QEMU_KVM_INT_H
#include "exec/memory.h"
+#include "qapi/qapi-types-common.h"
#include "qemu/accel.h"
#include "sysemu/kvm.h"
@@ -36,6 +37,81 @@ typedef struct KVMMemoryListener {
int as_id;
} KVMMemoryListener;
+#define KVM_MSI_HASHTAB_SIZE 256
+
+enum KVMDirtyRingReaperState {
+ KVM_DIRTY_RING_REAPER_NONE = 0,
+ /* The reaper is sleeping */
+ KVM_DIRTY_RING_REAPER_WAIT,
+ /* The reaper is reaping for dirty pages */
+ KVM_DIRTY_RING_REAPER_REAPING,
+};
+
+/*
+ * KVM reaper instance, responsible for collecting the KVM dirty bits
+ * via the dirty ring.
+ */
+struct KVMDirtyRingReaper {
+ /* The reaper thread */
+ QemuThread reaper_thr;
+ volatile uint64_t reaper_iteration; /* iteration number of reaper thr */
+ volatile enum KVMDirtyRingReaperState reaper_state; /* reap thr state */
+};
+struct KVMState
+{
+ AccelState parent_obj;
+
+ int nr_slots;
+ int fd;
+ int vmfd;
+ int coalesced_mmio;
+ int coalesced_pio;
+ struct kvm_coalesced_mmio_ring *coalesced_mmio_ring;
+ bool coalesced_flush_in_progress;
+ int vcpu_events;
+ int robust_singlestep;
+ int debugregs;
+#ifdef KVM_CAP_SET_GUEST_DEBUG
+ QTAILQ_HEAD(, kvm_sw_breakpoint) kvm_sw_breakpoints;
+#endif
+ int max_nested_state_len;
+ int many_ioeventfds;
+ int intx_set_mask;
+ int kvm_shadow_mem;
+ bool kernel_irqchip_allowed;
+ bool kernel_irqchip_required;
+ OnOffAuto kernel_irqchip_split;
+ bool sync_mmu;
+ uint64_t manual_dirty_log_protect;
+ /* The man page (and posix) say ioctl numbers are signed int, but
+ * they're not. Linux, glibc and *BSD all treat ioctl numbers as
+ * unsigned, and treating them as signed here can break things */
+ unsigned irq_set_ioctl;
+ unsigned int sigmask_len;
+ GHashTable *gsimap;
+#ifdef KVM_CAP_IRQ_ROUTING
+ struct kvm_irq_routing *irq_routes;
+ int nr_allocated_irq_routes;
+ unsigned long *used_gsi_bitmap;
+ unsigned int gsi_count;
+ QTAILQ_HEAD(, KVMMSIRoute) msi_hashtab[KVM_MSI_HASHTAB_SIZE];
+#endif
+ KVMMemoryListener memory_listener;
+ QLIST_HEAD(, KVMParkedVcpu) kvm_parked_vcpus;
+
+ /* For "info mtree -f" to tell if an MR is registered in KVM */
+ int nr_as;
+ struct KVMAs {
+ KVMMemoryListener *ml;
+ AddressSpace *as;
+ } *as;
+ uint64_t kvm_dirty_ring_bytes; /* Size of the per-vcpu dirty ring */
+ uint32_t kvm_dirty_ring_size; /* Number of dirty GFNs per ring */
+ struct KVMDirtyRingReaper reaper;
+ NotifyVmexitOption notify_vmexit;
+ uint32_t notify_window;
+};
+
void kvm_memory_listener_register(KVMState *s, KVMMemoryListener *kml,
AddressSpace *as, int as_id, const char *name);
--
2.27.0

80
linux-headers-include-missing-changes-from-6.0.patch Normal file
View File

@ -0,0 +1,80 @@
From 1e54d0c7bca44e2cf58c769e420c5ffcefb58ea1 Mon Sep 17 00:00:00 2001
From: Jason Zeng <jason.zeng@intel.com>
Date: Wed, 22 Feb 2023 13:59:37 +0800
Subject: [PATCH] linux-headers: include missing changes from 6.0
Signed-off-by: Jason Zeng <jason.zeng@intel.com>
---
linux-headers/asm-x86/kvm.h | 6 +++++-
linux-headers/linux/kvm.h | 12 ++++++++++++
2 files changed, 17 insertions(+), 1 deletion(-)
diff --git a/linux-headers/asm-x86/kvm.h b/linux-headers/asm-x86/kvm.h
index 2ab4f1818a..46e730b62f 100644
--- a/linux-headers/asm-x86/kvm.h
+++ b/linux-headers/asm-x86/kvm.h
@@ -324,6 +324,7 @@ struct kvm_reinject_control {
#define KVM_VCPUEVENT_VALID_SHADOW 0x00000004
#define KVM_VCPUEVENT_VALID_SMM 0x00000008
#define KVM_VCPUEVENT_VALID_PAYLOAD 0x00000010
+#define KVM_VCPUEVENT_VALID_TRIPLE_FAULT 0x00000020
/* Interrupt shadow states */
#define KVM_X86_SHADOW_INT_MOV_SS 0x01
@@ -358,7 +359,10 @@ struct kvm_vcpu_events {
__u8 smm_inside_nmi;
__u8 latched_init;
} smi;
- __u8 reserved[27];
+ struct {
+ __u8 pending;
+ } triple_fault;
+ __u8 reserved[26];
__u8 exception_has_payload;
__u64 exception_payload;
};
diff --git a/linux-headers/linux/kvm.h b/linux-headers/linux/kvm.h
index 7870cd0280..cda9016d49 100644
--- a/linux-headers/linux/kvm.h
+++ b/linux-headers/linux/kvm.h
@@ -269,6 +269,7 @@ struct kvm_xen_exit {
#define KVM_EXIT_AP_RESET_HOLD 32
#define KVM_EXIT_X86_BUS_LOCK 33
#define KVM_EXIT_XEN 34
+#define KVM_EXIT_NOTIFY 37
/* For KVM_EXIT_INTERNAL_ERROR */
/* Emulate instruction failed. */
@@ -469,6 +470,11 @@ struct kvm_run {
} msr;
/* KVM_EXIT_XEN */
struct kvm_xen_exit xen;
+ /* KVM_EXIT_NOTIFY */
+ struct {
+#define KVM_NOTIFY_CONTEXT_INVALID (1 << 0)
+ __u32 flags;
+ } notify;
/* Fix the size of the union. */
char padding[256];
};
@@ -1116,6 +1122,8 @@ struct kvm_ppc_resize_hpt {
#define KVM_CAP_VM_GPA_BITS 207
#define KVM_CAP_XSAVE2 208
#define KVM_CAP_SYS_ATTRIBUTES 209
+#define KVM_CAP_X86_TRIPLE_FAULT_EVENT 218
+#define KVM_CAP_X86_NOTIFY_VMEXIT 219
#define KVM_CAP_ARM_CPU_FEATURE 555
@@ -2013,4 +2021,8 @@ struct kvm_stats_desc {
/* Available with KVM_CAP_XSAVE2 */
#define KVM_GET_XSAVE2 _IOR(KVMIO, 0xcf, struct kvm_xsave)
+/* Available with KVM_CAP_X86_NOTIFY_VMEXIT */
+#define KVM_X86_NOTIFY_VMEXIT_ENABLED (1ULL << 0)
+#define KVM_X86_NOTIFY_VMEXIT_USER (1ULL << 1)
+
#endif /* __LINUX_KVM_H */
--
2.27.0

92
net-Fix-uninitialized-data-usage.patch Normal file
View File

@ -0,0 +1,92 @@
From de8ab0c3b4e5f9aac9e7be00cfbd86d724bf036e Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Fri, 24 Mar 2023 07:42:33 +0000
Subject: [PATCH] net: Fix uninitialized data usage mainline inclusion commit
e29919c93d19118610d64de9deb9c223024c0bc6 category: bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---------------------------------------------------------------
e.g.
1109 15:16:20.151506 Uninitialized bytes in ioctl_common_pre at offset 0 inside [0x7ffc516af9b8, 4)
1109 15:16:20.151659 ==588974==WARNING: MemorySanitizer: use-of-uninitialized-value
1109 15:16:20.312923 #0 0x5639b88acb21 in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c:183:9
1109 15:16:20.312952 #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
1109 15:16:20.312954 #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.312956 #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.312957 #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.312958 #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.312960 #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.312961 #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.312962 #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.312964 #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.312965 #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.312967 #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.312968 #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.312969 #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.312970
1109 15:16:20.312975 Uninitialized value was stored to memory at
1109 15:16:20.313393 #0 0x5639b88acbee in tap_probe_vnet_hdr_len third_party/qemu/net/tap-linux.c
1109 15:16:20.313396 #1 0x5639b88afd66 in net_tap_fd_init third_party/qemu/net/tap.c:409:9
1109 15:16:20.313398 #2 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.313399 #3 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.313400 #4 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.313401 #5 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.313403 #6 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.313404 #7 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.313405 #8 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.313407 #9 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.313408 #10 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.313409 #11 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.313410 #12 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.313412 #13 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.313413
1109 15:16:20.313417 Uninitialized value was stored to memory at
1109 15:16:20.313791 #0 0x5639b88affbd in net_tap_fd_init third_party/qemu/net/tap.c:400:26
1109 15:16:20.313826 #1 0x5639b88b2d1b in net_init_tap_one third_party/qemu/net/tap.c:681:19
1109 15:16:20.313829 #2 0x5639b88b16a8 in net_init_tap third_party/qemu/net/tap.c:912:13
1109 15:16:20.313831 #3 0x5639b8890175 in net_client_init1 third_party/qemu/net/net.c:1110:9
1109 15:16:20.313836 #4 0x5639b888f912 in net_client_init third_party/qemu/net/net.c:1208:15
1109 15:16:20.313838 #5 0x5639b8894aa5 in net_param_nic third_party/qemu/net/net.c:1588:11
1109 15:16:20.313839 #6 0x5639b900cd18 in qemu_opts_foreach third_party/qemu/util/qemu-option.c:1135:14
1109 15:16:20.313841 #7 0x5639b889393c in net_init_clients third_party/qemu/net/net.c:1612:9
1109 15:16:20.313843 #8 0x5639b717aaf3 in qemu_create_late_backends third_party/qemu/softmmu/vl.c:1962:5
1109 15:16:20.313844 #9 0x5639b717aaf3 in qemu_init third_party/qemu/softmmu/vl.c:3694:5
1109 15:16:20.313845 #10 0x5639b71083b8 in main third_party/qemu/softmmu/main.c:49:5
1109 15:16:20.313846 #11 0x7f464de1d8d2 in __libc_start_main (/usr/grte/v5/lib64/libc.so.6+0x628d2)
1109 15:16:20.313847 #12 0x5639b6bbd389 in _start /usr/grte/v5/debug-src/src/csu/../sysdeps/x86_64/start.S:120
1109 15:16:20.313849
1109 15:16:20.313851 Uninitialized value was created by an allocation of 'ifr' in the stack frame of function 'tap_probe_vnet_hdr'
1109 15:16:20.313855 #0 0x5639b88ac680 in tap_probe_vnet_hdr third_party/qemu/net/tap-linux.c:151
1109 15:16:20.313856
1109 15:16:20.313878 SUMMARY: MemorySanitizer: use-of-uninitialized-value third_party/qemu/net/tap-linux.c:183:9 in tap_probe_vnet_hdr_len
Fixes: dc69004c7d8 ("net: move tap_probe_vnet_hdr() to tap-linux.c")
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Patrick Venture <venture@google.com>
Reviewed-by: Philippe Mathieu-Daud茅 <f4bug@amsat.org>
Signed-off-by: Peter Foley <pefoley@google.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
net/tap-linux.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/net/tap-linux.c b/net/tap-linux.c
index 9584769740..5e70b93037 100644
--- a/net/tap-linux.c
+++ b/net/tap-linux.c
@@ -150,6 +150,7 @@ void tap_set_sndbuf(int fd, const NetdevTapOptions *tap, Error **errp)
int tap_probe_vnet_hdr(int fd, Error **errp)
{
struct ifreq ifr;
+ memset(&ifr, 0, sizeof(ifr));
if (ioctl(fd, TUNGETIFF, &ifr) != 0) {
/* TUNGETIFF is available since kernel v2.6.27 */
--
2.27.0

60
net-eth-Don-t-consider-ESP-to-be-an-IPv6-option-head.patch Normal file
View File

@ -0,0 +1,60 @@
From 4e18cc43f7e83714da041d69d13265605c22c50c Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Fri, 24 Mar 2023 07:28:57 +0000
Subject: [PATCH] net/eth: Don't consider ESP to be an IPv6 option header
mainline inclusion commit 9d6267b240c114d1a3cd314a08fd6e1339d34b83 category:
bugfix
---------------------------------------------------------------
The IPv6 option headers all have in common that they start with some
common fields, in particular the type of the next header followed by the
extention header length. This is used to traverse the list of the
options. The ESP header does not follow that format, which can break the
IPv6 option header traversal code in eth_parse_ipv6_hdr().
The effect of that is that network interfaces such as vmxnet3 that use
the following call chain
eth_is_ip6_extension_header_type
eth_parse_ipv6_hdr
net_tx_pkt_parse_headers
net_tx_pkt_parse
vmxnet3_process_tx_queue
to send packets from the VM out to the host will drop packets of the
following structure:
Ethernet-Header(IPv6-Header(ESP(encrypted data)))
Note that not all types of network interfaces use the net_tx_pkt_parse
function though, leading to inconsistent behavior regarding sending
those packets. The e1000 network interface for example does not suffer
from this limitation.
By not considering ESP to be an IPv6 header we can allow sending those
packets out to the host on all types of network interfaces.
Fixes: 75020a702151 ("Common definitions for VMWARE devices")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/149
Buglink: https://bugs.launchpad.net/qemu/+bug/1758091
Signed-off-by: Thomas Jansen <mithi@mithi.net>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
net/eth.c | 1 -
1 file changed, 1 deletion(-)
diff --git a/net/eth.c b/net/eth.c
index fe876d1a55..f074b2f9f3 100644
--- a/net/eth.c
+++ b/net/eth.c
@@ -389,7 +389,6 @@ eth_is_ip6_extension_header_type(uint8_t hdr_type)
case IP6_HOP_BY_HOP:
case IP6_ROUTING:
case IP6_FRAGMENT:
- case IP6_ESP:
case IP6_AUTHENTICATION:
case IP6_DESTINATON:
case IP6_MOBILITY:
--
2.27.0

105
qemu.spec
View File

@ -3,7 +3,7 @@
Name: qemu Name: qemu
Version: 6.2.0 Version: 6.2.0
Release: 66 Release: 67
Epoch: 10 Epoch: 10
Summary: QEMU is a generic and open source machine emulator and virtualizer Summary: QEMU is a generic and open source machine emulator and virtualizer
License: GPLv2 and BSD and MIT and CC-BY-SA-4.0 License: GPLv2 and BSD and MIT and CC-BY-SA-4.0
@ -444,6 +444,40 @@ Patch0429: migration-report-multiFd-related-thread-pid-to-libvi.patch
Patch0430: vhost_net-keep-acked_feature-only-for-NET_CLIENT_DRI.patch Patch0430: vhost_net-keep-acked_feature-only-for-NET_CLIENT_DRI.patch
Patch0431: linux-user-Add-strace-output-for-timer_settime64-sys.patch Patch0431: linux-user-Add-strace-output-for-timer_settime64-sys.patch
Patch0432: fix-qemu-core-when-vhost-user-net-config-with-server.patch Patch0432: fix-qemu-core-when-vhost-user-net-config-with-server.patch
Patch0433: fix-qmp-command-migrate-set-parameters.patch
Patch0434: hw-acpi-Add-ospm_status-hook-implementation-for-acpi.patch
Patch0435: hw-acpi-Support-acpi-ged-to-report-CPU-s-OST-info.patch
Patch0436: arm-virt-Correct-timing-of-executing-cpu_synchronize.patch
Patch0437: arm-virt-Correct-timing-of-pause-all-vcpus-for-hot-p.patch
Patch0438: hw-core-machine-Fix-the-missing-consideration-of-clu.patch
Patch0439: tests-tcg-Fix-target-specific-Makefile-variables-pat.patch
Patch0440: tests-add-riscv-virt-machine-mapping-to-testenv.patch
Patch0441: curl-Fix-error-path-in-curl_open.patch
Patch0442: hw-riscv-virt-Simplify-virt_-get-set-_aclint.patch
Patch0443: hw-pci-Fix-a-typo.patch
Patch0444: hw-pci-Trace-IRQ-routing-on-PCI-topology.patch
Patch0445: Add-PowerManager-support.patch
Patch0446: Add-RTC-support.patch
Patch0447: Add-loongarch-machine.patch
Patch0448: Add-target-loongarch64.patch
Patch0449: Add-linux-headers-and-linux-user.patch
Patch0450: Add-disas-gdb.patch
Patch0451: Add-command-line.patch
Patch0452: Add-tcg.patch
Patch0453: Add-bios.patch
Patch0454: Add-compile-script.patch
Patch0455: hw-pvrdma-Protect-against-buggy-or-malicious-guest-d.patch
Patch0456: hw-audio-intel-hda-fix-stream-reset.patch
Patch0457: dsoundaudio-fix-crackling-audio-recordings.patch
Patch0458: linux-headers-include-missing-changes-from-6.0.patch
Patch0459: i386-kvm-extend-kvm_-get-put-_vcpu_events-to-support.patch
Patch0460: kvm-allow-target-specific-accelerator-properties.patch
Patch0461: kvm-expose-struct-KVMState.patch
Patch0462: i386-add-notify-VM-exit-support.patch
Patch0463: block-backend-prevent-dangling-BDS-pointers-across-a.patch
Patch0464: net-Fix-uninitialized-data-usage.patch
Patch0465: net-eth-Don-t-consider-ESP-to-be-an-IPv6-option-head.patch
Patch0466: hw-net-vmxnet3-Log-guest-triggerable-errors-using-LO.patch
BuildRequires: flex BuildRequires: flex
BuildRequires: gcc BuildRequires: gcc
@ -609,6 +643,12 @@ Requires: qemu
%description system-riscv %description system-riscv
This package provides the QEMU system emulator for riscv. This package provides the QEMU system emulator for riscv.
%package system-loongarch64
Summary: Qemu-system-loongarch64
Requires: qemu
%description system-loongarch64
This package provides the QEMU system emulator for loongarch64.
%prep %prep
%setup -q -n qemu-%{version}%{?rcstr} %setup -q -n qemu-%{version}%{?rcstr}
%autopatch -p1 %autopatch -p1
@ -623,6 +663,11 @@ buildarch="aarch64-softmmu"
targetarch="x86_64-softmmu arm-softmmu riscv32-softmmu riscv64-softmmu" targetarch="x86_64-softmmu arm-softmmu riscv32-softmmu riscv64-softmmu"
%endif %endif
%ifarch loongarch64
buildarch="loongarch64-softmmu"
targetarch="x86_64-softmmu aarch64-softmmu arm-softmmu riscv32-softmmu riscv64-softmmu"
%endif
buildldflags="VL_LDFLAGS=-Wl,--build-id" buildldflags="VL_LDFLAGS=-Wl,--build-id"
qemubuilddir="build" qemubuilddir="build"
@ -750,14 +795,15 @@ rm -rf %{buildroot}%{_bindir}/ivshmem*
rm -f %{buildroot}%{_datadir}/%{name}/edk2* rm -f %{buildroot}%{_datadir}/%{name}/edk2*
rm -rf %{buildroot}%{_datadir}/%{name}/firmware rm -rf %{buildroot}%{_datadir}/%{name}/firmware
rm -rf %{buildroot}%{_datadir}/%{name}/qemu-nsis.bmp rm -rf %{buildroot}%{_datadir}/%{name}/qemu-nsis.bmp
rm -rf %{buildroot}%{_libdir}/%{name}/audio-oss.so
rm -rf %{buildroot}%{_libdir}/%{name}/audio-pa.so rm -rf %{buildroot}%{_libdir}/%{name}/audio-pa.so
rm -rf %{buildroot}%{_libdir}/%{name}/block-gluster.so rm -rf %{buildroot}%{_libdir}/%{name}/block-gluster.so
rm -rf %{buildroot}%{_libdir}/%{name}/ui-sdl.so
rm -rf %{buildroot}%{_libdir}/%{name}/chardev-baum.so
%ifnarch loongarch64
rm -rf %{buildroot}%{_libdir}/%{name}/audio-oss.so
rm -rf %{buildroot}%{_libdir}/%{name}/audio-spice.so
rm -rf %{buildroot}%{_libdir}/%{name}/ui-curses.so rm -rf %{buildroot}%{_libdir}/%{name}/ui-curses.so
rm -rf %{buildroot}%{_libdir}/%{name}/ui-gtk.so rm -rf %{buildroot}%{_libdir}/%{name}/ui-gtk.so
rm -rf %{buildroot}%{_libdir}/%{name}/ui-sdl.so
rm -rf %{buildroot}%{_libdir}/%{name}/audio-spice.so
rm -rf %{buildroot}%{_libdir}/%{name}/chardev-baum.so
rm -rf %{buildroot}%{_libdir}/%{name}/chardev-spice.so rm -rf %{buildroot}%{_libdir}/%{name}/chardev-spice.so
rm -rf %{buildroot}%{_libdir}/%{name}/hw-display-qxl.so rm -rf %{buildroot}%{_libdir}/%{name}/hw-display-qxl.so
rm -rf %{buildroot}%{_libdir}/%{name}/hw-s390x-virtio-gpu-ccw.so rm -rf %{buildroot}%{_libdir}/%{name}/hw-s390x-virtio-gpu-ccw.so
@ -765,6 +811,7 @@ rm -rf %{buildroot}%{_libdir}/%{name}/hw-usb-redirect.so
rm -rf %{buildroot}%{_libdir}/%{name}/ui-opengl.so rm -rf %{buildroot}%{_libdir}/%{name}/ui-opengl.so
rm -rf %{buildroot}%{_libdir}/%{name}/ui-spice-app.so rm -rf %{buildroot}%{_libdir}/%{name}/ui-spice-app.so
rm -rf %{buildroot}%{_libdir}/%{name}/ui-spice-core.so rm -rf %{buildroot}%{_libdir}/%{name}/ui-spice-core.so
%endif
rm -rf %{buildroot}%{_libexecdir}/vhost-user-gpu rm -rf %{buildroot}%{_libexecdir}/vhost-user-gpu
rm -rf %{buildroot}%{_datadir}/%{name}/vhost-user/50-qemu-gpu.json rm -rf %{buildroot}%{_datadir}/%{name}/vhost-user/50-qemu-gpu.json
@ -912,6 +959,27 @@ getent passwd qemu >/dev/null || \
%{_datadir}/%{name}/opensbi-riscv*.bin %{_datadir}/%{name}/opensbi-riscv*.bin
%{_datadir}/%{name}/opensbi-riscv*.elf %{_datadir}/%{name}/opensbi-riscv*.elf
%ifarch loongarch64
%files system-loongarch64
%{_bindir}/qemu-system-loongarch64
%{_datadir}/%{name}/loongarch_*.bin
%{_libdir}/%{name}/audio-oss.so
%{_libdir}/%{name}/ui-curses.so
%{_libdir}/%{name}/ui-gtk.so
%{_libdir}/%{name}/audio-spice.so
%{_libdir}/%{name}/chardev-spice.so
%{_libdir}/%{name}/hw-display-qxl.so
%{_libdir}/%{name}/hw-s390x-virtio-gpu-ccw.so
%{_libdir}/%{name}/hw-usb-redirect.so
%{_libdir}/%{name}/ui-opengl.so
%{_libdir}/%{name}/ui-spice-app.so
%{_libdir}/%{name}/ui-spice-core.so
%endif
%ifnarch loongarch64
%exclude %{_datadir}/%{name}/loongarch_*.bin
%endif
%files help %files help
%dir %{qemudocdir} %dir %{qemudocdir}
%doc %{qemudocdir}/about %doc %{qemudocdir}/about
@ -976,6 +1044,33 @@ getent passwd qemu >/dev/null || \
%endif %endif
%changelog %changelog
* Tue Mar 28 2023 <xufei30@huawei.com> - 10:6.2.0-67
- hw/net/vmxnet3: Log guest-triggerable errors using LOG_GUEST_ERROR mainline
- net/eth: Don't consider ESP to be an IPv6 option header mainline
- net: Fix uninitialized data usage mainline
- block-backend: prevent dangling BDS pointers across aio_poll() mainline inclusion
- i386: add notify VM exit support
- kvm: expose struct KVMState
- kvm: allow target-specific accelerator properties
- i386: kvm: extend kvm_{get, put}_vcpu_events to support pending triple fault
- linux-headers: include missing changes from 6.0
- dsoundaudio: fix crackling audio recordings mainline
- hw/audio/intel-hda: fix stream reset mainline
- hw/pvrdma: Protect against buggy or malicious guest driver
- qemu support for loongarch
- hw/pci: Trace IRQ routing on PCI topology
- hw/pci: Fix a typo
- hw/riscv: virt: Simplify virt_{get,set}_aclint()
- curl: Fix error path in curl_open()
- tests: add (riscv virt) machine mapping to testenv from v7.0.0
- tests/tcg: Fix target-specific Makefile variables path for user-mode mainline
- hw/core/machine:Fix the missing consideration of cluster-id
- arm/virt: Correct timing of pause all vcpus for hot-plugged CPUs
- arm/virt: Correct timing of executing cpu_synchronize_post_init for hot-plugged cpus
- hw/acpi: Support acpi-ged to report CPU's OST info
- hw/acpi: Add ospm_status hook implementation for acpi-ged
- fix qmp command migrate-set-parameters
* Wed Mar 22 2023 MinMin Ren <renmm6@chinaunicom.cn> - 10:6.2.0-66 * Wed Mar 22 2023 MinMin Ren <renmm6@chinaunicom.cn> - 10:6.2.0-66
- spec: Add multiboot_dma.bin - spec: Add multiboot_dma.bin

39
tests-add-riscv-virt-machine-mapping-to-testenv.patch Normal file
View File

@ -0,0 +1,39 @@
From f0dbc3b6101e39ce3bc5d38f34723d1c672a12e9 Mon Sep 17 00:00:00 2001
From: laokz <laokz@foxmail.com>
Date: Mon, 13 Mar 2023 06:20:48 +0000
Subject: [PATCH] tests: add (riscv virt) machine mapping to testenv from
v7.0.0 commit 3213bbaf5797cc405e57f122e72c1fb55d0b08ab Author: laokz
<laokz@foxmail.com> Date: Tue Mar 8 12:33:39 2022 +0800
tests: add (riscv virt) machine mapping to testenv
Some qemu-iotests(040 etc) use PCI disk to do test. Without the
mapping, RISC-V flavor use spike as default machine which has no
PCI bus, causing test failure.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/894
Signed-off-by: Kai Zhang <laokz@foxmail.com>
Message-Id: <tencent_E4219E870165A978DB5BBE50BD53D33D2E06@qq.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
---
tests/qemu-iotests/testenv.py | 2 ++
1 file changed, 2 insertions(+)
diff --git a/tests/qemu-iotests/testenv.py b/tests/qemu-iotests/testenv.py
index c33454fa68..26ae6945cc 100644
--- a/tests/qemu-iotests/testenv.py
+++ b/tests/qemu-iotests/testenv.py
@@ -238,6 +238,8 @@ def __init__(self, imgfmt: str, imgproto: str, aiomode: str,
('aarch64', 'virt'),
('avr', 'mega2560'),
('m68k', 'virt'),
+ ('riscv32', 'virt'),
+ ('riscv64', 'virt'),
('rx', 'gdbsim-r5f562n8'),
('tricore', 'tricore_testboard')
)
--
2.27.0

40
tests-tcg-Fix-target-specific-Makefile-variables-pat.patch Normal file
View File

@ -0,0 +1,40 @@
From 83f5dc3719af39ab442cb7fe40a4dd752a82e53a Mon Sep 17 00:00:00 2001
From: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
Date: Fri, 17 Mar 2023 02:22:44 +0000
Subject: [PATCH] tests/tcg: Fix target-specific Makefile variables path for
user-mode mainline inclusion commit 533b0a1a41df3d9edeb44d6dc957f04d20ca143f
category: bugfix
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---------------------------------------------------------------
Commit 812b31d3f91 refactor missed to update this path.
Fixes: 812b31d3f91 ("configs: rename default-configs to configs and reorganise")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211226001541.3807919-1-f4bug@amsat.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: tangbinzy <tangbin_yewu@cmss.chinamobile.com>
---
tests/tcg/Makefile.target | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/tcg/Makefile.target b/tests/tcg/Makefile.target
index 63cf1b2573..2d6ec70156 100644
--- a/tests/tcg/Makefile.target
+++ b/tests/tcg/Makefile.target
@@ -33,7 +33,7 @@ all:
-include ../../../config-host.mak
-include ../config-$(TARGET).mak
ifeq ($(CONFIG_USER_ONLY),y)
--include $(SRC_PATH)/default-configs/targets/$(TARGET).mak
+-include $(SRC_PATH)/configs/targets/$(TARGET)/default.mak
endif
# for including , in command strings
--
2.27.0