mirror of
https://git.proxmox.com/git/pve-qemu
synced 2025-08-18 03:57:08 +00:00
3da02409af
As reported in the community forum [0][1], QEMU processes for Linux
guests would consume more CPU on the host after an update to QEMU 9.2.
The issue was reproduced and bisecting pointed to QEMU commit
f0ccf77078 ("hpet: fix and cleanup persistence of interrupt status").
Some quick experimentation suggests that in particular the last part
is responsible for the issue:
> - the timer must be kept running even if not enabled, in
> order to set the ISR flag, so writes to HPET_TN_CFG must
> not call hpet_del_timer()
Users confirmed that setting the hpet=off machine flag works around
the issue[0]. For Windows (7 or later) guests, the flag is already
disabled, because of issues in the past [2].
Upstream suggested reverting the relevant patches for now [3], because
other issues were reported too. All except commit 5895879aca ("hpet:
remove unnecessary variable "index"") are actually dependent on each
other for cleanly reverting f0ccf77078, and while not strictly
required, that one was reverted too for completeness.
[0]: https://forum.proxmox.com/threads/163694/
[1]: https://forum.proxmox.com/threads/161849/post-756793
[2]: https://lists.proxmox.com/pipermail/pve-devel/2012-December/004958.html
[3]: https://lore.kernel.org/qemu-devel/CABgObfaKJ5NFVKmYLFmu4C0iZZLJJtcWksLCzyA0tBoz0koZ4A@mail.gmail.com/
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
282 lines
11 KiB
Diff
282 lines
11 KiB
Diff
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
|
From: Fiona Ebner <f.ebner@proxmox.com>
|
|
Date: Wed, 19 Mar 2025 17:31:09 +0100
|
|
Subject: [PATCH] Revert "hpet: accept 64-bit reads and writes"
|
|
|
|
This reverts commit c2366567378dd8fb89329816003801f54e30e6f3.
|
|
|
|
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
|
|
---
|
|
hw/timer/hpet.c | 137 +++++++++++++++++++++++++++++-------------
|
|
hw/timer/trace-events | 3 +-
|
|
2 files changed, 96 insertions(+), 44 deletions(-)
|
|
|
|
diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c
|
|
index 415a9433f1..e1ac877759 100644
|
|
--- a/hw/timer/hpet.c
|
|
+++ b/hw/timer/hpet.c
|
|
@@ -437,7 +437,6 @@ static uint64_t hpet_ram_read(void *opaque, hwaddr addr,
|
|
unsigned size)
|
|
{
|
|
HPETState *s = opaque;
|
|
- int shift = (addr & 4) * 8;
|
|
uint64_t cur_tick;
|
|
|
|
trace_hpet_ram_read(addr);
|
|
@@ -452,33 +451,52 @@ static uint64_t hpet_ram_read(void *opaque, hwaddr addr,
|
|
return 0;
|
|
}
|
|
|
|
- switch (addr & 0x18) {
|
|
- case HPET_TN_CFG: // including interrupt capabilities
|
|
- return timer->config >> shift;
|
|
+ switch ((addr - 0x100) % 0x20) {
|
|
+ case HPET_TN_CFG:
|
|
+ return timer->config;
|
|
+ case HPET_TN_CFG + 4: // Interrupt capabilities
|
|
+ return timer->config >> 32;
|
|
case HPET_TN_CMP: // comparator register
|
|
- return timer->cmp >> shift;
|
|
+ return timer->cmp;
|
|
+ case HPET_TN_CMP + 4:
|
|
+ return timer->cmp >> 32;
|
|
case HPET_TN_ROUTE:
|
|
- return timer->fsb >> shift;
|
|
+ return timer->fsb;
|
|
+ case HPET_TN_ROUTE + 4:
|
|
+ return timer->fsb >> 32;
|
|
default:
|
|
trace_hpet_ram_read_invalid();
|
|
break;
|
|
}
|
|
} else {
|
|
- switch (addr & ~4) {
|
|
- case HPET_ID: // including HPET_PERIOD
|
|
- return s->capability >> shift;
|
|
+ switch (addr) {
|
|
+ case HPET_ID:
|
|
+ return s->capability;
|
|
+ case HPET_PERIOD:
|
|
+ return s->capability >> 32;
|
|
case HPET_CFG:
|
|
- return s->config >> shift;
|
|
+ return s->config;
|
|
+ case HPET_CFG + 4:
|
|
+ trace_hpet_invalid_hpet_cfg(4);
|
|
+ return 0;
|
|
case HPET_COUNTER:
|
|
if (hpet_enabled(s)) {
|
|
cur_tick = hpet_get_ticks(s);
|
|
} else {
|
|
cur_tick = s->hpet_counter;
|
|
}
|
|
- trace_hpet_ram_read_reading_counter(addr & 4, cur_tick);
|
|
- return cur_tick >> shift;
|
|
+ trace_hpet_ram_read_reading_counter(0, cur_tick);
|
|
+ return cur_tick;
|
|
+ case HPET_COUNTER + 4:
|
|
+ if (hpet_enabled(s)) {
|
|
+ cur_tick = hpet_get_ticks(s);
|
|
+ } else {
|
|
+ cur_tick = s->hpet_counter;
|
|
+ }
|
|
+ trace_hpet_ram_read_reading_counter(4, cur_tick);
|
|
+ return cur_tick >> 32;
|
|
case HPET_STATUS:
|
|
- return s->isr >> shift;
|
|
+ return s->isr;
|
|
default:
|
|
trace_hpet_ram_read_invalid();
|
|
break;
|
|
@@ -492,11 +510,11 @@ static void hpet_ram_write(void *opaque, hwaddr addr,
|
|
{
|
|
int i;
|
|
HPETState *s = opaque;
|
|
- int shift = (addr & 4) * 8;
|
|
- int len = MIN(size * 8, 64 - shift);
|
|
uint64_t old_val, new_val, cleared;
|
|
|
|
trace_hpet_ram_write(addr, value);
|
|
+ old_val = hpet_ram_read(opaque, addr, 4);
|
|
+ new_val = value;
|
|
|
|
/*address range of all TN regs*/
|
|
if (addr >= 0x100 && addr <= 0x3ff) {
|
|
@@ -508,12 +526,9 @@ static void hpet_ram_write(void *opaque, hwaddr addr,
|
|
trace_hpet_timer_id_out_of_range(timer_id);
|
|
return;
|
|
}
|
|
- switch (addr & 0x18) {
|
|
+ switch ((addr - 0x100) % 0x20) {
|
|
case HPET_TN_CFG:
|
|
- trace_hpet_ram_write_tn_cfg(addr & 4);
|
|
- old_val = timer->config;
|
|
- new_val = deposit64(old_val, shift, len, value);
|
|
- new_val = hpet_fixup_reg(new_val, old_val, HPET_TN_CFG_WRITE_MASK);
|
|
+ trace_hpet_ram_write_tn_cfg();
|
|
if (deactivating_bit(old_val, new_val, HPET_TN_TYPE_LEVEL)) {
|
|
/*
|
|
* Do this before changing timer->config; otherwise, if
|
|
@@ -521,7 +536,8 @@ static void hpet_ram_write(void *opaque, hwaddr addr,
|
|
*/
|
|
update_irq(timer, 0);
|
|
}
|
|
- timer->config = new_val;
|
|
+ new_val = hpet_fixup_reg(new_val, old_val, HPET_TN_CFG_WRITE_MASK);
|
|
+ timer->config = (timer->config & 0xffffffff00000000ULL) | new_val;
|
|
if (activating_bit(old_val, new_val, HPET_TN_ENABLE)
|
|
&& (s->isr & (1 << timer_id))) {
|
|
update_irq(timer, 1);
|
|
@@ -534,28 +550,56 @@ static void hpet_ram_write(void *opaque, hwaddr addr,
|
|
hpet_set_timer(timer);
|
|
}
|
|
break;
|
|
+ case HPET_TN_CFG + 4: // Interrupt capabilities
|
|
+ trace_hpet_ram_write_invalid_tn_cfg(4);
|
|
+ break;
|
|
case HPET_TN_CMP: // comparator register
|
|
+ trace_hpet_ram_write_tn_cmp(0);
|
|
if (timer->config & HPET_TN_32BIT) {
|
|
- /* High 32-bits are zero, leave them untouched. */
|
|
- if (shift) {
|
|
- trace_hpet_ram_write_invalid_tn_cmp();
|
|
- break;
|
|
+ new_val = (uint32_t)new_val;
|
|
+ }
|
|
+ if (!timer_is_periodic(timer)
|
|
+ || (timer->config & HPET_TN_SETVAL)) {
|
|
+ timer->cmp = (timer->cmp & 0xffffffff00000000ULL) | new_val;
|
|
+ }
|
|
+ if (timer_is_periodic(timer)) {
|
|
+ /*
|
|
+ * FIXME: Clamp period to reasonable min value?
|
|
+ * Clamp period to reasonable max value
|
|
+ */
|
|
+ if (timer->config & HPET_TN_32BIT) {
|
|
+ new_val = MIN(new_val, ~0u >> 1);
|
|
}
|
|
- len = 64;
|
|
- value = (uint32_t) value;
|
|
+ timer->period =
|
|
+ (timer->period & 0xffffffff00000000ULL) | new_val;
|
|
+ }
|
|
+ /*
|
|
+ * FIXME: on a 64-bit write, HPET_TN_SETVAL should apply to the
|
|
+ * high bits part as well.
|
|
+ */
|
|
+ timer->config &= ~HPET_TN_SETVAL;
|
|
+ if (hpet_enabled(s)) {
|
|
+ hpet_set_timer(timer);
|
|
}
|
|
- trace_hpet_ram_write_tn_cmp(addr & 4);
|
|
+ break;
|
|
+ case HPET_TN_CMP + 4: // comparator register high order
|
|
+ if (timer->config & HPET_TN_32BIT) {
|
|
+ trace_hpet_ram_write_invalid_tn_cmp();
|
|
+ break;
|
|
+ }
|
|
+ trace_hpet_ram_write_tn_cmp(4);
|
|
if (!timer_is_periodic(timer)
|
|
|| (timer->config & HPET_TN_SETVAL)) {
|
|
- timer->cmp = deposit64(timer->cmp, shift, len, value);
|
|
+ timer->cmp = (timer->cmp & 0xffffffffULL) | new_val << 32;
|
|
}
|
|
if (timer_is_periodic(timer)) {
|
|
/*
|
|
* FIXME: Clamp period to reasonable min value?
|
|
* Clamp period to reasonable max value
|
|
*/
|
|
- new_val = deposit64(timer->period, shift, len, value);
|
|
- timer->period = MIN(new_val, (timer->config & HPET_TN_32BIT ? ~0u : ~0ull) >> 1);
|
|
+ new_val = MIN(new_val, ~0u >> 1);
|
|
+ timer->period =
|
|
+ (timer->period & 0xffffffffULL) | new_val << 32;
|
|
}
|
|
timer->config &= ~HPET_TN_SETVAL;
|
|
if (hpet_enabled(s)) {
|
|
@@ -563,7 +607,10 @@ static void hpet_ram_write(void *opaque, hwaddr addr,
|
|
}
|
|
break;
|
|
case HPET_TN_ROUTE:
|
|
- timer->fsb = deposit64(timer->fsb, shift, len, value);
|
|
+ timer->fsb = (timer->fsb & 0xffffffff00000000ULL) | new_val;
|
|
+ break;
|
|
+ case HPET_TN_ROUTE + 4:
|
|
+ timer->fsb = (new_val << 32) | (timer->fsb & 0xffffffff);
|
|
break;
|
|
default:
|
|
trace_hpet_ram_write_invalid();
|
|
@@ -571,14 +618,12 @@ static void hpet_ram_write(void *opaque, hwaddr addr,
|
|
}
|
|
return;
|
|
} else {
|
|
- switch (addr & ~4) {
|
|
+ switch (addr) {
|
|
case HPET_ID:
|
|
return;
|
|
case HPET_CFG:
|
|
- old_val = s->config;
|
|
- new_val = deposit64(old_val, shift, len, value);
|
|
new_val = hpet_fixup_reg(new_val, old_val, HPET_CFG_WRITE_MASK);
|
|
- s->config = new_val;
|
|
+ s->config = (s->config & 0xffffffff00000000ULL) | new_val;
|
|
if (activating_bit(old_val, new_val, HPET_CFG_ENABLE)) {
|
|
/* Enable main counter and interrupt generation. */
|
|
s->hpet_offset =
|
|
@@ -608,8 +653,10 @@ static void hpet_ram_write(void *opaque, hwaddr addr,
|
|
qemu_set_irq(s->irqs[RTC_ISA_IRQ], s->rtc_irq_level);
|
|
}
|
|
break;
|
|
+ case HPET_CFG + 4:
|
|
+ trace_hpet_invalid_hpet_cfg(4);
|
|
+ break;
|
|
case HPET_STATUS:
|
|
- new_val = value << shift;
|
|
cleared = new_val & s->isr;
|
|
for (i = 0; i < s->num_timers; i++) {
|
|
if (cleared & (1 << i)) {
|
|
@@ -621,7 +668,15 @@ static void hpet_ram_write(void *opaque, hwaddr addr,
|
|
if (hpet_enabled(s)) {
|
|
trace_hpet_ram_write_counter_write_while_enabled();
|
|
}
|
|
- s->hpet_counter = deposit64(s->hpet_counter, shift, len, value);
|
|
+ s->hpet_counter =
|
|
+ (s->hpet_counter & 0xffffffff00000000ULL) | value;
|
|
+ trace_hpet_ram_write_counter_written(0, value, s->hpet_counter);
|
|
+ break;
|
|
+ case HPET_COUNTER + 4:
|
|
+ trace_hpet_ram_write_counter_write_while_enabled();
|
|
+ s->hpet_counter =
|
|
+ (s->hpet_counter & 0xffffffffULL) | (((uint64_t)value) << 32);
|
|
+ trace_hpet_ram_write_counter_written(4, value, s->hpet_counter);
|
|
break;
|
|
default:
|
|
trace_hpet_ram_write_invalid();
|
|
@@ -635,11 +690,7 @@ static const MemoryRegionOps hpet_ram_ops = {
|
|
.write = hpet_ram_write,
|
|
.valid = {
|
|
.min_access_size = 4,
|
|
- .max_access_size = 8,
|
|
- },
|
|
- .impl = {
|
|
- .min_access_size = 4,
|
|
- .max_access_size = 8,
|
|
+ .max_access_size = 4,
|
|
},
|
|
.endianness = DEVICE_NATIVE_ENDIAN,
|
|
};
|
|
diff --git a/hw/timer/trace-events b/hw/timer/trace-events
|
|
index 5cfc369fba..219747df2f 100644
|
|
--- a/hw/timer/trace-events
|
|
+++ b/hw/timer/trace-events
|
|
@@ -114,7 +114,8 @@ hpet_ram_read_reading_counter(uint8_t reg_off, uint64_t cur_tick) "reading count
|
|
hpet_ram_read_invalid(void) "invalid hpet_ram_readl"
|
|
hpet_ram_write(uint64_t addr, uint64_t value) "enter hpet_ram_writel at 0x%" PRIx64 " = 0x%" PRIx64
|
|
hpet_ram_write_timer_id(uint64_t timer_id) "hpet_ram_writel timer_id = 0x%" PRIx64
|
|
-hpet_ram_write_tn_cfg(uint8_t reg_off) "hpet_ram_writel HPET_TN_CFG + %" PRIu8
|
|
+hpet_ram_write_tn_cfg(void) "hpet_ram_writel HPET_TN_CFG"
|
|
+hpet_ram_write_invalid_tn_cfg(uint8_t reg_off) "invalid HPET_TN_CFG + %" PRIu8 " write"
|
|
hpet_ram_write_tn_cmp(uint8_t reg_off) "hpet_ram_writel HPET_TN_CMP + %" PRIu8
|
|
hpet_ram_write_invalid_tn_cmp(void) "invalid HPET_TN_CMP + 4 write"
|
|
hpet_ram_write_invalid(void) "invalid hpet_ram_writel"
|