qemu-commits
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Qemu-commits] [qemu/qemu] 4cba83: ui: reject extended clipboard message


From: Peter Maydell
Subject: [Qemu-commits] [qemu/qemu] 4cba83: ui: reject extended clipboard message if not activ...
Date: Mon, 19 Feb 2024 02:26:44 -0800

  Branch: refs/heads/staging
  Home:   https://github.com/qemu/qemu
  Commit: 4cba8388968b70fe20e290221dc421c717051fdd
      
https://github.com/qemu/qemu/commit/4cba8388968b70fe20e290221dc421c717051fdd
  Author: Daniel P. Berrangé <berrange@redhat.com>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    M ui/vnc.c

  Log Message:
  -----------
  ui: reject extended clipboard message if not activated

The extended clipboard message protocol requires that the client
activate the extension by requesting a psuedo encoding. If this
is not done, then any extended clipboard messages from the client
should be considered invalid and the client dropped.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240115095119.654271-1-berrange@redhat.com>


  Commit: 405484b29f6548c7b86549b0f961b906337aa68a
      
https://github.com/qemu/qemu/commit/405484b29f6548c7b86549b0f961b906337aa68a
  Author: Fiona Ebner <f.ebner@proxmox.com>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    M ui/clipboard.c

  Log Message:
  -----------
  ui/clipboard: mark type as not available when there is no data

With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT
message with len=0. In qemu_clipboard_set_data(), the clipboard info
will be updated setting data to NULL (because g_memdup(data, size)
returns NULL when size is 0). If the client does not set the
VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then
the 'request' callback for the clipboard peer is not initialized.
Later, because data is NULL, qemu_clipboard_request() can be reached
via vdagent_chr_write() and vdagent_clipboard_recv_request() and
there, the clipboard owner's 'request' callback will be attempted to
be called, but that is a NULL pointer.

In particular, this can happen when using the KRDC (22.12.3) VNC
client.

Another scenario leading to the same issue is with two clients (say
noVNC and KRDC):

The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and
initializes its cbpeer.

The KRDC client does not, but triggers a vnc_client_cut_text() (note
it's not the _ext variant)). There, a new clipboard info with it as
the 'owner' is created and via qemu_clipboard_set_data() is called,
which in turn calls qemu_clipboard_update() with that info.

In qemu_clipboard_update(), the notifier for the noVNC client will be
called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the
noVNC client. The 'owner' in that clipboard info is the clipboard peer
for the KRDC client, which did not initialize the 'request' function.
That sounds correct to me, it is the owner of that clipboard info.

Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set
the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it
passes), that clipboard info is passed to qemu_clipboard_request() and
the original segfault still happens.

Fix the issue by handling updates with size 0 differently. In
particular, mark in the clipboard info that the type is not available.

While at it, switch to g_memdup2(), because g_memdup() is deprecated.

Cc: qemu-stable@nongnu.org
Fixes: CVE-2023-6683
Reported-by: Markus Frank <m.frank@proxmox.com>
Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Markus Frank <m.frank@proxmox.com>
Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com>


  Commit: 9c416582611b7495bdddb4c5456c7acb64b78938
      
https://github.com/qemu/qemu/commit/9c416582611b7495bdddb4c5456c7acb64b78938
  Author: Fiona Ebner <f.ebner@proxmox.com>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    M ui/clipboard.c

  Log Message:
  -----------
  ui/clipboard: add asserts for update and request

Should an issue like CVE-2023-6683 ever appear again in the future,
it will be more obvious which assumption was violated.

Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20240124105749.204610-2-f.ebner@proxmox.com>


  Commit: 95b08fee8f68d284a5028d37fd28be7a70c8e92b
      
https://github.com/qemu/qemu/commit/95b08fee8f68d284a5028d37fd28be7a70c8e92b
  Author: Tianlan Zhou <bobby825@126.com>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    M ui/console.c

  Log Message:
  -----------
  ui/console: Fix console resize with placeholder surface

In `qemu_console_resize()`, the old surface of the console is keeped if the new
console size is the same as the old one. If the old surface is a placeholder,
and the new size of console is the same as the placeholder surface (640*480),
the surface won't be replace.
In this situation, the surface's `QEMU_PLACEHOLDER_FLAG` flag is still set, so
the console won't be displayed in SDL display mode.
This patch fixes this problem by forcing a new surface if the old one is a
placeholder.

Signed-off-by: Tianlan Zhou <bobby825@126.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20240207172024.8-1-bobby825@126.com>


  Commit: d67611907590a1e6c998b7c5a5cb4394acf84329
      
https://github.com/qemu/qemu/commit/d67611907590a1e6c998b7c5a5cb4394acf84329
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    M audio/meson.build

  Log Message:
  -----------
  audio: Depend on dbus_display1_dep

dbusaudio needs dbus_display1_dep.

Fixes: 739362d4205c ("audio: add "dbus" audio backend")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240214-dbus-v7-1-7eff29f04c34@daynix.com>


  Commit: 7aee57df930da2cf6361c5183aff96468ae4027d
      
https://github.com/qemu/qemu/commit/7aee57df930da2cf6361c5183aff96468ae4027d
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    M ui/meson.build

  Log Message:
  -----------
  meson: Explicitly specify dbus-display1.h dependency

Explicitly specify dbus-display1.h as a dependency so that files
depending on it will not get compiled too early.

Fixes: 1222070e7728 ("meson: ensure dbus-display generated code is built before 
other units")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240214-dbus-v7-2-7eff29f04c34@daynix.com>


  Commit: 186acfbaf7f325833702f50f75ef5116dc29e233
      
https://github.com/qemu/qemu/commit/186acfbaf7f325833702f50f75ef5116dc29e233
  Author: Akihiko Odaki <akihiko.odaki@daynix.com>
  Date:   2024-02-16 (Fri, 16 Feb 2024)

  Changed paths:
    M tests/qtest/meson.build

  Log Message:
  -----------
  tests/qtest: Depend on dbus_display1_dep

It ensures dbus-display1.c will not be recompiled.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240214-dbus-v7-3-7eff29f04c34@daynix.com>


  Commit: c8ee8640c236b449befebcb6744982dc114149ca
      
https://github.com/qemu/qemu/commit/c8ee8640c236b449befebcb6744982dc114149ca
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/translate/vsx-impl.c.inc

  Log Message:
  -----------
  target/ppc: Fix lxv/stxv MSR facility check

The move to decodetree flipped the inequality test for the VEC / VSX
MSR facility check.

This caused application crashes under Linux, where these facility
unavailable interrupts are used for lazy-switching of VEC/VSX register
sets. Getting the incorrect interrupt would result in wrong registers
being loaded, potentially overwriting live values and/or exposing
stale ones.

Cc: qemu-stable@nongnu.org
Reported-by: Joel Stanley <joel@jms.id.au>
Fixes: 70426b5bb738 ("target/ppc: moved stxvx and lxvx from legacy to 
decodtree")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1769
Tested-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: d8596950a913e63b39f23f3430dfac65f289a4cc
      
https://github.com/qemu/qemu/commit/d8596950a913e63b39f23f3430dfac65f289a4cc
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/excp_helper.c

  Log Message:
  -----------
  target/ppc: Fix crash on machine check caused by ifetch

is_prefix_insn_excp() loads the first word of the instruction address
which caused an exception, to determine whether or not it was prefixed
so the prefix bit can be set in [H]SRR1.

This works if the instruction image can be loaded, but if the exception
was caused by an ifetch, this load could fail and cause a recursive
exception and crash. Machine checks caused by ifetch are not excluded
from the prefix check and can crash (see issue 2108 for an example).

Fix this by excluding machine checks caused by ifetch from the prefix
check.

Cc: qemu-stable@nongnu.org
Acked-by: Cédric Le Goater <clg@kaod.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2108
Fixes: 55a7fa34f89 ("target/ppc: Machine check on invalid real address access 
on POWER9/10")
Fixes: 5a5d3b23cb2 ("target/ppc: Add SRR1 prefix indication to interrupt 
handlers")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: c6ac93386d5462694be9d74e060198970f14d573
      
https://github.com/qemu/qemu/commit/c6ac93386d5462694be9d74e060198970f14d573
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M docs/devel/testing.rst
    M tests/avocado/boot_linux.py

  Log Message:
  -----------
  tests/avocado: mark boot_linux.py long runtime instead of flaky

The ppc64 and s390x tests were first marked skipIf GITLAB_CI by commit
c0c8687ef0f ("tests/avocado: disable BootLinuxPPC64 test in CI"), and
commit 0f26d94ec9e ("tests/acceptance: skip s390x_ccw_vrtio_tcg on
GitLab") due to being very heavy-weight for gitlab CI.

Commit 9b45cc99318 ("docs/devel: rationalise unstable gitlab tests under
FLAKY_TESTS") changed this to being flaky but it isn't really, it just
had a long runtime.

So take the SPEED=slow variable from qtests and introduce it to avocado,
and make these tests require it.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 1f0d31294c1ee2bf82fa0d6dbeb2d5188c0a965a
      
https://github.com/qemu/qemu/commit/1f0d31294c1ee2bf82fa0d6dbeb2d5188c0a965a
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M tests/avocado/boot_linux_console.py

  Log Message:
  -----------
  tests/avocado: improve flaky ppc/pnv boot_linux_console.py test

The expected MTD partition detection output does not always appear on
the console, despite the test reaching the boot loader and the string
appearing in dmesg. Possibly due to an init script that quietens the
console output. Using an earlier log message improves reliability.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 2d981316d3f3bb7cfda728fc250503e16a7d4225
      
https://github.com/qemu/qemu/commit/2d981316d3f3bb7cfda728fc250503e16a7d4225
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M tests/avocado/boot_linux_console.py

  Log Message:
  -----------
  tests/avocado: ppc add powernv10 boot_linux_console test

Add test for POWER10.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 652e575b3b11f402205ea954feb94a1d44dbd0a2
      
https://github.com/qemu/qemu/commit/652e575b3b11f402205ea954feb94a1d44dbd0a2
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M tests/avocado/ppc_powernv.py
    M tests/avocado/ppc_pseries.py

  Log Message:
  -----------
  tests/avocado: Add ppc pseries and powernv hash MMU tests

POWER CPUs support hash and radix MMU modes. Linux supports running in
either mode, but defaults to radix. To keep up testing of QEMU's hash
MMU implementation, add some Linux hash boot tests.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: a6dc0f0582482c9cfbdd6d18193ae07f0d08af25
      
https://github.com/qemu/qemu/commit/a6dc0f0582482c9cfbdd6d18193ae07f0d08af25
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M tests/avocado/boot_linux.py

  Log Message:
  -----------
  tests/avocado: Add pseries KVM boot_linux test

ppc has no avocado tests for the KVM backend. Add a KVM boot_linux.py
test for pseries.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 89f94c828a8b803807424fd7f0504a640b482678
      
https://github.com/qemu/qemu/commit/89f94c828a8b803807424fd7f0504a640b482678
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M MAINTAINERS
    A tests/avocado/ppc_hv_tests.py

  Log Message:
  -----------
  tests/avocado: ppc add hypervisor tests

The powernv and pseries machines both provide hypervisor facilities
that are supported by KVM. This is a large and complicated set of
features that don't get much system-level testing in ppc tests.

Add a new test case for these which runs QEMU KVM inside the target.
This downloads an Alpine VM image, boots it and downloads and installs
the qemu package, then boots a virtual machine under it, re-using the
original Alpine VM image.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: fcce86036816be740f7660f06545907d8cabeb5e
      
https://github.com/qemu/qemu/commit/fcce86036816be740f7660f06545907d8cabeb5e
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    A tests/avocado/boot_freebsd.py

  Log Message:
  -----------
  tests/avocado: Add FreeBSD distro boot tests for ppc

FreeBSD project provides qcow2 images that work well for testing QEMU.
Add pseries tests for HPT and Radix, KVM and TCG. This uses a short
term VM image, because FreeBSD has not set up long term builds for
ppc64 at present.

Other architectures could be added so this does not get a ppc_ prefix
but is instead named similarly to boot_linux.

Reviewed-by: Warner Losh <imp@bsdimp.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>

Unfortunately the latest stable (14.0) x86-64 VM image does not seem to
output to console by default and I've not been able to find a reliable
way to edit the filesystem to change the boot loader options, or use
console input in the test case to change it on the fly.


  Commit: 1f79ab80b7a971aed2cc049ff8fa7b8c1e684c4e
      
https://github.com/qemu/qemu/commit/1f79ab80b7a971aed2cc049ff8fa7b8c1e684c4e
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M tests/avocado/migration.py

  Log Message:
  -----------
  tests/avocado: Use default CPU for pseries machine

Use the default CPU with the pseries machine unless there is a
specific requirement.

Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 947430c46f7989d92efc4d3de1aeb1ea3cebb0f0
      
https://github.com/qemu/qemu/commit/947430c46f7989d92efc4d3de1aeb1ea3cebb0f0
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M pc-bios/skiboot.lid
    M roms/skiboot

  Log Message:
  -----------
  ppc/pnv: Update skiboot to v7.1

This includes a number of improvements and fixes. Importantly there
is a change for QEMU platforms to permit the ChipTOD to be initialised
if it is present in the device tree. This will facilitate ChipTOD
enablement in pnv.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: c2b75bf81b34a056d9576c30ff75f2d856bfe5e9
      
https://github.com/qemu/qemu/commit/c2b75bf81b34a056d9576c30ff75f2d856bfe5e9
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/cpu_init.c
    M target/ppc/helper_regs.c

  Log Message:
  -----------
  target/ppc: Rename registers to match ISA

Several registers have names that don't match the ISA (or convention
with other QEMU PPC registers), making them unintuitive to use with
GDB.

Fortunately most of these registers are obscure and/or have not been
correctly implemented in the gdb server (e.g., DEC, TB, CFAR), so risk
of breaking users should be low.

QEMU should follow the ISA for register name convention (where there is
no established GDB name).

Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: f0b8278f0ec643c20f80f6376abc415b0d6e6ce0
      
https://github.com/qemu/qemu/commit/f0b8278f0ec643c20f80f6376abc415b0d6e6ce0
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/spapr_softmmu.c

  Log Message:
  -----------
  hw/ppc/spapr: Add missing license

Commit 9fdf0c2995 ("Start implementing pSeries logical partition
machine") added hw/ppc/spapr_hcall.c, then commit 962104f044
("hw/ppc: moved hcalls that depend on softmmu") extracted the
system code to hw/ppc/spapr_softmmu.c. Take the license and
copyrights from the original spapr_hcall.c at commit 9fdf0c2995.

Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[npiggin: Update file description.]
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: bae292561ae836f26b52a5e796a5b2e97c3c9740
      
https://github.com/qemu/qemu/commit/bae292561ae836f26b52a5e796a5b2e97c3c9740
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/spapr_hcall.c
    M target/ppc/tcg-stub.c

  Log Message:
  -----------
  hw/ppc/spapr_hcall: Allow elision of softmmu_resize_hpt_prep

Check tcg_enabled() before calling softmmu_resize_hpt_prepare()
and softmmu_resize_hpt_commit() to allow the compiler to elide
their calls. The stubs are then unnecessary, remove them.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: ce653bce1daa490c6566c069fe9fe3fc73c766ef
      
https://github.com/qemu/qemu/commit/ce653bce1daa490c6566c069fe9fe3fc73c766ef
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/spapr_hcall.c
    M hw/ppc/spapr_softmmu.c
    M include/hw/ppc/spapr.h

  Log Message:
  -----------
  hw/ppc/spapr_hcall: Rename {softmmu -> vhyp_mmu}_resize_hpt_pr

Since 'softmmu' is quite a loaded term in QEMU, rename the vhyp MMU
facilities to use the vhyp_mmu_ prefix rather than softmmu_.

vhyp_mmu_ is chosen because the code that manipulates the hash table
via guest software hypercalls is QEMU's implementation of the PAPR
hypervisor interface, called vhyp.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[npiggin: Pick a different name, explain it in changelog.]
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 489087e156ba7a14ea44b25fb173fcc420373fc3
      
https://github.com/qemu/qemu/commit/489087e156ba7a14ea44b25fb173fcc420373fc3
  Author: Philippe Mathieu-Daudé <philmd@linaro.org>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/meson.build
    R hw/ppc/spapr_softmmu.c
    A hw/ppc/spapr_vhyp_mmu.c

  Log Message:
  -----------
  hw/ppc/spapr: Rename 'softmmu' -> 'vhyp_mmu'

To reduce the use of the term 'softmmu', rename spapr_softmmu.c
to spapr_vhyp_mmu.c.

Reviewed-by: Nicholas Piggin <npiggin@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[np: change name]
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: e2a2d772034a64b4bd25f82f68c944fd0dcc7c79
      
https://github.com/qemu/qemu/commit/e2a2d772034a64b4bd25f82f68c944fd0dcc7c79
  Author: Harsh Prateek Bora <harshpb@linux.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/spapr_irq.c
    M include/hw/ppc/spapr_irq.h

  Log Message:
  -----------
  ppc/spapr: Introduce SPAPR_IRQ_NR_IPIS to refer IRQ range for CPU IPIs.

spapr_irq_init currently uses existing macro SPAPR_XIRQ_BASE to refer to
the range of CPU IPIs during initialization of nr-irqs property.
It is more appropriate to have its own define which can be further
reused as appropriate for correct interpretation.

Suggested-by: Cedric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: b8301d94ea344f0b757844003e09373793c3f7bb
      
https://github.com/qemu/qemu/commit/b8301d94ea344f0b757844003e09373793c3f7bb
  Author: Harsh Prateek Bora <harshpb@linux.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/spapr.c

  Log Message:
  -----------
  ppc/spapr: Initialize max_cpus limit to SPAPR_IRQ_NR_IPIS.

Initialize the machine specific max_cpus limit as per the maximum range
of CPU IPIs available. Keeping between 4096 to 8192 will throw IRQ not
free error due to XIVE/XICS limitation and keeping beyond 8192 will hit
assert in tcg_region_init or spapr_xive_claim_irq.

Logs:

Without patch fix:

[root@host build]# qemu-system-ppc64 -accel tcg -smp 10,maxcpus=4097
qemu-system-ppc64: IRQ 4096 is not free
[root@host build]#

On LPAR:
[root@host build]# qemu-system-ppc64 -accel tcg -smp 10,maxcpus=8193
**
ERROR:../tcg/region.c:774:tcg_region_init: assertion failed:
(region_size >= 2 * page_size)
Bail out! ERROR:../tcg/region.c:774:tcg_region_init: assertion failed:
(region_size >= 2 * page_size)
Aborted (core dumped)
[root@host build]#

On x86:
[root@host build]# qemu-system-ppc64 -accel tcg -smp 10,maxcpus=8193
qemu-system-ppc64: ../hw/intc/spapr_xive.c:596: spapr_xive_claim_irq:
Assertion `lisn < xive->nr_irqs' failed.
Aborted (core dumped)
[root@host build]#

With patch fix:
[root@host build]# qemu-system-ppc64 -accel tcg -smp 10,maxcpus=4097
qemu-system-ppc64: Invalid SMP CPUs 4097. The max CPUs supported by
machine 'pseries-8.2' is 4096
[root@host build]#

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: a6223c7c285e2e6f99c3527664602f4c773f1d3b
      
https://github.com/qemu/qemu/commit/a6223c7c285e2e6f99c3527664602f4c773f1d3b
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/spapr.c

  Log Message:
  -----------
  ppc/spapr: change pseries machine default to POWER10 CPU

POWER10 is the latest pseries CPU.

Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 892e485c56bac5392a3ebc471f1e938ada43f974
      
https://github.com/qemu/qemu/commit/892e485c56bac5392a3ebc471f1e938ada43f974
  Author: Cédric Le Goater <clg@kaod.org>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M docs/about/deprecated.rst
    M hw/ppc/spapr.c
    M roms/skiboot

  Log Message:
  -----------
  spapr: Tag pseries-2.1 - 2.11 machines as deprecated

pseries machines before version 2.11 have undergone many changes to
correct issues, mostly regarding migration compatibility. This is
obfuscating the code uselessly and makes maintenance more difficult.
Remove them and only keep the last version of the 2.x series, 2.12,
still in use by old distros.

Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: db5f7f9e3ceb37b0a064a6ff409cb85fa94ddf8c
      
https://github.com/qemu/qemu/commit/db5f7f9e3ceb37b0a064a6ff409cb85fa94ddf8c
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/pnv.c

  Log Message:
  -----------
  ppc/pnv: Change powernv default to powernv10

POWER10 is the latest IBM Power machine. Although it is not offered in
"OPAL mode" (i.e., powernv configuration), so there is a case that it
should remain at powernv9, most of the development work is going into
powernv10 at the moment.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: f1ad4a46aaace70db22b89d8b858851b1267e717
      
https://github.com/qemu/qemu/commit/f1ad4a46aaace70db22b89d8b858851b1267e717
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:

  Log Message:
  -----------
  hw/pci-host/raven.c: Mark raven_io_ops as implementing unaligned accesses

The raven_io_ops MemoryRegionOps is the only one in the source tree
which sets .valid.unaligned to indicate that it should support
unaligned accesses and which does not also set .impl.unaligned to
indicate that its read and write functions can do the unaligned
handling themselves.  This is a problem, because at the moment the
core memory system does not implement the support for handling
unaligned accesses by doing a series of aligned accesses and
combining them (system/memory.c:access_with_adjusted_size() has a
TODO comment noting this).

Fortunately raven_io_read() and raven_io_write() will correctly deal
with the case of being passed an unaligned address, so we can fix the
missing unaligned access support by setting .impl.unaligned in the
MemoryRegionOps struct.

Fixes: 9a1839164c9c8f06 ("raven: Implement non-contiguous I/O region")
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Tested-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: ada84d33b27ab78d70b8330cd2cfbfe9777ff1ec
      
https://github.com/qemu/qemu/commit/ada84d33b27ab78d70b8330cd2cfbfe9777ff1ec
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/misc/pca9552.c
    M tests/qtest/pca9552-test.c

  Log Message:
  -----------
  misc/pca9552: Fix inverted input status

The pca9552 INPUT0 and INPUT1 registers are supposed to
hold the logical values of the LED pins.  A logical 0
should be seen in the INPUT0/1 registers for a pin when
its corresponding LSn bits are set to 0, which is also
the state needed for turning on an LED in a typical
usage scenario.  Existing code was doing the opposite
and setting INPUT0/1 bit to a 1 when the LSn bit was
set to 0, so this commit fixes that.

Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 688033f4d9d469056cf7d6aa1c32d1e408931ed4
      
https://github.com/qemu/qemu/commit/688033f4d9d469056cf7d6aa1c32d1e408931ed4
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/misc/pca9552.c
    M include/hw/misc/pca9552.h

  Log Message:
  -----------
  misc/pca9552: Let external devices set pca9552 inputs

Allow external devices to drive pca9552 input pins by adding
input GPIO's to the model.  This allows a device to connect
its output GPIO's to the pca9552 input GPIO's.

In order for an external device to set the state of a pca9552
pin, the pin must first be configured for high impedance (LED
is off).  If the pca9552 pin is configured to drive the pin low
(LED is on), then external input will be ignored.

Here is a table describing the logical state of a pca9552 pin
given the state being driven by the pca9552 and an external device:

                   PCA9552
                   Configured
                   State

                  | Hi-Z | Low |
            ------+------+-----+
  External   Hi-Z |  Hi  | Low |
  Device    ------+------+-----+
  State      Low  |  Low | Low |
            ------+------+-----+

Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: cdf6e1d43a45f709d81a80478174f689127c2095
      
https://github.com/qemu/qemu/commit/cdf6e1d43a45f709d81a80478174f689127c2095
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/pnv.c

  Log Message:
  -----------
  ppc/pnv: New powernv10-rainier machine type

Create a new powernv machine type, powernv10-rainier, that
will contain rainier-specific devices.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: f4716de8c16e07bb59ef300349389b14e47e7dad
      
https://github.com/qemu/qemu/commit/f4716de8c16e07bb59ef300349389b14e47e7dad
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/Kconfig
    M hw/ppc/pnv.c
    M include/hw/ppc/pnv.h

  Log Message:
  -----------
  ppc/pnv: Add pca9552 to powernv10-rainier for PCIe hotplug power control

The Power Hypervisor code expects to see a pca9552 device connected
to the 3rd PNV I2C engine on port 1 at I2C address 0x63 (or left-
justified address of 0xC6).  This is used by hypervisor code to
control PCIe slot power during hotplug events.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: e21ca0339bb55038ab2073435e9e39063875f96f
      
https://github.com/qemu/qemu/commit/e21ca0339bb55038ab2073435e9e39063875f96f
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/pnv.c

  Log Message:
  -----------
  ppc/pnv: Wire up pca9552 GPIO pins for PCIe hotplug power control

For power10-rainier, a pca9552 device is used for PCIe slot hotplug
power control by the Power Hypervisor code.  The code expects that
some time after it enables power to a PCIe slot by asserting one of
the pca9552 GPIO pins 0-4, it should see a "power good" signal asserted
on one of pca9552 GPIO pins 5-9.

To simulate this behavior, we simply connect the GPIO outputs for
pins 0-4 to the GPIO inputs for pins 5-9.

Each PCIe slot is assigned 3 GPIO pins on the pca9552 device, for
control of up to 5 PCIe slots.  The per-slot signal names are:

   SLOTx_EN.......PHYP uses this as an output to enable
                  slot power.  We connect this to the
                  SLOTx_PG pin to simulate a PGOOD signal.
   SLOTx_PG.......PHYP uses this as in input to detect
                  PGOOD for the slot.  For our purposes
                  we just connect this to the SLOTx_EN
                  output.
   SLOTx_Control..PHYP uses this as an output to prevent
                  a race condition in the real hotplug
                  circuitry, but we can ignore this output
                  for simulation.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 70c0f0565ac6f0c14e9553aa67fd1a2979ccd3c2
      
https://github.com/qemu/qemu/commit/70c0f0565ac6f0c14e9553aa67fd1a2979ccd3c2
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/pnv_i2c.c

  Log Message:
  -----------
  ppc/pnv: Use resettable interface to reset child I2C buses

The QEMU I2C buses and devices use the resettable
interface for resetting while the PNV I2C controller
and parent buses and devices have not yet transitioned
to this new interface and use the old reset strategy.
This was preventing the I2C buses and devices wired
to the PNV I2C controller from being reset.

The short term fix for this is to have the PNV I2C
Controller's reset function explicitly call the resettable
interface function, bus_cold_reset(), on all child
I2C buses.

The long term fix should be to transition all PNV parent
devices and buses to use the resettable interface so that
all child buses and devices are automatically reset.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 3986aca0f4f9373f9c279ca71f0569363e06a4b3
      
https://github.com/qemu/qemu/commit/3986aca0f4f9373f9c279ca71f0569363e06a4b3
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M MAINTAINERS
    A hw/misc/pca9554.c
    A include/hw/misc/pca9554.h
    A include/hw/misc/pca9554_regs.h

  Log Message:
  -----------
  misc: Add a pca9554 GPIO device model

Specs are available here:

    https://www.nxp.com/docs/en/data-sheet/PCA9554_9554A.pdf

This is a simple model supporting the basic registers for GPIO
mode.  The device also supports an interrupt output line but the
model does not yet support this.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: d312970b68a7dee98a78579061fdf96c11d3751d
      
https://github.com/qemu/qemu/commit/d312970b68a7dee98a78579061fdf96c11d3751d
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/misc/Kconfig
    M hw/misc/meson.build
    M hw/ppc/Kconfig
    M hw/ppc/pnv.c

  Log Message:
  -----------
  ppc/pnv: Add a pca9554 I2C device to powernv10-rainier

For powernv10-rainier, the Power Hypervisor code expects to see a
pca9554 device connected to the 3rd PNV I2C engine on port 1 at I2C
address 0x25 (or left-justified address of 0x4A).  This is used by
the hypervisor code to detect if a "Cable Card" is present.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: c5a43f62042b507ead856379e7e26c962d624010
      
https://github.com/qemu/qemu/commit/c5a43f62042b507ead856379e7e26c962d624010
  Author: Glenn Miles <milesg@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/pnv_i2c.c
    A include/hw/i2c/pnv_i2c_regs.h
    M tests/qtest/meson.build
    A tests/qtest/pnv-host-i2c-test.c
    M tests/qtest/pnv-xscom-test.c
    A tests/qtest/pnv-xscom.h

  Log Message:
  -----------
  ppc/pnv: Test pnv i2c master and connected devices

Tests the following for both P9 and P10:
  - I2C master POR status
  - I2C master status after immediate reset

Tests the following for powernv10-ranier only:
  - Config pca9552 hotplug device pins as inputs then
    Read the INPUT0/1 registers to verify all pins are high
  - Connected GPIO pin tests of P10 PCA9552 device.  Tests
    output of pins 0-4 affect input of pins 5-9 respectively.
  - PCA9554 GPIO pins test.  Tests input and ouput functionality.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: f24a03377a871eec9e0b13c484b578c710f4817d
      
https://github.com/qemu/qemu/commit/f24a03377a871eec9e0b13c484b578c710f4817d
  Author: Chalapathi V <chalapathi.v@linux.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/meson.build
    A hw/ppc/pnv_nest_pervasive.c
    A include/hw/ppc/pnv_nest_pervasive.h
    M include/hw/ppc/pnv_xscom.h

  Log Message:
  -----------
  hw/ppc: Add pnv nest pervasive common chiplet model

A POWER10 chip is divided into logical units called chiplets. Chiplets
are broadly divided into "core chiplets" (with the processor cores) and
"nest chiplets" (with everything else). Each chiplet has an attachment
to the pervasive bus (PIB) and with chiplet-specific registers. All nest
chiplets have a common basic set of registers and This model will provide
the registers functionality for common registers of nest chiplet (Pervasive
Chiplet, PB Chiplet, PCI Chiplets, MC Chiplet, PAU Chiplets)

This commit implement the read/write functions of chiplet control registers.

Signed-off-by: Chalapathi V <chalapathi.v@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 6222f0f0e4fe80b59e24a05c0ac5085724e3c15e
      
https://github.com/qemu/qemu/commit/6222f0f0e4fe80b59e24a05c0ac5085724e3c15e
  Author: Chalapathi V <chalapathi.v@linux.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/meson.build
    A hw/ppc/pnv_n1_chiplet.c
    A include/hw/ppc/pnv_n1_chiplet.h
    M include/hw/ppc/pnv_xscom.h

  Log Message:
  -----------
  hw/ppc: Add N1 chiplet model

The N1 chiplet handle the high speed i/o traffic over PCIe and others.
The N1 chiplet consists of PowerBus Fabric controller,
nest Memory Management Unit, chiplet control unit and more.

This commit creates a N1 chiplet model and initialize and realize the
pervasive chiplet model where chiplet control registers are implemented.

This commit also implement the read/write method for the powerbus scom
registers

Signed-off-by: Chalapathi V <chalapathi.v@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: a2e63877d796c6fc2c2d0e8568174514c3e357cd
      
https://github.com/qemu/qemu/commit/a2e63877d796c6fc2c2d0e8568174514c3e357cd
  Author: Chalapathi V <chalapathi.v@linux.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/pnv.c
    M include/hw/ppc/pnv_chip.h

  Log Message:
  -----------
  hw/ppc: N1 chiplet wiring

This part of the patchset connects the nest1 chiplet model to p10 chip.

Signed-off-by: Chalapathi V <chalapathi.v@linux.ibm.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: fbf1f6384b1a8942a39d7056352b2461f12e25ff
      
https://github.com/qemu/qemu/commit/fbf1f6384b1a8942a39d7056352b2461f12e25ff
  Author: Saif Abrar <saif.abrar@linux.vnet.ibm.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/gdbstub.c

  Log Message:
  -----------
  target/ppc: Update gdbstub to read SPR's CFAR, DEC, HDEC, TB-L/U

SPR's CFAR, DEC, HDEC, TB-L/U are not implemented as part of CPUPPCState.
Hence, gdbstub is not able to access them using (CPUPPCState *)env->spr[] array.
Update gdb_get_spr_reg() method to handle these SPR's specifically.

Signed-off-by: Saif Abrar <saif.abrar@linux.vnet.ibm.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: aa5dfb0e1cd73c69bcecc65babd124049d5d50ef
      
https://github.com/qemu/qemu/commit/aa5dfb0e1cd73c69bcecc65babd124049d5d50ef
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/helper_regs.c
    M target/ppc/ppc-qmp-cmds.c

  Log Message:
  -----------
  target/ppc: Rename TBL to TB on 64-bit

>From the earliest PowerPC ISA, TBR (later SPR) 268 has been called TB
and accessed with mftb instruction. The problem is that TB is the name
of the 64-bit register, and 32-bit implementations can only read the
lower half with one instruction, so 268 has also been called TBL and
it does only read TBL on 32-bit.

Change SPR 268 to be called TB on 64-bit implementations.

Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: dfb33906104dfde31e2346189cb2680badab0066
      
https://github.com/qemu/qemu/commit/dfb33906104dfde31e2346189cb2680badab0066
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/cpu.h
    M target/ppc/helper_regs.c

  Log Message:
  -----------
  target/ppc: Improve timebase register defines naming

The timebase in ppc started out with the mftb instruction which is like
mfspr but addressed timebase registers (TBRs) rather than SPRs. These
instructions could be used to read TB and TBU at 268 and 269. Timebase
could be written via the TBL and TBU SPRs at 284 and 285.

The ISA changed around v2.03 to bring TB and TBU reads into the SPR
space at 268 and 269 (access via mftb TBR-space is still supported
but will be phased out). Later, VTB was added which is an entirely
different register.

The SPR number defines in QEMU are understandably inconsistently named.
Change SPR 268, 269, 284, 285 to TBL, TBU, WR_TBL, WR_TBU, respectively.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 45105d78714dac09966229b49f4c99972f257779
      
https://github.com/qemu/qemu/commit/45105d78714dac09966229b49f4c99972f257779
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/helper_regs.c

  Log Message:
  -----------
  target/ppc: Fix move-to timebase SPR access permissions

The move-to timebase registers TBU and TBL can not be read, and they
can not be written in supervisor mode on hypervisor-capable CPUs.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: c6466841253a76f4be94c9019baa0b9346981630
      
https://github.com/qemu/qemu/commit/c6466841253a76f4be94c9019baa0b9346981630
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/meson.build
    A hw/ppc/pnv_chiptod.c
    M hw/ppc/trace-events
    A include/hw/ppc/pnv_chiptod.h
    M include/hw/ppc/pnv_xscom.h

  Log Message:
  -----------
  ppc/pnv: Add POWER9/10 chiptod model

The ChipTOD (for Time-Of-Day) is a chip pervasive facility in IBM POWER
(powernv) processors that keeps a time of day clock.

In particular for this model are facilities that initialise and start
the time of day clock, and that synchronise that clock to cores on the
chip, and to other chips. In this way, all cores on all chips can
synchronise timebase (TB).

This model implements functionality sufficient to run the skiboot
chiptod synchronisation procedure (with the following core timebase
state machine implementation). It does not modify the TB in the cores
where the real hardware would, because the QEMU ppc timebase
implementation is always synchronised acros all cores.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: f04482615f17d83ac3587c52332ed81f43a92b1b
      
https://github.com/qemu/qemu/commit/f04482615f17d83ac3587c52332ed81f43a92b1b
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/pnv.c
    M include/hw/ppc/pnv_chip.h

  Log Message:
  -----------
  ppc/pnv: Wire ChipTOD model to powernv9 and powernv10 machines

Wire the ChipTOD model to powernv9 and powernv10 machines.

Suggested-by-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 20b2cb92e4dba0d2436a6a03ae93f0d80f972cd1
      
https://github.com/qemu/qemu/commit/20b2cb92e4dba0d2436a6a03ae93f0d80f972cd1
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M hw/ppc/pnv.c
    M hw/ppc/pnv_chiptod.c
    M include/hw/ppc/pnv.h
    M include/hw/ppc/pnv_chiptod.h
    M target/ppc/cpu.h

  Log Message:
  -----------
  ppc/pnv: Implement the ChipTOD to Core transfer

One of the functions of the ChipTOD is to transfer TOD to the Core
(aka PC - Pervasive Core) timebase facility.

The ChipTOD can be programmed with a target address to send the TOD
value to. The hardware implementation seems to perform this by
sending the TOD value to a SCOM address.

This implementation grabs the core directly and manipulates the
timebase facility state in the core. This is a hack, but it works
enough for now. A better implementation would implement the transfer
to the PnvCore xscom register and drive the timebase state machine
from there.

Reviewed-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 9af55730078864bd9cd790ff001ccc9add58fc23
      
https://github.com/qemu/qemu/commit/9af55730078864bd9cd790ff001ccc9add58fc23
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/cpu.h
    M target/ppc/timebase_helper.c

  Log Message:
  -----------
  target/ppc: Implement core timebase state machine and TFMR

This implements the core timebase state machine, which is the core side
of the time-of-day system in POWER processors. This facility is operated
by control fields in the TFMR register, which also contains status
fields.

The core timebase interacts with the chiptod hardware, primarily to
receive TOD updates, to synchronise timebase with other cores. This
model does not actually update TB values with TOD or updates received
from the chiptod, as timebases are always synchronised. It does step
through the states required to perform the update.

There are several asynchronous state transitions. These are modelled
using using mfTFMR to drive state changes, because it is expected that
firmware poll the register to wait for those states. This is good enough
to test basic firmware behaviour without adding real timers. The values
chosen are arbitrary.

Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: a42196a1215e1eea5044044a549be9a8c39c0097
      
https://github.com/qemu/qemu/commit/a42196a1215e1eea5044044a549be9a8c39c0097
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/timebase_helper.c
    M target/ppc/translate.c

  Log Message:
  -----------
  target/ppc: Add SMT support to time facilities

The TB, VTB, PURR, HDEC SPRs are per-LPAR registers, and the TFMR is a
per-core register. Add the necessary SMT synchronisation and value
sharing.

The TFMR can only drive the timebase state machine via thread 0 of the
core, which is almost certainly not right, but it is enough for skiboot
and certain other proprietary firmware.

Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: e079424efd0bd8e9075add3fa1bfb124663e2c4f
      
https://github.com/qemu/qemu/commit/e079424efd0bd8e9075add3fa1bfb124663e2c4f
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/mmu_helper.c

  Log Message:
  -----------
  target/ppc: Fix 440 tlbwe TLB invalidation gaps

The 440 tlbwe (write entry) instruction misses several cases that must
flush the TCG TLB:

- If the new size is smaller than the existing size, the EA no longer
  covered should be flushed. This looks like an inverted inequality
  test.
- If the TLB PID changes.
- If the TLB attr bit 0 (translation address space) changes.
- If low prot (access control) bits change.

Fix this by removing tricks to avoid TLB flushes, and just invalidate
the TLB if any valid entry is being changed, similarly to 4xx.
Optimisations will be introduced in subsequent changes.

Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: ba2c9d32e585d559e1a83664cfba994c5b6c9b53
      
https://github.com/qemu/qemu/commit/ba2c9d32e585d559e1a83664cfba994c5b6c9b53
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/mmu_helper.c

  Log Message:
  -----------
  target/ppc: Factor out 4xx ppcemb_tlb_t flushing

Flushing the TCG TLB pages that cache a software TLB is a common
operation, factor it into its own function.

Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 6083cc749823e6decbb7d8d32d56da34f5edfdc6
      
https://github.com/qemu/qemu/commit/6083cc749823e6decbb7d8d32d56da34f5edfdc6
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/mmu_helper.c

  Log Message:
  -----------
  target/ppc: 4xx don't flush TLB for a newly written software TLB entry

BookE software TLB is implemented by flushing old translations from the
relevant TCG TLB whenever software TLB entries change. This means a new
software TLB entry should not have any corresponding cached TCG TLB
translations, so there is nothing to flush. The exception is multiple
software TLBs that cover the same address and address space, but that is
a programming error and results in undefined behaviour, and flushing
does not give an obviously better outcome in that case either.

Remove the unnecessary flush of a newly written software TLB entry.

Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 7f124df663e54435567b068f51c5943f17a5505f
      
https://github.com/qemu/qemu/commit/7f124df663e54435567b068f51c5943f17a5505f
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/mmu_helper.c

  Log Message:
  -----------
  target/ppc: 4xx optimise tlbwe_lo TLB flushing

Rather than tlbwe_lo always flushing all TCG TLBs, have it flush just
those corresponding to the old software TLB, and only if it was valid.

Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 5c684916df16824c1262b6e81ca394b9c4e8a461
      
https://github.com/qemu/qemu/commit/5c684916df16824c1262b6e81ca394b9c4e8a461
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/mmu_helper.c

  Log Message:
  -----------
  target/ppc: 440 optimise tlbwe TLB flushing

Have 440 tlbwe flush only the range corresponding to the addresses
covered by the software TLB entry being modified rather than the
entire TLB. This matches what 4xx does.

Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 922e408e12315121d3e09304b8b8f462ea051af1
      
https://github.com/qemu/qemu/commit/922e408e12315121d3e09304b8b8f462ea051af1
  Author: Nicholas Piggin <npiggin@gmail.com>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M target/ppc/mmu_helper.c

  Log Message:
  -----------
  target/ppc: optimise ppcemb_tlb_t flushing

Filter TLB flushing by PID and mmuidx.

Zoltan reports that, together with the previous TLB flush changes,
performance of a sam460ex machine running 'lame' to convert a wav to
mp3 is improved nearly 10%:

                  CPU time    TLB partial flushes  TLB elided flushes
Before            37s         508238               7680722
After             34s             73                  1143

Tested-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>


  Commit: 8f1ee99a4a1019d55884404ff3aa15e53d48a1a0
      
https://github.com/qemu/qemu/commit/8f1ee99a4a1019d55884404ff3aa15e53d48a1a0
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M audio/meson.build
    M tests/qtest/meson.build
    M ui/clipboard.c
    M ui/console.c
    M ui/meson.build
    M ui/vnc.c

  Log Message:
  -----------
  Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into 
staging

UI-related fixes

# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmXPY24cHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5RROD/0csnOJ99i8XMbz44Ys
# +NMjIoBcJoyULYxL1AM4N/3rx0rn2JJyjijxRRY++8cED515SYmHGwF66mvT/ybB
# GA+s3uuVThgQr0R0rTBUSFURrbwiEh70Hv+aWQIpcL5Uc+QzCcZzSU2PUEzdl6De
# X/8oA/sSp9XGz+J/c1GkrVWVUWl8e6dMjnRz4ns3m9n2Byh2Jxm32GFhSL/o6T5i
# 424TWFZA7F8fqeGPMT6W25nKfy8APUbtRIwcE3qO0RDsP5Fbah7TJGIqj/ioXNKU
# 8Aa70rXWDQl05bw5I8cHYlg0kY2nOB00G2WWACpDFqBL831optKZ3iSbwrwYgOLU
# yzImjs2mWLoPZ1tLR35VA5wDFekt/iknwfVqqUvAfPwccIg61hYt+LmRQp4s8pTm
# XTdNwLeB2iytdOtJ6G8IuYT60skf7L80u/gpvIo36oq6VQ9mf9U6KDmX2vGyZjzO
# bxtR0+adzAfd3+DY0gJvoBibAUitkXOi5mvWM0wWB9BhOufiDPN2ILosK8AVvpbB
# BVxe7qnA4S0MEhyWxhImxGnPLmNPnBddO3XI5vaLFuAwHRXREg6QLyPgyXNcrwzZ
# gSHujxN2ByPIO2+mldijjcm8ZQ85hi+2dY/Pl5p4otTm/IneV4BctK7WBsynmCsP
# Kmh+9cxZBXm2d46UduXhJRoKPw==
# =HWZz
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 16 Feb 2024 13:30:22 GMT
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" 
[full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" 
[full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
  tests/qtest: Depend on dbus_display1_dep
  meson: Explicitly specify dbus-display1.h dependency
  audio: Depend on dbus_display1_dep
  ui/console: Fix console resize with placeholder surface
  ui/clipboard: add asserts for update and request
  ui/clipboard: mark type as not available when there is no data
  ui: reject extended clipboard message if not activated

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


  Commit: 94fb824f70cff35a9240273c9e513e672a9a15a4
      
https://github.com/qemu/qemu/commit/94fb824f70cff35a9240273c9e513e672a9a15a4
  Author: Peter Maydell <peter.maydell@linaro.org>
  Date:   2024-02-19 (Mon, 19 Feb 2024)

  Changed paths:
    M MAINTAINERS
    M docs/about/deprecated.rst
    M docs/devel/testing.rst
    M hw/misc/Kconfig
    M hw/misc/meson.build
    M hw/misc/pca9552.c
    A hw/misc/pca9554.c
    M hw/ppc/Kconfig
    M hw/ppc/meson.build
    M hw/ppc/pnv.c
    A hw/ppc/pnv_chiptod.c
    M hw/ppc/pnv_i2c.c
    A hw/ppc/pnv_n1_chiplet.c
    A hw/ppc/pnv_nest_pervasive.c
    M hw/ppc/spapr.c
    M hw/ppc/spapr_hcall.c
    M hw/ppc/spapr_irq.c
    R hw/ppc/spapr_softmmu.c
    A hw/ppc/spapr_vhyp_mmu.c
    M hw/ppc/trace-events
    A include/hw/i2c/pnv_i2c_regs.h
    M include/hw/misc/pca9552.h
    A include/hw/misc/pca9554.h
    A include/hw/misc/pca9554_regs.h
    M include/hw/ppc/pnv.h
    M include/hw/ppc/pnv_chip.h
    A include/hw/ppc/pnv_chiptod.h
    A include/hw/ppc/pnv_n1_chiplet.h
    A include/hw/ppc/pnv_nest_pervasive.h
    M include/hw/ppc/pnv_xscom.h
    M include/hw/ppc/spapr.h
    M include/hw/ppc/spapr_irq.h
    M pc-bios/skiboot.lid
    M target/ppc/cpu.h
    M target/ppc/cpu_init.c
    M target/ppc/excp_helper.c
    M target/ppc/gdbstub.c
    M target/ppc/helper_regs.c
    M target/ppc/mmu_helper.c
    M target/ppc/ppc-qmp-cmds.c
    M target/ppc/tcg-stub.c
    M target/ppc/timebase_helper.c
    M target/ppc/translate.c
    M target/ppc/translate/vsx-impl.c.inc
    A tests/avocado/boot_freebsd.py
    M tests/avocado/boot_linux.py
    M tests/avocado/boot_linux_console.py
    M tests/avocado/migration.py
    A tests/avocado/ppc_hv_tests.py
    M tests/avocado/ppc_powernv.py
    M tests/avocado/ppc_pseries.py
    M tests/qtest/meson.build
    M tests/qtest/pca9552-test.c
    A tests/qtest/pnv-host-i2c-test.c
    M tests/qtest/pnv-xscom-test.c
    A tests/qtest/pnv-xscom.h

  Log Message:
  -----------
  Merge tag 'pull-ppc-for-9.0-20240219' of https://gitlab.com/npiggin/qemu into 
staging

* Avocado tests for ppc64 to boot FreeBSD, run guests with emulated
  or nested hypervisor facilities, among other things.
* Update ppc64 CPU defaults to Power10.
* Add a new powernv10-rainier machine to better capture differences
  between the different Power10 systems.
* Implement more device models for powernv.
* 4xx TLB flushing performance and correctness improvements.
* Correct gdb implementation to access some important SPRs.
* Misc cleanups and bug fixes.

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEETkN92lZhb0MpsKeVZ7MCdqhiHK4FAmXTD5kACgkQZ7MCdqhi
# HK5h6g/9HOFNPLNBp7HV+MQRrxYli/RN5lvPSN+dSdkE+oFm01bkAxrMgnUFhUAv
# UeyuXkee0kHs8IfV3kXL7Tjoyk4Yelu2xI0VifEgf8Tfhvy4y520g1P6rj84Jt6c
# Icuee9WvNpwG4OKipiI5JhZDw7m2tZOdvxHiHs2bHsMGpAK0ZlCxiR+FNaO+6TOg
# FsxZF9KYF4wDFRPjH7yxvVnxxwi4ccZkWoRdNdAiqqvHGt4xClkY+y2fcscNYkVy
# QYJtINEXhwv/xZYPrVXnv6yPFRvQjuzcDVrjjlYLO4yQsSRy4C+WdVLc+Kuer0Vb
# pZm3Xg+OP+VySviFE7+59mlY5B1wnAEOBagJ4pT2+kJDgwvmeUJLGC4eLko9vXiN
# 5LL6ig1eC5fAgmw6MApXM4vxT76p9nldxX06XWXWEv/HVXRXRvjbBTKUr5/hBVW3
# VvRxelaSogKG4KIYMuFhrIC3AxyjhNgFhLcT4VqXQPGNy6U8ViPiqV+Hx5CiowMa
# nsP/eq9j89wusCCW96fRDtmo3hxMPqUb/eyvV9QDBT52KeKN3UQ4PzXysbg0+09S
# uDODL1+EXUAoB05QPGHSBpVzcuX/oe0hYcs6X79Dgf8z0RgApW1DkV6eqiSuYDZr
# GIrYIN5mJDuTmnwrAMViYAJV3rqC7V+HpcuKjtZ0MwluBynbf/g=
# =Mac/
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 19 Feb 2024 08:21:45 GMT
# gpg:                using RSA key 4E437DDA56616F4329B0A79567B30276A8621CAE
# gpg: Good signature from "Nicholas Piggin <npiggin@gmail.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4E43 7DDA 5661 6F43 29B0  A795 67B3 0276 A862 1CAE

* tag 'pull-ppc-for-9.0-20240219' of https://gitlab.com/npiggin/qemu: (49 
commits)
  target/ppc: optimise ppcemb_tlb_t flushing
  target/ppc: 440 optimise tlbwe TLB flushing
  target/ppc: 4xx optimise tlbwe_lo TLB flushing
  target/ppc: 4xx don't flush TLB for a newly written software TLB entry
  target/ppc: Factor out 4xx ppcemb_tlb_t flushing
  target/ppc: Fix 440 tlbwe TLB invalidation gaps
  target/ppc: Add SMT support to time facilities
  target/ppc: Implement core timebase state machine and TFMR
  ppc/pnv: Implement the ChipTOD to Core transfer
  ppc/pnv: Wire ChipTOD model to powernv9 and powernv10 machines
  ppc/pnv: Add POWER9/10 chiptod model
  target/ppc: Fix move-to timebase SPR access permissions
  target/ppc: Improve timebase register defines naming
  target/ppc: Rename TBL to TB on 64-bit
  target/ppc: Update gdbstub to read SPR's CFAR, DEC, HDEC, TB-L/U
  hw/ppc: N1 chiplet wiring
  hw/ppc: Add N1 chiplet model
  hw/ppc: Add pnv nest pervasive common chiplet model
  ppc/pnv: Test pnv i2c master and connected devices
  ppc/pnv: Add a pca9554 I2C device to powernv10-rainier
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>


Compare: https://github.com/qemu/qemu/compare/da96ad4a6a2e...94fb824f70cf

To unsubscribe from these emails, change your notification settings at 
https://github.com/qemu/qemu/settings/notifications



reply via email to

[Prev in Thread] Current Thread [Next in Thread]