qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] c6e51f: esp: Handle CMD_BUSRESET by resetting


From: Paolo Bonzini
Subject: [Qemu-commits] [qemu/qemu] c6e51f: esp: Handle CMD_BUSRESET by resetting the SCSI bus
Date: Fri, 02 Sep 2022 13:31:28 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: c6e51f1bb28ed762d2039c063cbb71a8ad29762d
      
https://github.com/qemu/qemu/commit/c6e51f1bb28ed762d2039c063cbb71a8ad29762d
  Author: John Millikin <john@john-millikin.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M hw/scsi/esp.c

  Log Message:
  -----------
  esp: Handle CMD_BUSRESET by resetting the SCSI bus

Per investigation on the linked ticket, SunOS issues a SCSI bus reset
to the ESP as part of its boot sequence. If this ESP command doesn't
cause devices to assert sense flag UNIT ATTENTION, SunOS will consider
the CD-ROM device to be non-compliant with Common Command Set (CCS).
In this condition, the SunOS installer's early userspace doesn't set
the installation source location to sr0 and the miniroot copy fails.

Signed-off-by: John Millikin <john@john-millikin.com>
Suggested-by: Bill Paul <noisetube@gmail.com>
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053846.699310-1-john@john-millikin.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: fe9d8927e265fd723a6dc87cd6d220f4677dbe1f
      
https://github.com/qemu/qemu/commit/fe9d8927e265fd723a6dc87cd6d220f4677dbe1f
  Author: John Millikin <john@john-millikin.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M hw/scsi/esp.c
    M hw/scsi/lsi53c895a.c
    M hw/scsi/megasas.c
    M hw/scsi/mptsas.c
    M hw/scsi/scsi-bus.c
    M hw/scsi/scsi-disk.c
    M hw/scsi/scsi-generic.c
    M hw/scsi/spapr_vscsi.c
    M hw/scsi/virtio-scsi.c
    M hw/scsi/vmw_pvscsi.c
    M hw/usb/dev-storage.c
    M hw/usb/dev-uas.c
    M include/hw/scsi/scsi.h

  Log Message:
  -----------
  scsi: Add buf_len parameter to scsi_req_new()

When a SCSI command is received from the guest, the CDB length implied
by the first byte might exceed the number of bytes the guest sent. In
this case scsi_req_new() will read uninitialized data, causing
unpredictable behavior.

Adds the buf_len parameter to scsi_req_new() and plumbs it through the
call stack.

Signed-off-by: John Millikin <john@john-millikin.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053458.698416-1-john@john-millikin.com>
[Fill in correct length for adapters other than ESP. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 6d1511cea0fb536f2df7b6c31bb745d80b98d82e
      
https://github.com/qemu/qemu/commit/6d1511cea0fb536f2df7b6c31bb745d80b98d82e
  Author: John Millikin <john@john-millikin.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M hw/scsi/scsi-bus.c

  Log Message:
  -----------
  scsi: Reject commands if the CDB length exceeds buf_len

In scsi_req_parse_cdb(), if the CDB length implied by the command type
exceeds the initialized portion of the command buffer, reject the request.

Rejected requests are recorded by the `scsi_req_parse_bad` trace event.

On example of a bug detected by this check is SunOS's use of interleaved
DMA and non-DMA commands. This guest behavior currently causes QEMU to
parse uninitialized memory as a SCSI command, with unpredictable
outcomes.

With the new check in place:

  * QEMU consistently creates a trace event and rejects the request.

  * SunOS retries the request(s) and is able to successfully boot from
    disk.

Signed-off-by: John Millikin <john@john-millikin.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053458.698416-2-john@john-millikin.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 3cafdb67504a34a0305260f0c86a73d5a3fb000b
      
https://github.com/qemu/qemu/commit/3cafdb67504a34a0305260f0c86a73d5a3fb000b
  Author: Vitaly Kuznetsov <vkuznets@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/kvm/kvm.c

  Log Message:
  -----------
  i386: reset KVM nested state upon CPU reset

Make sure env->nested_state is cleaned up when a vCPU is reset, it may
be stale after an incoming migration, kvm_arch_put_registers() may
end up failing or putting vCPU in a weird state.

Reviewed-by: Maxim Levitsky <mlevitsk@redhat.com>
Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20220818150113.479917-2-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 45ed68a1a3a19754ade954d75a3c9d13ff560e5c
      
https://github.com/qemu/qemu/commit/45ed68a1a3a19754ade954d75a3c9d13ff560e5c
  Author: Vitaly Kuznetsov <vkuznets@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/kvm/kvm.c

  Log Message:
  -----------
  i386: do kvm_put_msr_feature_control() first thing when vCPU is reset

kvm_put_sregs2() fails to reset 'locked' CR4/CR0 bits upon vCPU reset when
it is in VMX root operation. Do kvm_put_msr_feature_control() before
kvm_put_sregs2() to (possibly) kick vCPU out of VMX root operation. It also
seems logical to do kvm_put_msr_feature_control() before
kvm_put_nested_state() and not after it, especially when 'real' nested
state is set.

Signed-off-by: Vitaly Kuznetsov <vkuznets@redhat.com>
Message-Id: <20220818150113.479917-3-vkuznets@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 7cb5844808f092306a5a764fe8427a653ac05358
      
https://github.com/qemu/qemu/commit/7cb5844808f092306a5a764fe8427a653ac05358
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M configure
    M docs/devel/build-system.rst

  Log Message:
  -----------
  configure: improve error for ucontext coroutine backend

Instead of using feature_not_found(), which is not a good match because
there is no "remedy" to fix the lack of makecontext(), just print a
custom error.

This happens to remove the last use of feature_not_found(), so remove
the definition and the documentation.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 0169815b47bffe4361ac2370a4ad584277a62a96
      
https://github.com/qemu/qemu/commit/0169815b47bffe4361ac2370a4ad584277a62a96
  Author: Anton Kochkov <anton.kochkov@proton.me>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M meson_options.txt

  Log Message:
  -----------
  meson: be strict for boolean options

While Meson buildsystem accepts the 'false' as a value
for boolean options, it's not covered by the specification
and in general invalid. Some alternative Meson implementations,
like Muon, do not accept 'false' or 'true' as a valid value
for the boolean options.

See https://mesonbuild.com/Build-options.html

Signed-off-by: Anton Kochkov <anton.kochkov@proton.me>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220817143538.2107779-1-anton.kochkov@proton.me>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: eccae02d99dfcf32d5c5db76f59c8f6ba25b5cb0
      
https://github.com/qemu/qemu/commit/eccae02d99dfcf32d5c5db76f59c8f6ba25b5cb0
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M meson.build
    M pc-bios/keymaps/meson.build
    M qapi/meson.build
    M target/riscv/meson.build

  Log Message:
  -----------
  meson: remove dead code

Found with "muon analyze".

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: e3af71e9009de156665df67b9bdf5bc192aae215
      
https://github.com/qemu/qemu/commit/e3af71e9009de156665df67b9bdf5bc192aae215
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M plugins/meson.build
    M tests/fp/meson.build
    M tests/qapi-schema/meson.build

  Log Message:
  -----------
  meson: remove dead assignments

Found with "muon analyze".

Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 4802bf910eee98312c4a9777ac2567e6a0445c46
      
https://github.com/qemu/qemu/commit/4802bf910eee98312c4a9777ac2567e6a0445c46
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M accel/kvm/kvm-all.c

  Log Message:
  -----------
  KVM: dirty ring: add missing memory barrier

The KVM_DIRTY_GFN_F_DIRTY flag ensures that the entry is valid.  If
the read of the fields are not ordered after the read of the flag,
QEMU might see stale values.

Cc: Gavin Shan <gshan@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 9e8504c0572de7a6d91e95738beaf18ffada1cf2
      
https://github.com/qemu/qemu/commit/9e8504c0572de7a6d91e95738beaf18ffada1cf2
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M tests/tcg/i386/Makefile.target
    M tests/tcg/x86_64/Makefile.target

  Log Message:
  -----------
  tests/tcg: x86_64: improve consistency with i386

Include test-i386-bmi2, and specify manually the tests (only one for now)
that need -cpu max.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 7b764d41733075624bf7d93b3e1ff9aa8f66f563
      
https://github.com/qemu/qemu/commit/7b764d41733075624bf7d93b3e1ff9aa8f66f563
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M tests/tcg/i386/Makefile.target
    M tests/tcg/i386/test-i386-bmi2.c

  Log Message:
  -----------
  tests/tcg: i386: extend BMI test

Cover all BMI1 and BMI2 instructions, both 32- and 64-bit.

Due to the use of inlines, the test now has to be compiled with -O2.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 75046ad72eaaae954849e2b793b6f629befb4ebc
      
https://github.com/qemu/qemu/commit/75046ad72eaaae954849e2b793b6f629befb4ebc
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: fix PHSUB* instructions with dest=src

The computation must not overwrite neither the destination
nor the source before the last element has been computed.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: bf30ad8cefeb3b199f5485c5d78f2801cd248264
      
https://github.com/qemu/qemu/commit/bf30ad8cefeb3b199f5485c5d78f2801cd248264
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: DPPS rounding fix

The DPPS (Dot Product) instruction is defined to first sum pairs of
intermediate results, then sum those values to get the final result.
i.e. (A+B)+(C+D)

We incrementally sum the results, i.e. ((A+B)+C)+D, which can result
in incorrect rouding.

For consistency, also change the variable names to the ones used
in the Intel SDM and implement DPPD following the manual.

Based on a patch by Paul Brook <paul@nowt.org>.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 91117bc546b10aeefd6d78502d82df5729f5f780
      
https://github.com/qemu/qemu/commit/91117bc546b10aeefd6d78502d82df5729f5f780
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M tests/tcg/Makefile.target
    M tests/tcg/i386/Makefile.target
    M tests/tcg/i386/README
    A tests/tcg/i386/test-avx.c
    A tests/tcg/i386/test-avx.py
    A tests/tcg/i386/x86.csv
    M tests/tcg/x86_64/Makefile.target

  Log Message:
  -----------
  tests/tcg: i386: add SSE tests

Tests for correct operation of most x86-64 SSE instructions.
It should cover all combinations of overlapping register and memory
operands on a set of random-ish data.

Results are bit-identical to an Intel i5-8500, with the exception of
the RCPSS and RSQRT approximations where the real CPU gives less accurate
results (the Intel spec allows relative errors up to 1.5 * 2^-12)

Signed-off-by: Paul Brook <paul@nowt.org>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220424220204.2493824-42-paul@nowt.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 3dd116e32e8624dcfa966570a7806e92e19dc380
      
https://github.com/qemu/qemu/commit/3dd116e32e8624dcfa966570a7806e92e19dc380
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: do not use MOVL to move data between SSE registers

Write down explicitly the load/store sequence.

Extracted from a patch by Paul Brook <paul@nowt.org>.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: da1a7edb5d790757b266462ab5d5e80b6a98214e
      
https://github.com/qemu/qemu/commit/da1a7edb5d790757b266462ab5d5e80b6a98214e
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: formatting fixes

Extracted from a patch by Paul Brook <paul@nowt.org>.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 36fc7ee299cf7901e372fec31b46b5367b55f9f5
      
https://github.com/qemu/qemu/commit/36fc7ee299cf7901e372fec31b46b5367b55f9f5
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: Add ZMM_OFFSET macro

Add a convenience macro to get the address of an xmm_regs element within
CPUX86State.

This was originally going to be the basis of an implementation that broke
operations into 128 bit chunks. I scrapped that idea, so this is now a purely
cosmetic change. But I think a worthwhile one - it reduces the number of
function calls that need to be split over multiple lines.

No functional changes.

Signed-off-by: Paul Brook <paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220424220204.2493824-9-paul@nowt.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: f2dbc28947026d8c55a28774f04d96d5612cf6dd
      
https://github.com/qemu/qemu/commit/f2dbc28947026d8c55a28774f04d96d5612cf6dd
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: Rework sse_op_table1

Add a flags field to each row in sse_op_table1.

Initially this is only used as a replacement for the magic
SSE_SPECIAL and SSE_DUMMY pointers, the other flags are mostly
relevant for the AVX implementation but can be applied to SSE as well.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-5-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 491f0f1962f3ac6d2968cbf2a5f192ac613abbcf
      
https://github.com/qemu/qemu/commit/491f0f1962f3ac6d2968cbf2a5f192ac613abbcf
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: Rework sse_op_table6/7

Add a flags field each row in sse_op_table6 and sse_op_table7.

Initially this is only used as a replacement for the magic SSE41_SPECIAL
pointer.  The other flags are mostly relevant for the AVX implementation
but can be applied to SSE as well.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-6-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 622ef8f29123a4048d93ae78303b52a4fca51e03
      
https://github.com/qemu/qemu/commit/622ef8f29123a4048d93ae78303b52a4fca51e03
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: Move 3DNOW decoder

Handle 3DNOW instructions early to avoid complicating the MMX/SSE logic.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-25-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 2607e76ffde4b0620428500a00c354c58578a933
      
https://github.com/qemu/qemu/commit/2607e76ffde4b0620428500a00c354c58578a933
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: check SSE table flags instead of hardcoding opcodes

Put more flags to work to avoid hardcoding lists of opcodes.  The op7 case
for SSE_OPF_CMP is included for homogeneity and because AVX needs it, but
it is never used by SSE or MMX.

Extracted from a patch by Paul Brook <paul@nowt.org>.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: d7a851f89ac60379087b7d29c4ba09e1c6e11265
      
https://github.com/qemu/qemu/commit/d7a851f89ac60379087b7d29c4ba09e1c6e11265
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: isolate MMX code more

Extracted from a patch by Paul Brook <paul@nowt.org>.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: ce4fa29f949595666ecea52eadc84ca899ccf2a4
      
https://github.com/qemu/qemu/commit/ce4fa29f949595666ecea52eadc84ca899ccf2a4
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h
    M target/i386/ops_sse_header.h
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: Add size suffix to vector FP helpers

For AVX we're going to need both 128 bit (xmm) and 256 bit (ymm) variants of
floating point helpers. Add the register type suffix to the existing
*PS and *PD helpers (SS and SD variants are only valid on 128 bit vectors)

No functional changes.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-15-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 7f326902433052e97a6aa9539f45d5a8a1fdd172
      
https://github.com/qemu/qemu/commit/7f326902433052e97a6aa9539f45d5a8a1fdd172
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: do not cast gen_helper_* function pointers

Use a union to store the various possible kinds of function pointers, and
access the correct one based on the flags.

SSEOpHelper_table6 and SSEOpHelper_table7 right now only have one case,
but this would change with AVX's 3- and 4-argument operations.  Use
unions there too, to keep the code more similar for the three tables.

Extracted from a patch by Paul Brook <paul@nowt.org>.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 71964f1b692addde852a3eb05e2298cbd80882ae
      
https://github.com/qemu/qemu/commit/71964f1b692addde852a3eb05e2298cbd80882ae
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: Add CHECK_NO_VEX

Reject invalid VEX encodings on MMX instructions.

Signed-off-by: Paul Brook <paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220424220204.2493824-7-paul@nowt.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 25bdec79c629b49fbcf134f9eca063aaba6d4094
      
https://github.com/qemu/qemu/commit/25bdec79c629b49fbcf134f9eca063aaba6d4094
  Author: Paolo Bonzini <pbonzini@redhat.com>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: rewrite destructive 3DNow operations

Remove use of the MOVE macro, since it will be purged from
MMX/SSE as well.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 18592d2ec2dddff3b08568d29aa82d96e0369b88
      
https://github.com/qemu/qemu/commit/18592d2ec2dddff3b08568d29aa82d96e0369b88
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Rewrite vector shift helper

Rewrite the vector shift helpers in preperation for AVX support (3 operand
form and 256 bit vectors).

For now keep the existing two operand interface.

No functional changes to existing helpers.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-11-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: ee04a3c86dc125bbbdb04abaf4188dbafe612891
      
https://github.com/qemu/qemu/commit/ee04a3c86dc125bbbdb04abaf4188dbafe612891
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Rewrite simple integer vector helpers

Rewrite the "simple" vector integer helpers in preperation for AVX support.

While the current code is able to use the same prototype for unary
(a = F(b)) and binary (a = F(b, c)) operations, future changes will cause
them to diverge.

No functional changes to existing helpers

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-12-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: e894bae8cbfdf08c0f006234badf297857aed3cd
      
https://github.com/qemu/qemu/commit/e894bae8cbfdf08c0f006234badf297857aed3cd
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Misc integer AVX helper prep

More preparatory work for AVX support in various integer vector helpers

No functional changes to existing helpers.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-13-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: d45b0de63d545aad2a2d91fde7b816ee3641d8d4
      
https://github.com/qemu/qemu/commit/d45b0de63d545aad2a2d91fde7b816ee3641d8d4
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Destructive vector helpers for AVX

These helpers need to take special care to avoid overwriting source values
before the wole result has been calculated.  Currently they use a dummy
Reg typed variable to store the result then assign the whole register.
This will cause 128 bit operations to corrupt the upper half of the register,
so replace it with explicit temporaries and element assignments.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-14-paul@nowt.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 3403cafeeef30f41afee42c655573675286b3238
      
https://github.com/qemu/qemu/commit/3403cafeeef30f41afee42c655573675286b3238
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Floating point arithmetic helper AVX prep

Prepare the "easy" floating point vector helpers for AVX

No functional changes to existing helpers.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-16-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: cbf4ad5498039105db7c41e16e116b5b6584a786
      
https://github.com/qemu/qemu/commit/cbf4ad5498039105db7c41e16e116b5b6584a786
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h
    M target/i386/ops_sse_header.h
    M target/i386/tcg/translate.c

  Log Message:
  -----------
  target/i386: reimplement AVX comparison helpers

AVX includes an additional set of comparison predicates, some of which
our softfloat implementation does not expose as separate functions.
Rewrite the helpers in terms of floatN_compare for future extensibility.

Signed-off-by: Paul Brook <paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220424220204.2493824-24-paul@nowt.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 6f218d6e994bd8b229d6522899b6ac6cd98bdb47
      
https://github.com/qemu/qemu/commit/6f218d6e994bd8b229d6522899b6ac6cd98bdb47
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Dot product AVX helper prep

Make the dpps and dppd helpers AVX-ready

I can't see any obvious reason why dppd shouldn't work on 256 bit ymm
registers, but both AMD and Intel agree that it's xmm only.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-17-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 6567ffb4f259d9937ff74f21e96cdac905440620
      
https://github.com/qemu/qemu/commit/6567ffb4f259d9937ff74f21e96cdac905440620
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Destructive FP helpers for AVX

Perpare the horizontal atithmetic vector helpers for AVX
These currently use a dummy Reg typed variable to store the result then
assign the whole register.  This will cause 128 bit operations to corrupt
the upper half of the register, so replace it with explicit temporaries
and element assignments.

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-18-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: fd17264ad153824204e1b5b88ebb3b597321b012
      
https://github.com/qemu/qemu/commit/fd17264ad153824204e1b5b88ebb3b597321b012
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Misc AVX helper prep

Fixup various vector helpers that either trivially exten to 256 bit,
or don't have 256 bit variants.

No functional changes to existing helpers

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-19-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 0e29cea589ac870f9bfcc33514ccce14dbd8f098
      
https://github.com/qemu/qemu/commit/0e29cea589ac870f9bfcc33514ccce14dbd8f098
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: Rewrite blendv helpers

Rewrite the blendv helpers so that they can easily be extended to support
the AVX encodings, which make all 4 arguments explicit.

No functional changes to the existing helpers

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-20-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 5a09df21f7478f18e2ec59bac78a85c60e15604b
      
https://github.com/qemu/qemu/commit/5a09df21f7478f18e2ec59bac78a85c60e15604b
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: AVX pclmulqdq prep

Make the pclmulqdq helper AVX ready

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-21-paul@nowt.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: a64fc269198e09d422da0e89e606f6f12b40af1f
      
https://github.com/qemu/qemu/commit/a64fc269198e09d422da0e89e606f6f12b40af1f
  Author: Paul Brook <paul@nowt.org>
  Date:   2022-09-01 (Thu, 01 Sep 2022)

  Changed paths:
    M target/i386/ops_sse.h

  Log Message:
  -----------
  target/i386: AVX+AES helpers prep

Make the AES vector helpers AVX ready

No functional changes to existing helpers

Signed-off-by: Paul Brook <paul@nowt.org>
Message-Id: <20220424220204.2493824-22-paul@nowt.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>


  Commit: 10dab9f2635b9bab23a2b29974b526e62bb61268
      
https://github.com/qemu/qemu/commit/10dab9f2635b9bab23a2b29974b526e62bb61268
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: Skip the maps not in the iova tree

Next patch will skip the registering of dma maps that the vdpa device
rejects in the iova tree. We need to consider that here or we cause a
SIGSEGV accessing result.

Reported-by: Lei Yang <leiyang@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 7dab70bec397e3522211e7bcc36d879bad8154c5
      
https://github.com/qemu/qemu/commit/7dab70bec397e3522211e7bcc36d879bad8154c5
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: do not save failed dma maps in SVQ iova tree

If a map fails for whatever reason, it must not be saved in the tree.
Otherwise, qemu will try to unmap it in cleanup, leaving to more errors.

Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
Reported-by: Lei Yang <leiyang@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 69292a8e40f4dae8af5f04724e06392cdf03c09e
      
https://github.com/qemu/qemu/commit/69292a8e40f4dae8af5f04724e06392cdf03c09e
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/i386/intel_iommu.c
    M hw/virtio/vhost-iova-tree.c
    M hw/virtio/vhost-iova-tree.h
    M hw/virtio/vhost-vdpa.c
    M include/qemu/iova-tree.h
    M net/vhost-vdpa.c
    M util/iova-tree.c

  Log Message:
  -----------
  util: accept iova_tree_remove_parameter by value

It's convenient to call iova_tree_remove from a map returned from
iova_tree_find or iova_tree_find_iova. With the current code this is not
possible, since we will free it, and then we will try to search for it
again.

Fix it making accepting the map by value, forcing a copy of the
argument. Not applying a fixes tag, since there is no use like that at
the moment.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: b37c12be962f95fd1e93b470a5ff05f6e2035d46
      
https://github.com/qemu/qemu/commit/b37c12be962f95fd1e93b470a5ff05f6e2035d46
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: Remove SVQ vring from iova_tree at shutdown

Although the device will be reset before usage, the right thing to do is
to clean it.

Reported-by: Lei Yang <leiyang@redhat.com>
Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 5b590f51b923776a14d3bcafcb393279c1b72022
      
https://github.com/qemu/qemu/commit/5b590f51b923776a14d3bcafcb393279c1b72022
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: Make SVQ vring unmapping return void

Nothing actually reads the return value, but an error in cleaning some
entries could cause device stop to abort, making a restart impossible.
Better ignore explicitely the return value.

Reported-by: Lei Yang <leiyang@redhat.com>
Fixes: 34e3c94eda ("vdpa: Add custom IOTLB translations to SVQ")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 8b64e486423b09db4463799727bf1fad62fe496a
      
https://github.com/qemu/qemu/commit/8b64e486423b09db4463799727bf1fad62fe496a
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-shadow-virtqueue.c

  Log Message:
  -----------
  vhost: Always store new kick fd on vhost_svq_set_svq_kick_fd

We can unbind twice a file descriptor if we call twice
vhost_svq_set_svq_kick_fd because of this. Since it comes from vhost and
not from SVQ, that file descriptor could be a different thing that
guest's vhost notifier.

Likewise, it can happens the same if a guest start and stop the device
multiple times.

Reported-by: Lei Yang <leiyang@redhat.com>
Fixes: dff4426fa6 ("vhost: Add Shadow VirtQueue kick forwarding capabilities")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 8b6d6119ad7fd983d192f60c4960fb6a9197d995
      
https://github.com/qemu/qemu/commit/8b6d6119ad7fd983d192f60c4960fb6a9197d995
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: Use ring hwaddr at vhost_vdpa_svq_unmap_ring

Reduce code duplication.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 9c2ab2f1ec333be8614cc12272d4b91960704dbe
      
https://github.com/qemu/qemu/commit/9c2ab2f1ec333be8614cc12272d4b91960704dbe
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-shadow-virtqueue.c

  Log Message:
  -----------
  vhost: stop transfer elem ownership in vhost_handle_guest_kick

It was easier to allow vhost_svq_add to handle the memory. Now that we
will allow qemu to add elements to a SVQ without the guest's knowledge,
it's better to handle it in the caller.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 86f5f2546f03a3dfde421c715187b262e29b2848
      
https://github.com/qemu/qemu/commit/86f5f2546f03a3dfde421c715187b262e29b2848
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-shadow-virtqueue.c

  Log Message:
  -----------
  vhost: use SVQ element ndescs instead of opaque data for desc validation

Since we're going to allow SVQ to add elements without the guest's
knowledge and without its own VirtQueueElement, it's easier to check if
an element is a valid head checking a different thing than the
VirtQueueElement.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 9e193cec5db949e4001070442a2f7de7042ef09b
      
https://github.com/qemu/qemu/commit/9e193cec5db949e4001070442a2f7de7042ef09b
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-shadow-virtqueue.c

  Log Message:
  -----------
  vhost: Delete useless read memory barrier

As discussed in previous series [1], this memory barrier is useless with
the atomic read of used idx at vhost_svq_more_used. Deleting it.

[1] https://lists.nongnu.org/archive/html/qemu-devel/2022-07/msg02616.html

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: d368c0b052ad95d3bf4fcc5a5d25715a35c91d4b
      
https://github.com/qemu/qemu/commit/d368c0b052ad95d3bf4fcc5a5d25715a35c91d4b
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-shadow-virtqueue.c

  Log Message:
  -----------
  vhost: Do not depend on !NULL VirtQueueElement on vhost_svq_flush

Since QEMU will be able to inject new elements on CVQ to restore the
state, we need not to depend on a VirtQueueElement to know if a new
element has been used by the device or not. Instead of check that, check
if there are new elements only using used idx on vhost_svq_flush.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: eb92b75380fc0f2368e22be45d1e2d1e2cd2f79c
      
https://github.com/qemu/qemu/commit/eb92b75380fc0f2368e22be45d1e2d1e2cd2f79c
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/net/vhost_net.c
    M include/net/net.h

  Log Message:
  -----------
  vhost_net: Add NetClientInfo start callback

This is used by the backend to perform actions before the device is
started.

In particular, vdpa net use it to map CVQ buffers to the device, so it
can send control commands using them.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: c5e5269d8a955a0f924218911c2f4a0b34e87a21
      
https://github.com/qemu/qemu/commit/c5e5269d8a955a0f924218911c2f4a0b34e87a21
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/net/vhost_net.c
    M include/net/net.h

  Log Message:
  -----------
  vhost_net: Add NetClientInfo stop callback

Used by the backend to perform actions after the device is stopped.

In particular, vdpa net use it to unmap CVQ buffers to the device,
cleaning the actions performed in prepare().

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: f8972b56eeace10a410990f032406250abe18d64
      
https://github.com/qemu/qemu/commit/f8972b56eeace10a410990f032406250abe18d64
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M net/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: add net_vhost_vdpa_cvq_info NetClientInfo

Next patches will add a new info callback to restore NIC status through
CVQ. Since only the CVQ vhost device is needed, create it with a new
NetClientInfo.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 7a7f87e94c4e75ca177564491595dd17b7e41a62
      
https://github.com/qemu/qemu/commit/7a7f87e94c4e75ca177564491595dd17b7e41a62
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M net/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: Move command buffers map to start of net device

As this series will reuse them to restore the device state at the end of
a migration (or a device start), let's allocate only once at the device
start so we don't duplicate their map and unmap.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: be4278b65fc1be8fce87e1e7c01bc52602d304eb
      
https://github.com/qemu/qemu/commit/be4278b65fc1be8fce87e1e7c01bc52602d304eb
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M net/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: extract vhost_vdpa_net_cvq_add from vhost_vdpa_net_handle_ctrl_avail

So we can reuse it to inject state messages.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
--
v7:
* Remove double free error

v6:
* Do not assume in buffer sent to the device is sizeof(virtio_net_ctrl_ack)

v5:
* Do not use an artificial !NULL VirtQueueElement
* Use only out size instead of iovec dev_buffers for these functions.

Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 539573c317dc0b8d50a128db60550f2f2898d2fc
      
https://github.com/qemu/qemu/commit/539573c317dc0b8d50a128db60550f2f2898d2fc
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/net/vhost_net.c
    M include/net/net.h

  Log Message:
  -----------
  vhost_net: add NetClientState->load() callback

It allows per-net client operations right after device's successful
start. In particular, to load the device status.

Vhost-vdpa net will use it to add the CVQ buffers to restore the device
status.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: dd036d8d278e6882803bccaa8c51b8527ea33f45
      
https://github.com/qemu/qemu/commit/dd036d8d278e6882803bccaa8c51b8527ea33f45
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M net/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: Add virtio-net mac address via CVQ at start

This is needed so the destination vdpa device see the same state a the
guest set in the source.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 0e3fdcffead7c651ce06ab50cffb89e806f04e2b
      
https://github.com/qemu/qemu/commit/0e3fdcffead7c651ce06ab50cffb89e806f04e2b
  Author: Eugenio Pérez <eperezma@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/virtio/vhost-vdpa.c
    M include/hw/virtio/vhost-vdpa.h
    M net/vhost-vdpa.c

  Log Message:
  -----------
  vdpa: Delete CVQ migration blocker

We can restore the device state in the destination via CVQ now. Remove
the migration blocker.

Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 3772cf0d1b37d32e61dc314e9cc18ff745327ddd
      
https://github.com/qemu/qemu/commit/3772cf0d1b37d32e61dc314e9cc18ff745327ddd
  Author: Zhang Chen <chen.zhang@intel.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M net/colo.c
    M net/colo.h
    M net/trace-events

  Log Message:
  -----------
  net/colo.c: Fix the pointer issue reported by Coverity.

When enabled the virtio-net-pci, guest network packet will
load the vnet_hdr. In COLO status, the primary VM's network
packet maybe redirect to another VM, it needs filter-redirect
enable the vnet_hdr flag at the same time, COLO-proxy will
correctly parse the original network packet. If have any
misconfiguration here, the vnet_hdr_len is wrong for parse
the packet, the data+offset will point to wrong place.

Signed-off-by: Zhang Chen <chen.zhang@intel.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: 36a894aeb64a2e02871016da1c37d4a4ca109182
      
https://github.com/qemu/qemu/commit/36a894aeb64a2e02871016da1c37d4a4ca109182
  Author: Zheyu Ma <zheyuma97@gmail.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/net/tulip.c

  Log Message:
  -----------
  net: tulip: Restrict DMA engine to memories

The DMA engine is started by I/O access and then itself accesses the
I/O registers, triggering a reentrancy bug.

The following log can reveal it:
==5637==ERROR: AddressSanitizer: stack-overflow
    #0 0x5595435f6078 in tulip_xmit_list_update qemu/hw/net/tulip.c:673
    #1 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13
    #2 0x559544637f86 in memory_region_write_accessor 
qemu/softmmu/memory.c:492:5
    #3 0x5595446379fa in access_with_adjusted_size qemu/softmmu/memory.c:554:18
    #4 0x5595446372fa in memory_region_dispatch_write qemu/softmmu/memory.c
    #5 0x55954468b74c in flatview_write_continue qemu/softmmu/physmem.c:2825:23
    #6 0x559544683662 in flatview_write qemu/softmmu/physmem.c:2867:12
    #7 0x5595446833f3 in address_space_write qemu/softmmu/physmem.c:2963:18
    #8 0x5595435fb082 in dma_memory_rw_relaxed qemu/include/sysemu/dma.h:87:12
    #9 0x5595435fb082 in dma_memory_rw qemu/include/sysemu/dma.h:130:12
    #10 0x5595435fb082 in dma_memory_write qemu/include/sysemu/dma.h:171:12
    #11 0x5595435fb082 in stl_le_dma qemu/include/sysemu/dma.h:272:1
    #12 0x5595435fb082 in stl_le_pci_dma qemu/include/hw/pci/pci.h:910:1
    #13 0x5595435fb082 in tulip_desc_write qemu/hw/net/tulip.c:101:9
    #14 0x5595435f7e3d in tulip_xmit_list_update qemu/hw/net/tulip.c:706:9
    #15 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13

Fix this bug by restricting the DMA engine to memories regions.

Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>


  Commit: fccffd53719255cafd4bc89f5b0bda1cd37924f4
      
https://github.com/qemu/qemu/commit/fccffd53719255cafd4bc89f5b0bda1cd37924f4
  Author: Stefan Hajnoczi <stefanha@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M hw/i386/intel_iommu.c
    M hw/net/tulip.c
    M hw/net/vhost_net.c
    M hw/virtio/vhost-iova-tree.c
    M hw/virtio/vhost-iova-tree.h
    M hw/virtio/vhost-shadow-virtqueue.c
    M hw/virtio/vhost-vdpa.c
    M include/hw/virtio/vhost-vdpa.h
    M include/net/net.h
    M include/qemu/iova-tree.h
    M net/colo.c
    M net/colo.h
    M net/trace-events
    M net/vhost-vdpa.c
    M util/iova-tree.c

  Log Message:
  -----------
  Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging

# -----BEGIN PGP SIGNATURE-----
# Version: GnuPG v1
#
# iQEcBAABAgAGBQJjEaMLAAoJEO8Ells5jWIRoRwIAJpwefLgH/+lkd1mtWqxBhuS
# KLa0bkcS6nIGnjQzNX/XWipu/5tMbBLzbaKw0myodvoK6Yx0MFog1cWf6gLHuvWH
# Jy3ONUrF9umHYuOa9sJJtXv/aP7neNJSB3RW67BaiLCLkaetDj9lLciA/KKMvb/I
# JNFtuLVTPibZ5iVTjvifFWmJD/Yk0P8mlrH5yfrA3B2EaaWf1es0GWobGIwwLu9s
# ZSqjhMDAhfOW2E1sBh7jFRh4lJX1t1jRhyIGx2bOXevPx2hFHq6FSq+yuJ9OsZvO
# wC8mC4DD+fovypDWbv3WLslIejM0+THD8KuBQnZtKX5Mbhc+0cELpIFLUdH95TM=
# =eMUT
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 02 Sep 2022 02:30:35 EDT
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) 
<jasowang@redhat.com>" [full]
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* tag 'net-pull-request' of https://github.com/jasowang/qemu: (21 commits)
  net: tulip: Restrict DMA engine to memories
  net/colo.c: Fix the pointer issue reported by Coverity.
  vdpa: Delete CVQ migration blocker
  vdpa: Add virtio-net mac address via CVQ at start
  vhost_net: add NetClientState->load() callback
  vdpa: extract vhost_vdpa_net_cvq_add from vhost_vdpa_net_handle_ctrl_avail
  vdpa: Move command buffers map to start of net device
  vdpa: add net_vhost_vdpa_cvq_info NetClientInfo
  vhost_net: Add NetClientInfo stop callback
  vhost_net: Add NetClientInfo start callback
  vhost: Do not depend on !NULL VirtQueueElement on vhost_svq_flush
  vhost: Delete useless read memory barrier
  vhost: use SVQ element ndescs instead of opaque data for desc validation
  vhost: stop transfer elem ownership in vhost_handle_guest_kick
  vdpa: Use ring hwaddr at vhost_vdpa_svq_unmap_ring
  vhost: Always store new kick fd on vhost_svq_set_svq_kick_fd
  vdpa: Make SVQ vring unmapping return void
  vdpa: Remove SVQ vring from iova_tree at shutdown
  util: accept iova_tree_remove_parameter by value
  vdpa: do not save failed dma maps in SVQ iova tree
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>


  Commit: 61fd710b8da8aedcea9b4f197283dc38638e4b60
      
https://github.com/qemu/qemu/commit/61fd710b8da8aedcea9b4f197283dc38638e4b60
  Author: Stefan Hajnoczi <stefanha@redhat.com>
  Date:   2022-09-02 (Fri, 02 Sep 2022)

  Changed paths:
    M accel/kvm/kvm-all.c
    M configure
    M docs/devel/build-system.rst
    M hw/scsi/esp.c
    M hw/scsi/lsi53c895a.c
    M hw/scsi/megasas.c
    M hw/scsi/mptsas.c
    M hw/scsi/scsi-bus.c
    M hw/scsi/scsi-disk.c
    M hw/scsi/scsi-generic.c
    M hw/scsi/spapr_vscsi.c
    M hw/scsi/virtio-scsi.c
    M hw/scsi/vmw_pvscsi.c
    M hw/usb/dev-storage.c
    M hw/usb/dev-uas.c
    M include/hw/scsi/scsi.h
    M meson.build
    M meson_options.txt
    M pc-bios/keymaps/meson.build
    M plugins/meson.build
    M qapi/meson.build
    M target/i386/kvm/kvm.c
    M target/i386/ops_sse.h
    M target/i386/ops_sse_header.h
    M target/i386/tcg/translate.c
    M target/riscv/meson.build
    M tests/fp/meson.build
    M tests/qapi-schema/meson.build
    M tests/tcg/Makefile.target
    M tests/tcg/i386/Makefile.target
    M tests/tcg/i386/README
    A tests/tcg/i386/test-avx.c
    A tests/tcg/i386/test-avx.py
    M tests/tcg/i386/test-i386-bmi2.c
    A tests/tcg/i386/x86.csv
    M tests/tcg/x86_64/Makefile.target

  Log Message:
  -----------
  Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging

* SCSI fixes for Mac OS 9
* Fix CPU reset for x86/KVM nested virtualization state
* remove feature_not_found() from the configure script
* Meson cleanups from muon
* improved i386 TCG tests for BMI and SSE
* SSE bugfixes

# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmMQ+IQUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNofQgArLRlbhua699UyDkTEGGv+gBVRRKg
# qJndTFJp5cvjJo3fNeE1XyZGY0PGLH09ilwHKnGqvn7Bc996ty6zi3sLDC+iT/SO
# cRik6EVgZH/0QseYZijviuz7NklL8so/bgn7sORP9ibRWwiojBzm91emUt4X2l5N
# WOmxLYNIPXR/G8LOSv5Dh4C4WXU3zuaLvTmg/fWPoWTF8P+9LU0gEKUzyk0jMJu4
# hb9lVLXyNbgEcdtK+VewWjsdJcdmF1tMAR94GTmbUdwxbwmATqX8w16jGUbnXPt2
# FZfmjS6CJO90uV7wBA91NnFlrJpWyDn1dKQ+ozpW0ZOAO+wfghpVq7/IRA==
# =VRK4
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 01 Sep 2022 14:23:00 EDT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (39 commits)
  target/i386: AVX+AES helpers prep
  target/i386: AVX pclmulqdq prep
  target/i386: Rewrite blendv helpers
  target/i386: Misc AVX helper prep
  target/i386: Destructive FP helpers for AVX
  target/i386: Dot product AVX helper prep
  target/i386: reimplement AVX comparison helpers
  target/i386: Floating point arithmetic helper AVX prep
  target/i386: Destructive vector helpers for AVX
  target/i386: Misc integer AVX helper prep
  target/i386: Rewrite simple integer vector helpers
  target/i386: Rewrite vector shift helper
  target/i386: rewrite destructive 3DNow operations
  target/i386: Add CHECK_NO_VEX
  target/i386: do not cast gen_helper_* function pointers
  target/i386: Add size suffix to vector FP helpers
  target/i386: isolate MMX code more
  target/i386: check SSE table flags instead of hardcoding opcodes
  target/i386: Move 3DNOW decoder
  target/i386: Rework sse_op_table6/7
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>


Compare: https://github.com/qemu/qemu/compare/9fd704da6809...61fd710b8da8



reply via email to

[Prev in Thread] Current Thread [Next in Thread]