Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: qemu/qemu
base: d1181d29370a
Choose a base ref
...
head repository: qemu/qemu
compare: 885fc169f09f
Choose a head ref
  • 12 commits
  • 16 files changed
  • 8 contributors

Commits on Jul 22, 2023

  1. Revert "linux-user: Fix qemu-arm to run static armhf binaries" 

    This reverts commit 518f322.

It is causing similar segfaults at least on aarch64, ppc64el
and s390x. Let's revert this one for now and analyze what's
going on later.

Reopens: https://bugs.debian.org/1040981
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
    Michael Tokarev committed Jul 22, 2023
    Copy the full SHA
    4ea3fa9 View commit details
    Browse the repository at this point in the history

Commits on Jul 23, 2023

  1. roms/opensbi: Upgrade from v1.3 to v1.3.1 

    Upgrade OpenSBI from v1.3 to v1.3.1 and the pre-built bios images
which fixes the boot failure seen when using QEMU to do a direct
kernel boot with Microchip Icicle Kit board machine.

The v1.3.1 release includes the following commits:

0907de3 lib: sbi: fix comment indent
eb736a5 lib: sbi_pmu: Avoid out of bounds access
7828eeb gpio/desginware: add Synopsys DesignWare APB GPIO support
c6a3573 lib: utils: Fix sbi_hartid_to_scratch() usage in ACLINT drivers
057eb10 lib: utils/gpio: Fix RV32 compile error for designware GPIO driver

Signed-off-by: Bin Meng <bmeng@tinylab.org>
Message-Id: <20230719165817.889465-1-bmeng@tinylab.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
    @lbmeng @alistair23
    lbmeng authored and alistair23 committed Jul 23, 2023
    Copy the full SHA
    dcaaf2b View commit details
    Browse the repository at this point in the history

  2. tcg/ppc: Fix race in goto_tb implementation 

    Commit 20b6643 ("tcg/ppc: Reorg goto_tb implementation") modified
goto_tb to ensure only a single instruction was patched to prevent
incorrect behavior if a thread was in the middle of multiple
instructions when they were replaced. However this introduced a race
between loading the jmp target into TCG_REG_TB and patching and
executing the direct branch.

The relevant part of the goto_tb implementation:

    ld TCG_REG_TB, TARGET_ADDR_LOCATION(TCG_REG_TB)
  patch_location:
    mtctr TCG_REG_TB
    bctr

tb_target_set_jmp_target() will replace 'patch_location' with a direct
branch if the target is in range. The direct branch now relies on
TCG_REG_TB being set up correctly by the ld. Prior to this commit
multiple instructions were patched in for the direct branch case; these
instructions would initialize TCG_REG_TB to the same value as the branch
target.

Imagine the following sequence:

1) Thread A is executing the goto_tb sequence and loads the jmp
   target into TCG_REG_TB.

2) Thread B updates the jmp target address and calls
   tb_target_set_jmp_target(). This patches a new direct branch into the
   goto_tb sequence.

3) Thread A executes the newly patched direct branch. The value in
   TCG_REG_TB still contains the old jmp target.

TCG_REG_TB MUST contain the translation block's tc.ptr. Execution will
eventually crash after performing memory accesses generated from a
faulty value in TCG_REG_TB.

This presents as segfaults or illegal instruction exceptions.

Do not revert commit 20b6643 as it did fix a different race
condition. Instead remove the direct branch optimization and always use
indirect branches.

The direct branch optimization can be re-added later with a race free
sequence.

Fixes: 20b6643 ("tcg/ppc: Reorg goto_tb implementation")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1726
Reported-by: Anushree Mathur <anushree.mathur@linux.vnet.ibm.com>
Tested-by: Anushree Mathur <anushree.mathur@linux.vnet.ibm.com>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Co-developed-by: Benjamin Gray <bgray@linux.ibm.com>
Signed-off-by: Jordan Niethe <jniethe5@gmail.com>
Signed-off-by: Benjamin Gray <bgray@linux.ibm.com>
Message-Id: <20230717093001.13167-1-jniethe5@gmail.com>
    @iamjpn @rth7680
    iamjpn authored and rth7680 committed Jul 23, 2023
    Copy the full SHA
    736a158 View commit details
    Browse the repository at this point in the history

  3. include/exec: Add WITH_MMAP_LOCK_GUARD 

    Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    @rth7680
    rth7680 committed Jul 23, 2023
    Copy the full SHA
    990ef91 View commit details
    Browse the repository at this point in the history

  4. accel/tcg: Fix sense of read-only probes in ldst_atomicity 

    In the initial commit, cdfac37, the sense of the test is incorrect,
as the -1/0 return was confusing.  In bef6f00, we mechanically
invert all callers while changing to false/true return, preserving the
incorrectness of the test.

Now that the return sense is sane, it's easy to see that if !write,
then the page is not modifiable (i.e. most likely read-only, with
PROT_NONE handled via SIGSEGV).

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    @rth7680
    rth7680 committed Jul 23, 2023
    Copy the full SHA
    f1ce0b8 View commit details
    Browse the repository at this point in the history

  5. accel/tcg: Take mmap_lock in load_atomic*_or_exit 

    For user-only, the probe for page writability may race with another
thread's mprotect.  Take the mmap_lock around the operation.  This
is still faster than the start/end_exclusive fallback.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    @rth7680
    rth7680 committed Jul 23, 2023
    Copy the full SHA
    2c8412d View commit details
    Browse the repository at this point in the history

  6. tcg/{i386, s390x}: Add earlyclobber to the op_add2's first output 

    i386 and s390x implementations of op_add2 require an earlyclobber,
which is currently missing. This breaks VCKSM in s390x guests. E.g., on
x86_64 the following op:

    add2_i32 tmp2,tmp3,tmp2,tmp3,tmp3,tmp2   dead: 0 2 3 4 5  pref=none,0xffff

is translated to:

    addl     %ebx, %r12d
    adcl     %r12d, %ebx

Introduce a new C_N1_O1_I4 constraint, and make sure that earlyclobber
of aliased outputs is honored.

Cc: qemu-stable@nongnu.org
Fixes: 82790a8 ("tcg: Add markup for output requires new register")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230719221310.1968845-7-iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    @iii-i @rth7680
    iii-i authored and rth7680 committed Jul 23, 2023
    Copy the full SHA
    22d2e53 View commit details
    Browse the repository at this point in the history

Commits on Jul 24, 2023

  1. accel/tcg: Zero-pad vaddr in tlb_debug output 

    In replacing target_ulong with vaddr and TARGET_FMT_lx with VADDR_PRIx,
the zero-padding of TARGET_FMT_lx got lost.  Readd 16-wide zero-padding
for logging consistency.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-Id: <20230713120746.26897-1-anjo@rev.ng>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    @rth7680
    Anton Johansson authored and rth7680 committed Jul 24, 2023
    Copy the full SHA
    8c605cf View commit details
    Browse the repository at this point in the history

  2. accel/tcg: Fix type of 'last' for pageflags_{find,next} 

    These should match 'start' as target_ulong, not target_long.

On 32bit targets, the parameter was sign-extended to uint64_t,
so only the first mmap within the upper 2GB memory can succeed.

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Message-Id: <327460e2-0ebd-9edb-426b-1df80d16c32a@bonslack.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
    @rth7680
    Luca Bonissi authored and rth7680 committed Jul 24, 2023
    Copy the full SHA
    32b1203 View commit details
    Browse the repository at this point in the history

  3. Merge tag 'pull-tcg-20230724' of https://gitlab.com/rth7680/qemu into… 

    … staging

accel/tcg: Zero-pad vaddr in tlb debug output
accel/tcg: Fix type of 'last' for pageflags_{find,next}
accel/tcg: Fix sense of read-only probes in ldst_atomicity
accel/tcg: Take mmap_lock in load_atomic*_or_exit
tcg: Add earlyclobber to op_add2 for x86 and s390x
tcg/ppc: Fix race in goto_tb implementation

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmS+O7cdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8qrAf/VeAFnMbtantUTfM5
# zOcfBlutsDlJrNwA/ajFDrPwUDewP7s5cqxImAYqhXfhqlc2RIB3UiMCgSaQ+q6O
# MBOH0bEj/zbeIlwRX07ZBWhUYVdqJVd7Nxb1W19YwgG9yieWUxa+Xo1i2fhyXMv+
# 20VOFB1dPnxYyUMrzh/bSiHE90JFZktO1WzV10FRD+IpnImY9R+YGdpGTpVzUhor
# ReRHTkMKyYilY6EEUG2gFhotrY/bbSSSFyl9BcQjkZh11603nAN0mNKxtSjPJnNB
# rXhCVEgmbbBvCufsO6szQ03W/7RZ/KCg/DyKqxyCP1Ril4BIOx3tiucROcapXH/K
# 0y/ycA==
# =hdk/
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 24 Jul 2023 09:52:07 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20230724' of https://gitlab.com/rth7680/qemu:
  accel/tcg: Fix type of 'last' for pageflags_{find,next}
  accel/tcg: Zero-pad vaddr in tlb_debug output
  tcg/{i386, s390x}: Add earlyclobber to the op_add2's first output
  accel/tcg: Take mmap_lock in load_atomic*_or_exit
  accel/tcg: Fix sense of read-only probes in ldst_atomicity
  include/exec: Add WITH_MMAP_LOCK_GUARD
  tcg/ppc: Fix race in goto_tb implementation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
    @pm215
    pm215 committed Jul 24, 2023
    Copy the full SHA
    c5216b6 View commit details
    Browse the repository at this point in the history

  4. Merge tag 'pull-revert-armhf-brk-fix' of https://gitlab.com/mjt0k/qemu 

    …into staging

Revert "linux-user: Fix qemu-arm to run static armhf binaries"

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmS8Cj4PHG1qdEB0bHMu
# bXNrLnJ1AAoJEHAbT2saaT5ZLdsH/A7uTAODHopQnUGySPpHAT9uPjf6A21eZnnE
# MAcd3w+iEnrleJbpSftaZfKBKEUEN/vPPXg8nfCxhtfvgWUoHlglR3EoeTU+viFG
# cW7YO2LG9EbITL62uWDM6blVJzh7OHq+IjUf9xYuErnpREyXMvmGGAlRRjAN2yUz
# 3TMQ35JBNuSay2hwvC12jj4AqsmCEFBxvUiJkrrQTFeCVa+Gj/A9xoH7NWSrkW5F
# YE1qIfc2lCQFuWag3+Iag1PtTmj4oeW2LmLCJpxc75XnRqcl7MKK2mNhNJ012kun
# YZtySEG35t4x4Pyf11dhydtv4fbe5K+L0OjMf444zzEcW7TJ840=
# =Cp7j
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 22 Jul 2023 17:56:30 BST
# gpg:                using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59
# gpg:                issuer "mjt@tls.msk.ru"
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [full]
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>" [full]
# gpg:                 aka "Michael Tokarev <mjt@debian.org>" [full]
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59

* tag 'pull-revert-armhf-brk-fix' of https://gitlab.com/mjt0k/qemu:
  Revert "linux-user: Fix qemu-arm to run static armhf binaries"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
    @pm215
    pm215 committed Jul 24, 2023
    Copy the full SHA
    a74e39f View commit details
    Browse the repository at this point in the history

  5. Merge tag 'pull-riscv-to-apply-20230723-3' of https://github.com/alis… 

    …tair23/qemu into staging

Fifth RISC-V PR for 8.1

* roms/opensbi: Upgrade from v1.3 to v1.3.1

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmS88+wACgkQr3yVEwxT
# gBNxwA//ZJxbSN4LR+5Cs12tW1ad4GMfkMyoRHp6CN6ZFA38W3xjvchqEAKMlk9C
# S8GHfoGukk0+dxqZ6QID/GTgaR0aH09WVFkr4SzWCvvFaJFnzU+wJknQv7aLOT/M
# yFflWbpUFM/JJlpouskSqG1eMjcC4P2ZD8e5CiP1OqRgzQ0HyQi99ADVpFMzET6X
# xP9LfFKvgaOrsTUJAGrnJ3EUkJIx9e1yTBm7wt+tREIj7peLZuwUGG6+vPAXnEq2
# JpAnFHlsiDWfOf72bIZt7Gw9AS64f6ej6IvtqhfjF5a7nOhPb0soejilIsvnTVS7
# akp4Ip2TQ8wULb4wehHPkmo882mzacmeHHsxPAzgW+FKbSK+LKiDvesJk0suO+SW
# 4tCL6xo2gFrTgSUxo762myTN6u5JxkPZnLJV7Lw/nfWJ04DYaZWJ4KdZ39HH+34/
# 1jNt1SXK/WF1DlXoRkRnQtzeenhIvmlSOtyhPhpAjSXHnwk5vfnarq/EAcKx2t+B
# OHWDwQlWgnZ/53m0EwBB91IDW4dMMc7CwTw8VPDjUQeRk8JFhrRjnY4TdT/LGBZt
# 87AfKEH8RPo0mIbDou7/bjXwraW647SzlZhrCfyNNyNQ4fo1z3Qo5tO5liloiBQb
# SRdhdZ6UCg6epokVuvaRPH+TMmMGWad6n4GKGqXa1edK1yCIKEE=
# =pNh6
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 23 Jul 2023 10:33:32 BST
# gpg:                using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65  9296 AF7C 9513 0C53 8013

* tag 'pull-riscv-to-apply-20230723-3' of https://github.com/alistair23/qemu:
  roms/opensbi: Upgrade from v1.3 to v1.3.1

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
    @pm215
    pm215 committed Jul 24, 2023
    Copy the full SHA
    885fc16 View commit details
    Browse the repository at this point in the history