* i386 fixes

* mtest2make cleanups to enable per-speed dependencies * record/replay tracepoints -----BEGIN PGP SIGNATURE----- iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmkdftoUHHBib256aW5p QHJlZGhhdC5jb20ACgkQv/vSX3jHroOv9Af/foJ7LXUHok8xnPrvKYEIkkVmJFpM dt7NzLRoyVHh/zOd/MOfOJCw2+/RLGxA7o1Mm+10DCM6+hcs9VeqeIGSElIP0Uvk NGau6/3l/pkE+oyDcziNf1zsgexQ5s258GknlF+QOddcDC1qmpud8Szw/7wHrqcN QzxtcYcrbf8USFuekd+5z8GgzMC9CGn6f2Qr5eG40raLB4l+ZKNHIGyR7J0WtxHT DcdSDmpHn5qyvAVg3NTkxgzlOnDYNpfnXzXNQ6B+QHb16d6ys4sdMwgxm0aAlzhO voLmj5rY1CfQD6EqZmq3sqKwVYLtyHAHtzu4MoAiRGW/7Lhg6QWNiCceGw== =b3oh -----END PGP SIGNATURE----- Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging * i386 fixes * mtest2make cleanups to enable per-speed dependencies * record/replay tracepoints # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCgAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmkdftoUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroOv9Af/foJ7LXUHok8xnPrvKYEIkkVmJFpM # dt7NzLRoyVHh/zOd/MOfOJCw2+/RLGxA7o1Mm+10DCM6+hcs9VeqeIGSElIP0Uvk # NGau6/3l/pkE+oyDcziNf1zsgexQ5s258GknlF+QOddcDC1qmpud8Szw/7wHrqcN # QzxtcYcrbf8USFuekd+5z8GgzMC9CGn6f2Qr5eG40raLB4l+ZKNHIGyR7J0WtxHT # DcdSDmpHn5qyvAVg3NTkxgzlOnDYNpfnXzXNQ6B+QHb16d6ys4sdMwgxm0aAlzhO # voLmj5rY1CfQD6EqZmq3sqKwVYLtyHAHtzu4MoAiRGW/7Lhg6QWNiCceGw== # =b3oh # -----END PGP SIGNATURE----- # gpg: Signature made Wed 19 Nov 2025 09:24:58 AM CET # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [unknown] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [unknown] # gpg: WARNING: The key's User ID is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: replay: add tracing events mtest2make: do not repeat the same speed over and over mtest2make: add dependencies to the "speed-qualified" suite mtest2make: cleanup mtest-suites variables target/i386: fix stack size when delivering real mode interrupts target/i386: svm: fix sign extension of exit code target/i386/tcg: validate segment registers target/i386: Mark VPERMILPS as not valid with prefix 0 target/i386: emulate: Make sure fetch_instruction exist before calling it ioapic: fix typo in irqfd check Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2025-11-20 08:12:59 +01:00 · 2025-11-20 08:12:59 +01:00 · 5a5b06d2f6
commit 5a5b06d2f6
parent e5eb98b3ca 58f88d0bf7
11 changed files with 110 additions and 51 deletions
--- a/4
+++ b/4
@ -96,6 +96,8 @@ meson.stamp: config-host.mak

 # 3. ensure meson-generated build files are up-to-date

+ninja-cmd-goals =
+
 ifneq ($(NINJA),)
 Makefile.ninja: build.ninja
 	$(quiet-@){ \
@ -150,7 +152,7 @@ NINJAFLAGS = \
          $(or $(filter -l% -j%, $(MAKEFLAGS)), \
               $(if $(filter --jobserver-auth=%, $(MAKEFLAGS)),, -j1))) \
        -d keepdepfile
-ninja-cmd-goals = $(or $(MAKECMDGOALS), all)
+ninja-cmd-goals += $(or $(MAKECMDGOALS), all)
 ninja-cmd-goals += $(foreach g, $(MAKECMDGOALS), $(.ninja-goals.$g))

 makefile-targets := build.ninja ctags TAGS cscope dist clean
--- a/meson.build
+++ b/meson.build
@ -3679,6 +3679,7 @@ if have_system
    'hw/gpio',
    'migration',
    'net',
+    'replay',
    'system',
    'ui',
    'hw/remote',
--- a/replay/replay-internal.c
+++ b/replay/replay-internal.c
@ -15,6 +15,7 @@
 #include "replay-internal.h"
 #include "qemu/error-report.h"
 #include "qemu/main-loop.h"
+#include "trace.h"

 /* Mutex to protect reading and writing events to the log.
   data_kind and has_unread_data are also protected
@ -44,7 +45,7 @@ static void replay_read_error(void)
    exit(1);
 }

-void replay_put_byte(uint8_t byte)
+static void replay_putc(uint8_t byte)
 {
    if (replay_file) {
        if (putc(byte, replay_file) == EOF) {
@ -53,29 +54,45 @@ void replay_put_byte(uint8_t byte)
    }
 }

+void replay_put_byte(uint8_t byte)
+{
+    trace_replay_put_byte(byte);
+    replay_putc(byte);
+}
+
 void replay_put_event(uint8_t event)
 {
+    trace_replay_put_event(event);
    assert(event < EVENT_COUNT);
-    replay_put_byte(event);
+    replay_putc(event);
 }


 void replay_put_word(uint16_t word)
 {
-    replay_put_byte(word >> 8);
-    replay_put_byte(word);
+    trace_replay_put_word(word);
+    replay_putc(word >> 8);
+    replay_putc(word);
 }

 void replay_put_dword(uint32_t dword)
 {
-    replay_put_word(dword >> 16);
-    replay_put_word(dword);
+    int i;
+
+    trace_replay_put_dword(dword);
+    for (i = 24; i >= 0; i -= 8) {
+        replay_putc(dword >> i);
+    }
 }

 void replay_put_qword(int64_t qword)
 {
-    replay_put_dword(qword >> 32);
-    replay_put_dword(qword);
+    int i;
+
+    trace_replay_put_qword(qword);
+    for (i = 56; i >= 0; i -= 8) {
+        replay_putc(qword >> i);
+    }
 }

 void replay_put_array(const uint8_t *buf, size_t size)
@ -88,7 +105,7 @@ void replay_put_array(const uint8_t *buf, size_t size)
    }
 }

-uint8_t replay_get_byte(void)
+static uint8_t replay_getc(void)
 {
    uint8_t byte = 0;
    if (replay_file) {
@ -101,36 +118,52 @@ uint8_t replay_get_byte(void)
    return byte;
 }

+uint8_t replay_get_byte(void)
+{
+    uint8_t byte = replay_getc();
+    trace_replay_get_byte(byte);
+    return byte;
+}
+
 uint16_t replay_get_word(void)
 {
    uint16_t word = 0;
    if (replay_file) {
-        word = replay_get_byte();
-        word = (word << 8) + replay_get_byte();
+        word = replay_getc();
+        word = (word << 8) + replay_getc();
    }

+    trace_replay_get_word(word);
    return word;
 }

 uint32_t replay_get_dword(void)
 {
    uint32_t dword = 0;
+    int i;
+
    if (replay_file) {
-        dword = replay_get_word();
-        dword = (dword << 16) + replay_get_word();
+        for (i = 24; i >= 0; i -= 8) {
+            dword |= replay_getc() << i;
+        }
    }

+    trace_replay_get_dword(dword);
    return dword;
 }

 int64_t replay_get_qword(void)
 {
-    int64_t qword = 0;
+    uint64_t qword = 0;
+    int i;
+
    if (replay_file) {
-        qword = replay_get_dword();
-        qword = (qword << 32) + replay_get_dword();
+        for (i = 56; i >= 0; i -= 8) {
+            qword |= (uint64_t)replay_getc() << i;
+        }
    }

+    trace_replay_get_qword(qword);
    return qword;
 }

@ -172,10 +205,12 @@ void replay_check_error(void)

 void replay_fetch_data_kind(void)
 {
+    trace_replay_fetch_data_kind();
    if (replay_file) {
        if (!replay_state.has_unread_data) {
-            replay_state.data_kind = replay_get_byte();
+            replay_state.data_kind = replay_getc();
            replay_state.current_event++;
+            trace_replay_get_event(replay_state.current_event, replay_state.data_kind);
            if (replay_state.data_kind == EVENT_INSTRUCTION) {
                replay_state.instruction_count = replay_get_dword();
            }
@ -246,6 +281,7 @@ void replay_advance_current_icount(uint64_t current_icount)
    int diff = (int)(current_icount - replay_state.current_icount);

    /* Time can only go forward */
+    trace_replay_advance_current_icount(replay_state.current_icount, diff);
    assert(diff >= 0);

    if (replay_mode == REPLAY_MODE_RECORD) {
--- a/replay/trace-events
+++ b/replay/trace-events
@ -0,0 +1,12 @@
+replay_put_byte(uint8_t event) "%02x"
+replay_put_event(uint8_t event) "%02x"
+replay_put_word(uint16_t event) "%04x"
+replay_put_dword(uint32_t event) "%08x"
+replay_put_qword(uint64_t event) "%016" PRIx64
+replay_get_byte(uint8_t byte) "%02x"
+replay_get_word(uint16_t word) "%04x"
+replay_get_dword(uint32_t dword) "%08x"
+replay_get_qword(uint64_t qword) "%016" PRIx64
+replay_fetch_data_kind(void) ""
+replay_get_event(uint32_t current, uint8_t data) "#%u data=%02x"
+replay_advance_current_icount(uint64_t current_icount, int diff) "current=%" PRIu64 " diff=%d"
--- a/replay/trace.h
+++ b/replay/trace.h
@ -0,0 +1 @@
+#include "trace/trace-replay.h"
--- a/scripts/mtest2make.py
+++ b/scripts/mtest2make.py
@ -8,24 +8,23 @@ from collections import defaultdict
 import itertools
 import json
 import os
-import shlex
 import sys

 class Suite(object):
    def __init__(self):
        self.deps = set()
-        self.speeds = ['quick']
+        self.speeds = set()

    def names(self, base):
-        return [base if speed == 'quick' else f'{base}-{speed}' for speed in self.speeds]
+        return [f'{base}-{speed}' for speed in self.speeds]


-print('''
+print(r'''
 SPEED = quick

-.speed.quick = $(foreach s,$(sort $(filter-out %-slow %-thorough, $1)), --suite $s)
-.speed.slow = $(foreach s,$(sort $(filter-out %-thorough, $1)), --suite $s)
-.speed.thorough = $(foreach s,$(sort $1), --suite $s)
+.speed.quick = $(sort $(filter-out %-slow %-thorough, $1))
+.speed.slow = $(sort $(filter-out %-thorough, $1))
+.speed.thorough = $(sort $1)

 TIMEOUT_MULTIPLIER ?= 1
 .mtestargs = --no-rebuild -t $(TIMEOUT_MULTIPLIER)
@ -34,8 +33,10 @@ ifneq ($(SPEED), quick)
 endif
 .mtestargs += $(subst -j,--num-processes , $(filter-out -j, $(lastword -j1 $(filter -j%, $(MAKEFLAGS)))))

-.check.mtestargs = $(MTESTARGS) $(.mtestargs) $(if $(V),--verbose,--print-errorlogs)
-.bench.mtestargs = $(MTESTARGS) $(.mtestargs) --benchmark --verbose''')
+.check.mtestargs = $(MTESTARGS) $(.mtestargs) $(if $(V),--verbose,--print-errorlogs) \
+    $(foreach s, $(sort $(.check.mtest-suites)), --suite $s)
+.bench.mtestargs = $(MTESTARGS) $(.mtestargs) --benchmark --verbose \
+    $(foreach s, $(sort $(.bench.mtest-suites)), --suite $s)''')

 introspect = json.load(sys.stdin)

@ -57,13 +58,13 @@ def process_tests(test, targets, suites):
            s = s.split(':')[1]
            if s == 'slow' or s == 'thorough':
                continue
+        suites[s].deps.update(deps)
        if s.endswith('-slow'):
            s = s[:-5]
-            suites[s].speeds.append('slow')
+            suites[s].speeds.add('slow')
        if s.endswith('-thorough'):
            s = s[:-9]
-            suites[s].speeds.append('thorough')
-        suites[s].deps.update(deps)
+            suites[s].speeds.add('thorough')

 def emit_prolog(suites, prefix):
    all_targets = ' '.join((f'{prefix}-{k}' for k in suites.keys()))
@ -72,29 +73,26 @@ def emit_prolog(suites, prefix):
    print(f'all-{prefix}-targets = {all_targets}')
    print(f'all-{prefix}-xml = {all_xml}')
    print(f'.PHONY: {prefix} do-meson-{prefix} {prefix}-report.junit.xml $(all-{prefix}-targets) $(all-{prefix}-xml)')
-    print(f'ifeq ($(filter {prefix}, $(MAKECMDGOALS)),)')
-    print(f'.{prefix}.mtestargs += $(call .speed.$(SPEED), $(.{prefix}.mtest-suites))')
-    print(f'endif')
+    print(f'ninja-cmd-goals += $(foreach s, $(.{prefix}.mtest-suites), $(.{prefix}-$s.deps))')
    print(f'{prefix}-build: run-ninja')
    print(f'{prefix} $(all-{prefix}-targets): do-meson-{prefix}')
    print(f'do-meson-{prefix}: run-ninja; $(if $(MAKE.n),,+)$(MESON) test $(.{prefix}.mtestargs)')
    print(f'{prefix}-report.junit.xml $(all-{prefix}-xml): {prefix}-report%.junit.xml: run-ninja')
    print(f'\t$(MAKE) {prefix}$* MTESTARGS="$(MTESTARGS) --logbase {prefix}-report$*" && ln -f meson-logs/$@ .')

-def emit_suite_deps(name, suite, prefix):
+def emit_suite(name, suite, prefix):
    deps = ' '.join(suite.deps)
-    targets = [f'{prefix}-{name}', f'{prefix}-report-{name}.junit.xml', f'{prefix}', f'{prefix}-report.junit.xml',
-               f'{prefix}-build']
    print()
    print(f'.{prefix}-{name}.deps = {deps}')
-    for t in targets:
-        print(f'.ninja-goals.{t} += $(.{prefix}-{name}.deps)')
+    print(f'.ninja-goals.check-build += $(.{prefix}-{name}.deps)')

-def emit_suite(name, suite, prefix):
-    emit_suite_deps(name, suite, prefix)
-    targets = f'{prefix}-{name} {prefix}-report-{name}.junit.xml {prefix} {prefix}-report.junit.xml'
+    names = ' '.join(suite.names(name))
+    targets = f'{prefix}-{name} {prefix}-report-{name}.junit.xml'
+    if not name.endswith('-slow') and not name.endswith('-thorough'):
+        targets += f' {prefix} {prefix}-report.junit.xml'
    print(f'ifneq ($(filter {targets}, $(MAKECMDGOALS)),)')
-    print(f'.{prefix}.mtest-suites += ' + ' '.join(suite.names(name)))
+    # for the "base" suite possibly add FOO-slow and FOO-thorough
+    print(f".{prefix}.mtest-suites += {name} $(call .speed.$(SPEED), {names})")
    print(f'endif')

 targets = {t['id']: [os.path.relpath(f) for f in t['filename']]
--- a/target/i386/emulate/x86_decode.c
+++ b/target/i386/emulate/x86_decode.c
@ -77,7 +77,11 @@ static inline uint64_t decode_bytes(CPUX86State *env, struct x86_decode *decode,
        memcpy(&val, decode->stream->bytes + decode->len, size);
    } else {
        target_ulong va = linear_rip(env_cpu(env), env->eip) + decode->len;
-        emul_ops->fetch_instruction(env_cpu(env), &val, va, size);
+        if (emul_ops->fetch_instruction) {
+            emul_ops->fetch_instruction(env_cpu(env), &val, va, size);
+        } else {
+            emul_ops->read_mem(env_cpu(env), &val, va, size);
+        }
    }
    decode->len += size;

--- a/target/i386/tcg/decode-new.c.inc
+++ b/target/i386/tcg/decode-new.c.inc
@ -643,7 +643,7 @@ static const X86OpEntry opcodes_0F38_00toEF[240] = {
    [0x0a] = X86_OP_ENTRY3(PSIGND,    V,x,        H,x,  W,x,  vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
    [0x0b] = X86_OP_ENTRY3(PMULHRSW,  V,x,        H,x,  W,x,  vex4 cpuid(SSSE3) mmx avx2_256 p_00_66),
    /* Listed incorrectly as type 4 */
-    [0x0c] = X86_OP_ENTRY3(VPERMILPS, V,x,        H,x,  W,x,  vex6 chk(W0) cpuid(AVX) p_00_66),
+    [0x0c] = X86_OP_ENTRY3(VPERMILPS, V,x,        H,x,  W,x,  vex6 chk(W0) cpuid(AVX) p_66),
    [0x0d] = X86_OP_ENTRY3(VPERMILPD, V,x,        H,x,  W,x,  vex6 chk(W0) cpuid(AVX) p_66),
    [0x0e] = X86_OP_ENTRY3(VTESTPS,   None,None,  V,x,  W,x,  vex6 chk(W0) cpuid(AVX) p_66),
    [0x0f] = X86_OP_ENTRY3(VTESTPD,   None,None,  V,x,  W,x,  vex6 chk(W0) cpuid(AVX) p_66),
@ -2059,7 +2059,12 @@ static bool decode_op(DisasContext *s, CPUX86State *env, X86DecodedInsn *decode,

    case X86_TYPE_S:  /* reg selects a segment register */
        op->unit = X86_OP_SEG;
-        goto get_reg;
+        op->n = (get_modrm(s, env) >> 3) & 7;
+        /* Values outside [CDEFGS]S, as well as storing to CS, are invalid.  */
+        if (op->n >= 6 || (op->n == R_CS && op == &decode->op[0])) {
+            return false;
+        }
+        break;

    case X86_TYPE_P:
        op->unit = X86_OP_MMX;
--- a/target/i386/tcg/helper-tcg.h
+++ b/target/i386/tcg/helper-tcg.h
@ -99,7 +99,7 @@ void cpu_load_eflags(CPUX86State *env, int eflags, int update_mask);

 /* system/svm_helper.c */
 #ifndef CONFIG_USER_ONLY
-G_NORETURN void cpu_vmexit(CPUX86State *nenv, uint32_t exit_code,
+G_NORETURN void cpu_vmexit(CPUX86State *nenv, uint64_t exit_code,
                           uint64_t exit_info_1, uintptr_t retaddr);
 void do_vmexit(CPUX86State *env);
 #endif
--- a/target/i386/tcg/seg_helper.c
+++ b/target/i386/tcg/seg_helper.c
@ -1161,7 +1161,7 @@ static void do_interrupt_real(CPUX86State *env, int intno, int is_int,
    sa.env = env;
    sa.ra = 0;
    sa.sp = env->regs[R_ESP];
-    sa.sp_mask = 0xffff;
+    sa.sp_mask = get_sp_mask(env->segs[R_SS].flags);
    sa.ss_base = env->segs[R_SS].base;
    sa.mmu_index = x86_mmu_index_pl(env, 0);

@ -1964,7 +1964,7 @@ void helper_iret_real(CPUX86State *env, int shift)
    sa.env = env;
    sa.ra = GETPC();
    sa.mmu_index = x86_mmu_index_pl(env, 0);
-    sa.sp_mask = 0xffff; /* XXXX: use SS segment size? */
+    sa.sp_mask = get_sp_mask(env->segs[R_SS].flags);
    sa.sp = env->regs[R_ESP];
    sa.ss_base = env->segs[R_SS].base;

--- a/target/i386/tcg/system/svm_helper.c
+++ b/target/i386/tcg/system/svm_helper.c
@ -128,7 +128,7 @@ static inline bool virtual_gif_enabled(CPUX86State *env)
    return false;
 }

-static inline bool virtual_vm_load_save_enabled(CPUX86State *env, uint32_t exit_code, uintptr_t retaddr)
+static inline bool virtual_vm_load_save_enabled(CPUX86State *env, uint64_t exit_code, uintptr_t retaddr)
 {
    uint64_t lbr_ctl;

@ -723,7 +723,7 @@ void helper_svm_check_io(CPUX86State *env, uint32_t port, uint32_t param,
    }
 }

-void cpu_vmexit(CPUX86State *env, uint32_t exit_code, uint64_t exit_info_1,
+void cpu_vmexit(CPUX86State *env, uint64_t exit_code, uint64_t exit_info_1,
                uintptr_t retaddr)
 {
    CPUState *cs = env_cpu(env);
@ -732,7 +732,7 @@ void cpu_vmexit(CPUX86State *env, uint32_t exit_code, uint64_t exit_info_1,

    qemu_log_mask(CPU_LOG_TB_IN_ASM, "vmexit(%08x, %016" PRIx64 ", %016"
                  PRIx64 ", " TARGET_FMT_lx ")!\n",
-                  exit_code, exit_info_1,
+                  (uint32_t)exit_code, exit_info_1,
                  x86_ldq_phys(cs, env->vm_vmcb + offsetof(struct vmcb,
                                                   control.exit_info_2)),
                  env->eip);