@@ -49,6 +49,9 @@ SRC_URI = "https://download.qemu.org/${BPN}-${PV}.tar.xz \
file://CVE-2024-7409-0002.patch \
file://CVE-2024-7409-0003.patch \
file://CVE-2024-7409-0004.patch \
+ file://0001-target-riscv-kvm-change-KVM_REG_RISCV_FP_F-to-u32.patch \
+ file://0002-target-riscv-kvm-change-KVM_REG_RISCV_FP_D-to-u64.patch \
+ file://0003-target-riscv-kvm-change-timer-regs-size-to-u64.patch \
"
UPSTREAM_CHECK_REGEX = "qemu-(?P<pver>\d+(\.\d+)+)\.tar"
new file mode 100644
@@ -0,0 +1,75 @@
+From bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9 Mon Sep 17 00:00:00 2001
+From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
+Date: Fri, 8 Dec 2023 15:38:31 -0300
+Subject: [PATCH 1/3] target/riscv/kvm: change KVM_REG_RISCV_FP_F to u32
+
+KVM_REG_RISCV_FP_F regs have u32 size according to the API, but by using
+kvm_riscv_reg_id() in RISCV_FP_F_REG() we're returning u64 sizes when
+running with TARGET_RISCV64. The most likely reason why no one noticed
+this is because we're not implementing kvm_cpu_synchronize_state() in
+RISC-V yet.
+
+Create a new helper that returns a KVM ID with u32 size and use it in
+RISCV_FP_F_REG().
+
+Reported-by: Andrew Jones <ajones@ventanamicro.com>
+Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
+Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
+Message-ID: <20231208183835.2411523-2-dbarboza@ventanamicro.com>
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+(cherry picked from commit 49c211ffca00fdf7c0c29072c224e88527a14838)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [bbdcc89678daa5cb131ef22a6cd41a5f7f9dcea9]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ target/riscv/kvm/kvm-cpu.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
+index c1675158fe..2eef2be86a 100644
+--- a/target/riscv/kvm/kvm-cpu.c
++++ b/target/riscv/kvm/kvm-cpu.c
+@@ -72,6 +72,11 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
+ return id;
+ }
+
++static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
++{
++ return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx;
++}
++
+ #define RISCV_CORE_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
+ KVM_REG_RISCV_CORE_REG(name))
+
+@@ -81,7 +86,7 @@ static uint64_t kvm_riscv_reg_id(CPURISCVState *env, uint64_t type,
+ #define RISCV_TIMER_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \
+ KVM_REG_RISCV_TIMER_REG(name))
+
+-#define RISCV_FP_F_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_F, idx)
++#define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
+
+ #define RISCV_FP_D_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx)
+
+@@ -586,7 +591,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
+ if (riscv_has_ext(env, RVF)) {
+ uint32_t reg;
+ for (i = 0; i < 32; i++) {
+- ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(env, i), ®);
++ ret = kvm_get_one_reg(cs, RISCV_FP_F_REG(i), ®);
+ if (ret) {
+ return ret;
+ }
+@@ -620,7 +625,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
+ uint32_t reg;
+ for (i = 0; i < 32; i++) {
+ reg = env->fpr[i];
+- ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(env, i), ®);
++ ret = kvm_set_one_reg(cs, RISCV_FP_F_REG(i), ®);
+ if (ret) {
+ return ret;
+ }
+--
+2.25.1
+
new file mode 100644
@@ -0,0 +1,73 @@
+From 125b95d79e746cbab6b72683b3382dd372e38c61 Mon Sep 17 00:00:00 2001
+From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
+Date: Fri, 8 Dec 2023 15:38:32 -0300
+Subject: [PATCH 2/3] target/riscv/kvm: change KVM_REG_RISCV_FP_D to u64
+
+KVM_REG_RISCV_FP_D regs are always u64 size. Using kvm_riscv_reg_id() in
+RISCV_FP_D_REG() ends up encoding the wrong size if we're running with
+TARGET_RISCV32.
+
+Create a new helper that returns a KVM ID with u64 size and use it with
+RISCV_FP_D_REG().
+
+Reported-by: Andrew Jones <ajones@ventanamicro.com>
+Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
+Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
+Message-ID: <20231208183835.2411523-3-dbarboza@ventanamicro.com>
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+(cherry picked from commit 450bd6618fda3d2e2ab02b2fce1c79efd5b66084)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [125b95d79e746cbab6b72683b3382dd372e38c61]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ target/riscv/kvm/kvm-cpu.c | 11 ++++++++---
+ 1 file changed, 8 insertions(+), 3 deletions(-)
+
+diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
+index 2eef2be86a..82ed4455a5 100644
+--- a/target/riscv/kvm/kvm-cpu.c
++++ b/target/riscv/kvm/kvm-cpu.c
+@@ -77,6 +77,11 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
+ return KVM_REG_RISCV | KVM_REG_SIZE_U32 | type | idx;
+ }
+
++static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
++{
++ return KVM_REG_RISCV | KVM_REG_SIZE_U64 | type | idx;
++}
++
+ #define RISCV_CORE_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CORE, \
+ KVM_REG_RISCV_CORE_REG(name))
+
+@@ -88,7 +93,7 @@ static uint64_t kvm_riscv_reg_id_u32(uint64_t type, uint64_t idx)
+
+ #define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
+
+-#define RISCV_FP_D_REG(env, idx) kvm_riscv_reg_id(env, KVM_REG_RISCV_FP_D, idx)
++#define RISCV_FP_D_REG(idx) kvm_riscv_reg_id_u64(KVM_REG_RISCV_FP_D, idx)
+
+ #define KVM_RISCV_GET_CSR(cs, env, csr, reg) \
+ do { \
+@@ -579,7 +584,7 @@ static int kvm_riscv_get_regs_fp(CPUState *cs)
+ if (riscv_has_ext(env, RVD)) {
+ uint64_t reg;
+ for (i = 0; i < 32; i++) {
+- ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(env, i), ®);
++ ret = kvm_get_one_reg(cs, RISCV_FP_D_REG(i), ®);
+ if (ret) {
+ return ret;
+ }
+@@ -613,7 +618,7 @@ static int kvm_riscv_put_regs_fp(CPUState *cs)
+ uint64_t reg;
+ for (i = 0; i < 32; i++) {
+ reg = env->fpr[i];
+- ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(env, i), ®);
++ ret = kvm_set_one_reg(cs, RISCV_FP_D_REG(i), ®);
+ if (ret) {
+ return ret;
+ }
+--
+2.25.1
+
new file mode 100644
@@ -0,0 +1,107 @@
+From cbae1080988e0f1af0fb4c816205f7647f6de16f Mon Sep 17 00:00:00 2001
+From: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
+Date: Fri, 8 Dec 2023 15:38:33 -0300
+Subject: [PATCH 3/3] target/riscv/kvm: change timer regs size to u64
+
+KVM_REG_RISCV_TIMER regs are always u64 according to the KVM API, but at
+this moment we'll return u32 regs if we're running a RISCV32 target.
+
+Use the kvm_riscv_reg_id_u64() helper in RISCV_TIMER_REG() to fix it.
+
+Reported-by: Andrew Jones <ajones@ventanamicro.com>
+Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
+Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
+Message-ID: <20231208183835.2411523-4-dbarboza@ventanamicro.com>
+Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
+(cherry picked from commit 10f86d1b845087d14b58d65dd2a6e3411d1b6529)
+Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
+
+Upstream-Status: Backport [cbae1080988e0f1af0fb4c816205f7647f6de16f]
+
+Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
+---
+ target/riscv/kvm/kvm-cpu.c | 26 +++++++++++++-------------
+ 1 file changed, 13 insertions(+), 13 deletions(-)
+
+diff --git a/target/riscv/kvm/kvm-cpu.c b/target/riscv/kvm/kvm-cpu.c
+index 82ed4455a5..ddbe820e10 100644
+--- a/target/riscv/kvm/kvm-cpu.c
++++ b/target/riscv/kvm/kvm-cpu.c
+@@ -88,7 +88,7 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
+ #define RISCV_CSR_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_CSR, \
+ KVM_REG_RISCV_CSR_REG(name))
+
+-#define RISCV_TIMER_REG(env, name) kvm_riscv_reg_id(env, KVM_REG_RISCV_TIMER, \
++#define RISCV_TIMER_REG(name) kvm_riscv_reg_id_u64(KVM_REG_RISCV_TIMER, \
+ KVM_REG_RISCV_TIMER_REG(name))
+
+ #define RISCV_FP_F_REG(idx) kvm_riscv_reg_id_u32(KVM_REG_RISCV_FP_F, idx)
+@@ -111,17 +111,17 @@ static uint64_t kvm_riscv_reg_id_u64(uint64_t type, uint64_t idx)
+ } \
+ } while (0)
+
+-#define KVM_RISCV_GET_TIMER(cs, env, name, reg) \
++#define KVM_RISCV_GET_TIMER(cs, name, reg) \
+ do { \
+- int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \
++ int ret = kvm_get_one_reg(cs, RISCV_TIMER_REG(name), ®); \
+ if (ret) { \
+ abort(); \
+ } \
+ } while (0)
+
+-#define KVM_RISCV_SET_TIMER(cs, env, name, reg) \
++#define KVM_RISCV_SET_TIMER(cs, name, reg) \
+ do { \
+- int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(env, name), ®); \
++ int ret = kvm_set_one_reg(cs, RISCV_TIMER_REG(name), ®); \
+ if (ret) { \
+ abort(); \
+ } \
+@@ -649,10 +649,10 @@ static void kvm_riscv_get_regs_timer(CPUState *cs)
+ return;
+ }
+
+- KVM_RISCV_GET_TIMER(cs, env, time, env->kvm_timer_time);
+- KVM_RISCV_GET_TIMER(cs, env, compare, env->kvm_timer_compare);
+- KVM_RISCV_GET_TIMER(cs, env, state, env->kvm_timer_state);
+- KVM_RISCV_GET_TIMER(cs, env, frequency, env->kvm_timer_frequency);
++ KVM_RISCV_GET_TIMER(cs, time, env->kvm_timer_time);
++ KVM_RISCV_GET_TIMER(cs, compare, env->kvm_timer_compare);
++ KVM_RISCV_GET_TIMER(cs, state, env->kvm_timer_state);
++ KVM_RISCV_GET_TIMER(cs, frequency, env->kvm_timer_frequency);
+
+ env->kvm_timer_dirty = true;
+ }
+@@ -666,8 +666,8 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
+ return;
+ }
+
+- KVM_RISCV_SET_TIMER(cs, env, time, env->kvm_timer_time);
+- KVM_RISCV_SET_TIMER(cs, env, compare, env->kvm_timer_compare);
++ KVM_RISCV_SET_TIMER(cs, time, env->kvm_timer_time);
++ KVM_RISCV_SET_TIMER(cs, compare, env->kvm_timer_compare);
+
+ /*
+ * To set register of RISCV_TIMER_REG(state) will occur a error from KVM
+@@ -676,7 +676,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
+ * TODO If KVM changes, adapt here.
+ */
+ if (env->kvm_timer_state) {
+- KVM_RISCV_SET_TIMER(cs, env, state, env->kvm_timer_state);
++ KVM_RISCV_SET_TIMER(cs, state, env->kvm_timer_state);
+ }
+
+ /*
+@@ -685,7 +685,7 @@ static void kvm_riscv_put_regs_timer(CPUState *cs)
+ * during the migration.
+ */
+ if (migration_is_running(migrate_get_current()->state)) {
+- KVM_RISCV_GET_TIMER(cs, env, frequency, reg);
++ KVM_RISCV_GET_TIMER(cs, frequency, reg);
+ if (reg != env->kvm_timer_frequency) {
+ error_report("Dst Hosts timer frequency != Src Hosts");
+ }
+--
+2.25.1
+