qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 4ea3fa: Revert "linux-user: Fix qemu-arm to r


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 4ea3fa: Revert "linux-user: Fix qemu-arm to run static arm...
Date: Mon, 24 Jul 2023 06:21:10 -0700

  Branch: refs/heads/master
  Home:   https://github.com/qemu/qemu
  Commit: 4ea3fa99bebe8f153e74cf625980183cfd2238f6
      
https://github.com/qemu/qemu/commit/4ea3fa99bebe8f153e74cf625980183cfd2238f6
  Author: Michael Tokarev <mjt@tls.msk.ru>
  Date:   2023-07-22 (Sat, 22 Jul 2023)

  Changed paths:
    M linux-user/elfload.c

  Log Message:
  -----------
  Revert "linux-user: Fix qemu-arm to run static armhf binaries"

This reverts commit 518f32221af759a29500ac172c4c857bef142067.

It is causing similar segfaults at least on aarch64, ppc64el
and s390x. Let's revert this one for now and analyze what's
going on later.

Reopens: https://bugs.debian.org/1040981
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>


  Commit: dcaaf2bf9bfd2c664dbeff0069fcab3d75c924d3
      
https://github.com/qemu/qemu/commit/dcaaf2bf9bfd2c664dbeff0069fcab3d75c924d3
  Author: Bin Meng <bmeng@tinylab.org>
  Date:   2023-07-23 (Sun, 23 Jul 2023)

  Changed paths:
    M pc-bios/opensbi-riscv32-generic-fw_dynamic.bin
    M pc-bios/opensbi-riscv64-generic-fw_dynamic.bin
    M roms/opensbi

  Log Message:
  -----------
  roms/opensbi: Upgrade from v1.3 to v1.3.1

Upgrade OpenSBI from v1.3 to v1.3.1 and the pre-built bios images
which fixes the boot failure seen when using QEMU to do a direct
kernel boot with Microchip Icicle Kit board machine.

The v1.3.1 release includes the following commits:

0907de3 lib: sbi: fix comment indent
eb736a5 lib: sbi_pmu: Avoid out of bounds access
7828eeb gpio/desginware: add Synopsys DesignWare APB GPIO support
c6a3573 lib: utils: Fix sbi_hartid_to_scratch() usage in ACLINT drivers
057eb10 lib: utils/gpio: Fix RV32 compile error for designware GPIO driver

Signed-off-by: Bin Meng <bmeng@tinylab.org>
Message-Id: <20230719165817.889465-1-bmeng@tinylab.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Tested-by: Conor Dooley <conor.dooley@microchip.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>


  Commit: 736a1588c104e9995c1831df33554df1f1def8b8
      
https://github.com/qemu/qemu/commit/736a1588c104e9995c1831df33554df1f1def8b8
  Author: Jordan Niethe <jniethe5@gmail.com>
  Date:   2023-07-23 (Sun, 23 Jul 2023)

  Changed paths:
    M tcg/ppc/tcg-target.c.inc

  Log Message:
  -----------
  tcg/ppc: Fix race in goto_tb implementation

Commit 20b6643324 ("tcg/ppc: Reorg goto_tb implementation") modified
goto_tb to ensure only a single instruction was patched to prevent
incorrect behavior if a thread was in the middle of multiple
instructions when they were replaced. However this introduced a race
between loading the jmp target into TCG_REG_TB and patching and
executing the direct branch.

The relevant part of the goto_tb implementation:

    ld TCG_REG_TB, TARGET_ADDR_LOCATION(TCG_REG_TB)
  patch_location:
    mtctr TCG_REG_TB
    bctr

tb_target_set_jmp_target() will replace 'patch_location' with a direct
branch if the target is in range. The direct branch now relies on
TCG_REG_TB being set up correctly by the ld. Prior to this commit
multiple instructions were patched in for the direct branch case; these
instructions would initialize TCG_REG_TB to the same value as the branch
target.

Imagine the following sequence:

1) Thread A is executing the goto_tb sequence and loads the jmp
   target into TCG_REG_TB.

2) Thread B updates the jmp target address and calls
   tb_target_set_jmp_target(). This patches a new direct branch into the
   goto_tb sequence.

3) Thread A executes the newly patched direct branch. The value in
   TCG_REG_TB still contains the old jmp target.

TCG_REG_TB MUST contain the translation block's tc.ptr. Execution will
eventually crash after performing memory accesses generated from a
faulty value in TCG_REG_TB.

This presents as segfaults or illegal instruction exceptions.

Do not revert commit 20b6643324 as it did fix a different race
condition. Instead remove the direct branch optimization and always use
indirect branches.

The direct branch optimization can be re-added later with a race free
sequence.

Fixes: 20b6643324 ("tcg/ppc: Reorg goto_tb implementation")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1726
Reported-by: Anushree Mathur <anushree.mathur@linux.vnet.ibm.com>
Tested-by: Anushree Mathur <anushree.mathur@linux.vnet.ibm.com>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Co-developed-by: Benjamin Gray <bgray@linux.ibm.com>
Signed-off-by: Jordan Niethe <jniethe5@gmail.com>
Signed-off-by: Benjamin Gray <bgray@linux.ibm.com>
Message-Id: <20230717093001.13167-1-jniethe5@gmail.com>


  Commit: 990ef9182b5b7cb63be8da918fe38865b3ab840a
      
https://github.com/qemu/qemu/commit/990ef9182b5b7cb63be8da918fe38865b3ab840a
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-23 (Sun, 23 Jul 2023)

  Changed paths:
    M bsd-user/mmap.c
    M include/exec/exec-all.h
    M linux-user/mmap.c

  Log Message:
  -----------
  include/exec: Add WITH_MMAP_LOCK_GUARD

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: f1ce0b80283e19d5e65a5c2b0b4de6d92ca7f527
      
https://github.com/qemu/qemu/commit/f1ce0b80283e19d5e65a5c2b0b4de6d92ca7f527
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-23 (Sun, 23 Jul 2023)

  Changed paths:
    M accel/tcg/ldst_atomicity.c.inc

  Log Message:
  -----------
  accel/tcg: Fix sense of read-only probes in ldst_atomicity

In the initial commit, cdfac37be0d, the sense of the test is incorrect,
as the -1/0 return was confusing.  In bef6f008b981, we mechanically
invert all callers while changing to false/true return, preserving the
incorrectness of the test.

Now that the return sense is sane, it's easy to see that if !write,
then the page is not modifiable (i.e. most likely read-only, with
PROT_NONE handled via SIGSEGV).

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 2c8412d469707124c6f471822aff2e2cab395907
      
https://github.com/qemu/qemu/commit/2c8412d469707124c6f471822aff2e2cab395907
  Author: Richard Henderson <richard.henderson@linaro.org>
  Date:   2023-07-23 (Sun, 23 Jul 2023)

  Changed paths:
    M accel/tcg/ldst_atomicity.c.inc

  Log Message:
  -----------
  accel/tcg: Take mmap_lock in load_atomic*_or_exit

For user-only, the probe for page writability may race with another
thread's mprotect.  Take the mmap_lock around the operation.  This
is still faster than the start/end_exclusive fallback.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 22d2e5351a18aff5a9c7e3984b50ecce61ff8975
      
https://github.com/qemu/qemu/commit/22d2e5351a18aff5a9c7e3984b50ecce61ff8975
  Author: Ilya Leoshkevich <iii@linux.ibm.com>
  Date:   2023-07-23 (Sun, 23 Jul 2023)

  Changed paths:
    M tcg/i386/tcg-target-con-set.h
    M tcg/i386/tcg-target.c.inc
    M tcg/s390x/tcg-target-con-set.h
    M tcg/s390x/tcg-target.c.inc
    M tcg/tcg.c

  Log Message:
  -----------
  tcg/{i386, s390x}: Add earlyclobber to the op_add2's first output

i386 and s390x implementations of op_add2 require an earlyclobber,
which is currently missing. This breaks VCKSM in s390x guests. E.g., on
x86_64 the following op:

    add2_i32 tmp2,tmp3,tmp2,tmp3,tmp3,tmp2   dead: 0 2 3 4 5  pref=none,0xffff

is translated to:

    addl     %ebx, %r12d
    adcl     %r12d, %ebx

Introduce a new C_N1_O1_I4 constraint, and make sure that earlyclobber
of aliased outputs is honored.

Cc: qemu-stable@nongnu.org
Fixes: 82790a870992 ("tcg: Add markup for output requires new register")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230719221310.1968845-7-iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 8c605cf1d4d9a39a6953086bacddefb0583d91d7
      
https://github.com/qemu/qemu/commit/8c605cf1d4d9a39a6953086bacddefb0583d91d7
  Author: Anton Johansson <anjo@rev.ng>
  Date:   2023-07-24 (Mon, 24 Jul 2023)

  Changed paths:
    M accel/tcg/cputlb.c

  Log Message:
  -----------
  accel/tcg: Zero-pad vaddr in tlb_debug output

In replacing target_ulong with vaddr and TARGET_FMT_lx with VADDR_PRIx,
the zero-padding of TARGET_FMT_lx got lost.  Readd 16-wide zero-padding
for logging consistency.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-Id: <20230713120746.26897-1-anjo@rev.ng>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: 32b120394c578bc824f1db4835b3bffbeca88fae
      
https://github.com/qemu/qemu/commit/32b120394c578bc824f1db4835b3bffbeca88fae
  Author: Luca Bonissi <qemu@bonslack.org>
  Date:   2023-07-24 (Mon, 24 Jul 2023)

  Changed paths:
    M accel/tcg/user-exec.c

  Log Message:
  -----------
  accel/tcg: Fix type of 'last' for pageflags_{find,next}

These should match 'start' as target_ulong, not target_long.

On 32bit targets, the parameter was sign-extended to uint64_t,
so only the first mmap within the upper 2GB memory can succeed.

Signed-off-by: Luca Bonissi <qemu@bonslack.org>
Message-Id: <327460e2-0ebd-9edb-426b-1df80d16c32a@bonslack.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>


  Commit: c5216b69545ec391c6099a0816fc537c49ad0063
      
https://github.com/qemu/qemu/commit/c5216b69545ec391c6099a0816fc537c49ad0063
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2023-07-24 (Mon, 24 Jul 2023)

  Changed paths:
    M accel/tcg/cputlb.c
    M accel/tcg/ldst_atomicity.c.inc
    M accel/tcg/user-exec.c
    M bsd-user/mmap.c
    M include/exec/exec-all.h
    M linux-user/mmap.c
    M tcg/i386/tcg-target-con-set.h
    M tcg/i386/tcg-target.c.inc
    M tcg/ppc/tcg-target.c.inc
    M tcg/s390x/tcg-target-con-set.h
    M tcg/s390x/tcg-target.c.inc
    M tcg/tcg.c

  Log Message:
  -----------
  Merge tag 'pull-tcg-20230724' of https://gitlab.com/rth7680/qemu into staging

accel/tcg: Zero-pad vaddr in tlb debug output
accel/tcg: Fix type of 'last' for pageflags_{find,next}
accel/tcg: Fix sense of read-only probes in ldst_atomicity
accel/tcg: Take mmap_lock in load_atomic*_or_exit
tcg: Add earlyclobber to op_add2 for x86 and s390x
tcg/ppc: Fix race in goto_tb implementation

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmS+O7cdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8qrAf/VeAFnMbtantUTfM5
# zOcfBlutsDlJrNwA/ajFDrPwUDewP7s5cqxImAYqhXfhqlc2RIB3UiMCgSaQ+q6O
# MBOH0bEj/zbeIlwRX07ZBWhUYVdqJVd7Nxb1W19YwgG9yieWUxa+Xo1i2fhyXMv+
# 20VOFB1dPnxYyUMrzh/bSiHE90JFZktO1WzV10FRD+IpnImY9R+YGdpGTpVzUhor
# ReRHTkMKyYilY6EEUG2gFhotrY/bbSSSFyl9BcQjkZh11603nAN0mNKxtSjPJnNB
# rXhCVEgmbbBvCufsO6szQ03W/7RZ/KCg/DyKqxyCP1Ril4BIOx3tiucROcapXH/K
# 0y/ycA==
# =hdk/
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 24 Jul 2023 09:52:07 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" 
[full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* tag 'pull-tcg-20230724' of https://gitlab.com/rth7680/qemu:
  accel/tcg: Fix type of 'last' for pageflags_{find,next}
  accel/tcg: Zero-pad vaddr in tlb_debug output
  tcg/{i386, s390x}: Add earlyclobber to the op_add2's first output
  accel/tcg: Take mmap_lock in load_atomic*_or_exit
  accel/tcg: Fix sense of read-only probes in ldst_atomicity
  include/exec: Add WITH_MMAP_LOCK_GUARD
  tcg/ppc: Fix race in goto_tb implementation

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: a74e39f67462a5b4897e95c1ed1d42598b448362
      
https://github.com/qemu/qemu/commit/a74e39f67462a5b4897e95c1ed1d42598b448362
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2023-07-24 (Mon, 24 Jul 2023)

  Changed paths:
    M linux-user/elfload.c

  Log Message:
  -----------
  Merge tag 'pull-revert-armhf-brk-fix' of https://gitlab.com/mjt0k/qemu into 
staging

Revert "linux-user: Fix qemu-arm to run static armhf binaries"

# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmS8Cj4PHG1qdEB0bHMu
# bXNrLnJ1AAoJEHAbT2saaT5ZLdsH/A7uTAODHopQnUGySPpHAT9uPjf6A21eZnnE
# MAcd3w+iEnrleJbpSftaZfKBKEUEN/vPPXg8nfCxhtfvgWUoHlglR3EoeTU+viFG
# cW7YO2LG9EbITL62uWDM6blVJzh7OHq+IjUf9xYuErnpREyXMvmGGAlRRjAN2yUz
# 3TMQ35JBNuSay2hwvC12jj4AqsmCEFBxvUiJkrrQTFeCVa+Gj/A9xoH7NWSrkW5F
# YE1qIfc2lCQFuWag3+Iag1PtTmj4oeW2LmLCJpxc75XnRqcl7MKK2mNhNJ012kun
# YZtySEG35t4x4Pyf11dhydtv4fbe5K+L0OjMf444zzEcW7TJ840=
# =Cp7j
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 22 Jul 2023 17:56:30 BST
# gpg:                using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59
# gpg:                issuer "mjt@tls.msk.ru"
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [full]
# gpg:                 aka "Michael Tokarev <mjt@corpit.ru>" [full]
# gpg:                 aka "Michael Tokarev <mjt@debian.org>" [full]
# Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D  4324 457C E0A0 8044 65C5
#      Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931  4B22 701B 4F6B 1A69 3E59

* tag 'pull-revert-armhf-brk-fix' of https://gitlab.com/mjt0k/qemu:
  Revert "linux-user: Fix qemu-arm to run static armhf binaries"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: 885fc169f09f5915ce037263d20a59eb226d473d
      
https://github.com/qemu/qemu/commit/885fc169f09f5915ce037263d20a59eb226d473d
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2023-07-24 (Mon, 24 Jul 2023)

  Changed paths:
    M pc-bios/opensbi-riscv32-generic-fw_dynamic.bin
    M pc-bios/opensbi-riscv64-generic-fw_dynamic.bin
    M roms/opensbi

  Log Message:
  -----------
  Merge tag 'pull-riscv-to-apply-20230723-3' of 
https://github.com/alistair23/qemu into staging

Fifth RISC-V PR for 8.1

* roms/opensbi: Upgrade from v1.3 to v1.3.1

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmS88+wACgkQr3yVEwxT
# gBNxwA//ZJxbSN4LR+5Cs12tW1ad4GMfkMyoRHp6CN6ZFA38W3xjvchqEAKMlk9C
# S8GHfoGukk0+dxqZ6QID/GTgaR0aH09WVFkr4SzWCvvFaJFnzU+wJknQv7aLOT/M
# yFflWbpUFM/JJlpouskSqG1eMjcC4P2ZD8e5CiP1OqRgzQ0HyQi99ADVpFMzET6X
# xP9LfFKvgaOrsTUJAGrnJ3EUkJIx9e1yTBm7wt+tREIj7peLZuwUGG6+vPAXnEq2
# JpAnFHlsiDWfOf72bIZt7Gw9AS64f6ej6IvtqhfjF5a7nOhPb0soejilIsvnTVS7
# akp4Ip2TQ8wULb4wehHPkmo882mzacmeHHsxPAzgW+FKbSK+LKiDvesJk0suO+SW
# 4tCL6xo2gFrTgSUxo762myTN6u5JxkPZnLJV7Lw/nfWJ04DYaZWJ4KdZ39HH+34/
# 1jNt1SXK/WF1DlXoRkRnQtzeenhIvmlSOtyhPhpAjSXHnwk5vfnarq/EAcKx2t+B
# OHWDwQlWgnZ/53m0EwBB91IDW4dMMc7CwTw8VPDjUQeRk8JFhrRjnY4TdT/LGBZt
# 87AfKEH8RPo0mIbDou7/bjXwraW647SzlZhrCfyNNyNQ4fo1z3Qo5tO5liloiBQb
# SRdhdZ6UCg6epokVuvaRPH+TMmMGWad6n4GKGqXa1edK1yCIKEE=
# =pNh6
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 23 Jul 2023 10:33:32 BST
# gpg:                using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65  9296 AF7C 9513 0C53 8013

* tag 'pull-riscv-to-apply-20230723-3' of https://github.com/alistair23/qemu:
  roms/opensbi: Upgrade from v1.3 to v1.3.1

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/d1181d29370a...885fc169f09f



reply via email to

[Prev in Thread] Current Thread [Next in Thread]