Hanna Reitz [Tue, 10 Aug 2021 14:04:11 +0000 (16:04 +0200)]
MAINTAINERS: Name and email address change
I have changed my name and email address. Update the MAINTAINERS file
to match, and .mailmap in case anyone wants to send me an email because
of some past commit I authored. (As suggested by Philippe, I put the
.mailmap line into the "preferred name forms" section, considering it
counts as a git author config change.)
Signed-off-by: Hanna Reitz <hreitz@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The audio migration vmstate is empty, and always has been; we can't
just remove it though because an old qemu might send it us.
Changes with -audiodev now mean it's sometimes created when it didn't
used to be, and can confuse migration to old qemu.
Change it so that vmstate_audio is never sent; if it's received it
should still be accepted, and old qemu's shouldn't be too upset if it's
missing.
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210809170956.78536-1-dgilbert@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Volker Rümelin [Tue, 10 Aug 2021 06:32:57 +0000 (08:32 +0200)]
ui/gtk: retry sending VTE console input
Commit 584af1f1d9 ("ui/gtk: add a keyboard fifo to the VTE
consoles") changed the VTE chardev backend code to rely on the
chr_accept_input() callback function. The code expects a
chr_accept_input() call whenever qemu_chr_be_can_write() bytes
were written. It turns out this is wrong. Some chardev
frontends only call this callback after can_write was 0.
Change the code to send data until the keyboard fifo is empty
or qemu_chr_be_can_write() returns 0.
Fixes: 584af1f1d9 ("ui/gtk: add a keyboard fifo to the VTE consoles") Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210810063257.17411-1-vr_qemu@t-online.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
qga: fix leak of base64 decoded data on command error
If the guest command fails to be spawned, then we would leak the decoded
base64 input used for the command's stdin feed.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael Roth <michael.roth@amd.com>
tests: filter out TLS distinguished name in certificate checks
The version of GNUTLS in Fedora 34 has changed the order in which encodes
fields when generating new TLS certificates. This in turn changes the
order seen when querying the distinguished name. This ultimately breaks
the expected output in the NBD TLS iotests. We don't need to be
comparing the exact distinguished name text for the purpose of the test
though, so it is fine to filter it out.
Reported-by: Eric Blake <eblake@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210804180330.3469683-1-berrange@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Tested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Fix the following build failure on musl raised since version 6.0.0 and
https://gitlab.com/qemu-project/qemu/-/commit/4ca37a96a75aafe7a37ba51ab1912b09b7190a6b
because musl does not define FALLOC_FL_ZERO_RANGE:
../block/export/fuse.c: In function 'fuse_fallocate':
../block/export/fuse.c:563:23: error: 'FALLOC_FL_ZERO_RANGE' undeclared (first use in this function)
563 | } else if (mode & FALLOC_FL_ZERO_RANGE) {
| ^~~~~~~~~~~~~~~~~~~~
Peter Maydell [Mon, 9 Aug 2021 14:00:26 +0000 (15:00 +0100)]
Merge remote-tracking branch 'remotes/nvme/tags/nvme-next-pull-request' into staging
hw/nvme fixes
* coverity fixes
# gpg: Signature made Mon 09 Aug 2021 11:53:42 BST
# gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
Klaus Jensen [Mon, 9 Aug 2021 10:34:40 +0000 (12:34 +0200)]
hw/nvme: fix missing variable initializers
Coverity found that 'uuid', 'csi' and 'eui64' are uninitialized. While
we set most of the fields, we do not explicitly set the rsvd2 field in
the NvmeIdNsDescr header.
Fix this by explicitly zero-initializing the variables.
Reported-by: Coverity (CID 1458835, 1459295 and 1459580) Fixes: 6870cfb8140d ("hw/nvme: namespace parameter for EUI-64") Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Alyssa Ross [Fri, 6 Aug 2021 14:49:47 +0000 (14:49 +0000)]
meson: fix logic for gnutls check
The logic before was
if not get_option('gnutls').auto() or have_system
Which is equivalent to
if get_option('gnutls').enabled() or get_option('gnutls').disabled() or have_system
This means that the check for gnutls is performed even if gnutls is
disabled, which means that the build system will insist on having
libtasn1 if gnutls is found, even if gnutls support is disabled.
When gnutls is disabled, the check for gnutls shouldn't be performed,
to ensure that further build system logic (like the check for
libtasn1) doesn't make decisions based on the presence of gnutls,
rather than the gnutls option.
After making this change, I can successfully ./configure --disable-gnutls
on my system with gnutls installed, but not libtasn1.
Signed-off-by: Alyssa Ross <hi@alyssa.is>
Message-Id: <20210806144947.321647-1-hi@alyssa.is> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Peter Maydell [Thu, 5 Aug 2021 17:48:06 +0000 (18:48 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2021-08-05' into staging
QAPI patches patches for 2021-08-05
# gpg: Signature made Thu 05 Aug 2021 15:06:12 BST
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qapi-2021-08-05:
docs: convert writing-qmp-commands.txt to writing-qmp-commands.rst
docs/qapi-code-gen: add cross-references
docs/qapi-code-gen: Beautify formatting
docs: convert qapi-code-gen.txt to ReST
docs/devel/qapi-code-gen: Update examples to match current code
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 5 Aug 2021 15:25:44 +0000 (16:25 +0100)]
Merge remote-tracking branch 'remotes/marcandre/tags/chr-fix-pull-request' into staging
Chardev-related fixes
Hi
Here are some bug fixes worthy for 6.1.
thanks
# gpg: Signature made Thu 05 Aug 2021 13:52:03 BST
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* remotes/marcandre/tags/chr-fix-pull-request:
chardev: report a simpler error about duplicated id
chardev: give some context on chardev-add error
chardev: fix qemu_chr_open_fd() with fd_in==fd_out
chardev: fix qemu_chr_open_fd() being called with fd=-1
chardev: fix fd_chr_add_watch() when in != out
chardev: mark explicitly first argument as poisoned
chardev/socket: print a more correct command-line address
util: fix abstract socket path copy
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Description from Daniel P. Berrangé:
> The original code reported:
>
> "attempt to add duplicate property 'char2' to object (type 'container')"
>
> Since adding yank support, the current code reports
>
> "duplicate yank instance"
>
> With this patch applied it now reports:
>
> "Failed to add chardev 'char2': duplicate yank instance"
>
> This is marginally better, but still not great, not that the original
> error was great either.
>
> It would be nice if we could report
>
> "chardev with id 'char2' already exists"
Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1984721
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
chardev: fix qemu_chr_open_fd() being called with fd=-1
The "file" chardev may call qemu_chr_open_fd() with fd_in=-1. This may
cause invalid system calls, as the QIOChannel is assumed to be properly
initialized later on.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
chardev: mark explicitly first argument as poisoned
Since commit 9894dc0cdcc397ee5b26370bc53da6d360a363c2 "char: convert
from GIOChannel to QIOChannel", the first argument to the watch callback
can actually be a QIOChannel, which is not a GIOChannel (but a QEMU
Object).
Even though we never used that pointer, change the callback type to warn
the users. Possibly a better fix later, we may want to store the
callback and call it from intermediary functions.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Commit 776b97d360 "qemu-sockets: add abstract UNIX domain socket
support" neglected to update socket_sockaddr_to_address_unix() and
copied the whole sun_path without taking "salen" into account.
Later, commit 3b14b4ec49 "sockets: Fix socket_sockaddr_to_address_unix()
for abstract sockets" handled the abstract UNIX path, by stripping the
leading \0 character and fixing address details, but didn't use salen
either.
Not taking "salen" into account may result in incorrect "path" being
returned in monitors commands, as we read past the address which is not
necessarily \0-terminated.
Fixes: 776b97d3605ed0fc94443048fdf988c7725e38a9 Fixes: 3b14b4ec49a801067da19d6b8469eb1c1911c020 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: xiaoqiang zhao <zxq_yx_007@163.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Maydell [Wed, 4 Aug 2021 12:53:38 +0000 (13:53 +0100)]
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging
pc,pci: bugfixes
Small bugfixes all over the place.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Tue 03 Aug 2021 21:32:43 BST
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
Drop _DSM 5 from expected DSDTs on ARM
Revert "acpi/gpex: Inform os to keep firmware resource map"
arm/acpi: allow DSDT changes
acpi: x86: pcihp: add support hotplug on multifunction bridges
hw/pcie-root-port: Fix hotplug for PCI devices requiring IO
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
John Snow [Tue, 20 Jul 2021 23:56:19 +0000 (19:56 -0400)]
docs/qapi-code-gen: add cross-references
Add clickables to many places.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20210720235619.2048797-4-jsnow@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Tue, 20 Jul 2021 23:56:18 +0000 (19:56 -0400)]
docs/qapi-code-gen: Beautify formatting
Mostly, add ``literal`` markers to a lot of things like C types, add
code blocks, and fix the way a few things render.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20210720235619.2048797-3-jsnow@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
John Snow [Tue, 20 Jul 2021 23:56:17 +0000 (19:56 -0400)]
docs: convert qapi-code-gen.txt to ReST
This is a very rudimentary conversion from .txt to .rst changing as
little as possible, but getting it to render somewhat nicely; without
using any Sphinx directives. (It is 'native' ReST.)
Further patches will add cross-references and Sphinx-specific extensions
to make it sparkle.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20210720235619.2048797-2-jsnow@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Markus Armbruster <armbru@redhat.com>
Which this commit, with aarch64 when using efi PCI devices with IO ports
do not work. The reason is that EFI creates I/O port mappings below
0x1000 (in fact, at 0). However Linux, for legacy reasons, does not
support I/O ports <= 0x1000 on PCI, so the I/O assignment created by EFI
is rejected.
EFI creates the mappings primarily for itself, and up until DSM #5
started to be enforced, all PCI resource allocations that existed at
boot were ignored by Linux and recreated from scratch.
Also, the commit in question looks dubious - it seems unlikely that
Linux would fail to create a resource tree. What does
happen is that BARs get moved around, which may cause trouble in some
cases: for instance, Linux had to add special code to the EFI framebuffer
driver to copy with framebuffer BARs being relocated.
DSM #5 has a long history of debate and misinterpretation.
Link: https://lore.kernel.org/r/20210724185234.GA2265457@roeck-us.net/ Fixes: 0cf8882fd06 ("acpi/gpex: Inform os to keep firmware resource map") Reported-by: Guenter Roeck <linux@roeck-us.net> Suggested-by: Ard Biesheuvel <ardb@kernel.org> Acked-by: Ard Biesheuvel <ardb@kernel.org> Tested-by: Guenter Roeck <linux@roeck-us.net> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
We are going to commit ccee1a8140 ("acpi: Update _DSM method in expected files").
Allow changes to DSDT on ARM. Only configs with pci are
affected thus all virt variants but for microvm only the pcie variant.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Igor Mammedov [Fri, 23 Jul 2021 09:04:24 +0000 (05:04 -0400)]
acpi: x86: pcihp: add support hotplug on multifunction bridges
Commit [1] switched PCI hotplug from native to ACPI one by default.
That however breaks hotplug on following CLI that used to work:
-nodefaults -machine q35 \
-device pcie-root-port,id=pcie-root-port-0,multifunction=on,bus=pcie.0,addr=0x1,chassis=1 \
-device pcie-root-port,id=pcie-root-port-1,port=0x1,addr=0x1.0x1,bus=pcie.0,chassis=2
where PCI device is hotplugged to pcie-root-port-1 with error on guest side:
ACPI BIOS Error (bug): Could not resolve symbol [^S0B.PCNT], AE_NOT_FOUND (20201113/psargs-330)
ACPI Error: Aborting method \_SB.PCI0.PCNT due to previous error (AE_NOT_FOUND) (20201113/psparse-531)
ACPI Error: Aborting method \_GPE._E01 due to previous error (AE_NOT_FOUND) (20201113/psparse-531)
ACPI Error: AE_NOT_FOUND, while evaluating GPE method [_E01] (20201113/evgpe-515)
cause is that QEMU's ACPI hotplug never supported functions other then 0
and due to bug it was generating notification entries for not described
functions.
Technically there is no reason not to describe cold-plugged bridges
(root ports) on functions other then 0, as they similarly to bridge
on function 0 are unpluggable.
So since we need to describe multifunction devices iterate over
fuctions as well. But describe only cold-plugged bridges[root ports]
on functions other than 0 as well.
1) Fixes: 17858a169508609ca9063c544833e5a1adeb7b52 (hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35) Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reported-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20210723090424.2092226-1-imammedo@redhat.com> Fixes: 17858a169508609ca9063c544833e5a1adeb7b52 (hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35)<br> Signed-off-by: Igor Mammedov <<a href="mailto:imammedo@redhat.com" target="_blank">imammedo@redhat.com</a>><br> Reported-by: Laurent Vivier <<a href="mailto:lvivier@redhat.com" target="_blank">lvivier@redhat.com</a>><br> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
hw/pcie-root-port: Fix hotplug for PCI devices requiring IO
Q35 has now ACPI hotplug enabled by default for PCI(e) devices.
As opposed to native PCIe hotplug, guests like Fedora 34
will not assign IO range to pcie-root-ports not supporting
native hotplug, resulting into a regression.
Reproduce by:
qemu-bin -M q35 -device pcie-root-port,id=p1 -monitor stdio
device_add e1000,bus=p1
In the Guest OS the respective pcie-root-port will have the IO range
disabled.
Fix it by setting the "reserve-io" hint capability of the
pcie-root-ports so the firmware will allocate the IO range instead.
Acked-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210802090057.1709775-1-marcel@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* remotes/thuth-gitlab/tags/pull-request-2021-08-03:
tests/tcg: Test that compare-and-trap raises SIGFPE
linux-user/s390x: signal with SIGFPE on compare-and-trap
target/s390x: Fix SIGILL and SIGFPE psw.addr reporting
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/sd/sdcard: Fix assertion accessing out-of-range addresses with CMD30
OSS-Fuzz found sending illegal addresses when querying the write
protection bits triggers the assertion added in commit 84816fb63e5
("hw/sd/sdcard: Assert if accessing an illegal group"):
qemu-fuzz-i386-target-generic-fuzz-sdhci-v3: ../hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t):
Assertion `wpnum < sd->wpgrps_size' failed.
#3 0x7f62a8b22c91 in __assert_fail
#4 0x5569adcec405 in sd_wpbits hw/sd/sd.c:824:9
#5 0x5569adce5f6d in sd_normal_command hw/sd/sd.c:1389:38
#6 0x5569adce3870 in sd_do_command hw/sd/sd.c:1737:17
#7 0x5569adcf1566 in sdbus_do_command hw/sd/core.c:100:16
#8 0x5569adcfc192 in sdhci_send_command hw/sd/sdhci.c:337:12
#9 0x5569adcfa3a3 in sdhci_write hw/sd/sdhci.c:1186:9
#10 0x5569adfb3447 in memory_region_write_accessor softmmu/memory.c:492:5
It is legal for the CMD30 to query for out-of-range addresses.
Such invalid addresses are simply ignored in the response (write
protection bits set to 0).
In commit 84816fb63e5 ("hw/sd/sdcard: Assert if accessing an illegal
group") we misplaced the assertion *before* we test the address is
in range. Move it *after*.
Include the qtest reproducer provided by Alexander Bulekov:
$ make check-qtest-i386
...
Running test qtest-i386/fuzz-sdcard-test
qemu-system-i386: ../hw/sd/sd.c:824: sd_wpbits: Assertion `wpnum < sd->wpgrps_size' failed.
Cc: qemu-stable@nongnu.org Reported-by: OSS-Fuzz (Issue 29225) Suggested-by: Peter Maydell <peter.maydell@linaro.org> Fixes: 84816fb63e5 ("hw/sd/sdcard: Assert if accessing an illegal group")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/495 Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210802235524.3417739-3-f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Alexander Bulekov <alxndr@bu.edu>
hw/sd/sdcard: Document out-of-range addresses for SEND_WRITE_PROT
Per the 'Physical Layer Simplified Specification Version 3.01',
Table 4-22: 'Block Oriented Write Protection Commands'
SEND_WRITE_PROT (CMD30)
If the card provides write protection features, this command asks
the card to send the status of the write protection bits [1].
[1] 32 write protection bits (representing 32 write protect groups
starting at the specified address) [...]
The last (least significant) bit of the protection bits corresponds
to the first addressed group. If the addresses of the last groups
are outside the valid range, then the corresponding write protection
bits shall be set to 0.
Split the if() statement (without changing the behaviour of the code)
to better position the description comment.
Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210802235524.3417739-2-f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Alexander Bulekov <alxndr@bu.edu>
Kevin Wolf [Tue, 27 Jul 2021 15:49:23 +0000 (17:49 +0200)]
block: Fix in_flight leak in request padding error path
When bdrv_pad_request() fails in bdrv_co_preadv_part(), bs->in_flight
has been increased, but is never decreased again. This leads to a hang
when trying to drain the block node.
This bug was observed with Windows guests which issue a request that
fully uses IOV_MAX during installation, so that when padding is
necessary (O_DIRECT with a 4k sector size block device on the host),
adding another entry causes failure.
Call bdrv_dec_in_flight() to fix this. There is a larger problem to
solve here because this request shouldn't even fail, but Windows doesn't
seem to care and with this minimal fix the installation succeeds. So
given that we're already in freeze, let's take this minimal fix for 6.1.
Fixes: 98ca45494fcd6bf0336ecd559e440b6de6ea4cd3 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1972079 Reported-by: Qing Wang <qinwang@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210727154923.91067-1-kwolf@redhat.com> Reviewed-by: Max Reitz <mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
tests/tcg: Test that compare-and-trap raises SIGFPE
Signed-off-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com>
Message-Id: <20210709160459.4962-3-jonathan.albrecht@linux.vnet.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
linux-user/s390x: signal with SIGFPE on compare-and-trap
Currently when a compare-and-trap instruction is executed, qemu will
always raise a SIGILL signal. On real hardware, a SIGFPE is raised.
Change the PGM_DATA case in cpu_loop to follow the behavior in
linux kernel /arch/s390/kernel/traps.c.
* Only raise SIGILL if DXC == 0
* If DXC matches a non-simulated IEEE exception, raise SIGFPE with
correct si_code
* Raise SIGFPE with si_code == 0 for everything else
When applied on 20210705210434.45824-2-iii@linux.ibm.com, this fixes
crashes in the java jdk such as the linked bug.
Signed-off-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Buglink: https://bugs.launchpad.net/qemu/+bug/1920913
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/319
Message-Id: <20210709160459.4962-2-jonathan.albrecht@linux.vnet.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
target/s390x: Fix SIGILL and SIGFPE psw.addr reporting
For SIGILL, SIGFPE and SIGTRAP the PSW must point after the
instruction, and at the instruction for other signals. Currently under
qemu-user for SIGFILL and SIGFPE it points at the instruction.
Fix by advancing psw.addr for these signals.
Co-developed-by: Ulrich Weigand <ulrich.weigand@de.ibm.com> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: David Hildenbrand <david@redhat.com> Buglink: https://gitlab.com/qemu-project/qemu/-/issues/319
Message-Id: <20210705210434.45824-2-iii@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Switch from stable-4.2 branch to upstream v4.6.1 release + fixes.
## [Unreleased]
### Fixed
- Haiku fixes. !98 !99
- Fix a minor DHCP regression introduced in 4.6.0. !97
## [4.6.1] - 2021-06-18
### Fixed
- Fix DHCP regression introduced in 4.6.0. !95
## [4.6.0] - 2021-06-14
### Added
- mbuf: Add debugging helpers for allocation. !90
### Changed
- Revert "Set macOS deployment target to macOS 10.4". !93
### Fixed
- mtod()-related buffer overflows (CVE-2021-3592 #44, CVE-2021-3593 #45,
CVE-2021-3594 #47, CVE-2021-3595 #46).
- poll_fd: add missing fd registration for UDP and ICMP
- ncsi: make ncsi_calculate_checksum work with unaligned data. !89
- Various typos and doc fixes. !88
## [4.5.0] - 2021-05-18
### Added
- IPv6 forwarding. !62 !75 !77
- slirp_neighbor_info() to dump the ARP/NDP tables. !71
### Changed
- Lazy guest address resolution for IPv6. !81
- Improve signal handling when spawning a child. !61
- Set macOS deployment target to macOS 10.4. !72
- slirp_add_hostfwd: Ensure all error paths set errno. !80
- More API documentation.
### Fixed
- Assertion failure on unspecified IPv6 address. !86
- Disable polling for PRI on MacOS, fixing some closing streams issues. !73
- Various memory leak fixes on fastq/batchq. !68
- Memory leak on IPv6 fast-send. !67
- Slow socket response on Windows. !64
- Misc build and code cleanups. !60 !63 !76 !79 !84
- socket: consume empty packets. !55
- check pkt_len before reading protocol header (CVE-2020-29129). !57
- ip_stripoptions use memmove (fixes undefined behaviour). !47
- various Coverity-related changes/fixes.
## [4.3.1] - 2020-07-08
### Changed
- A silent truncation could occur in `slirp_fmt()`, which will now print a
critical message. See also #22.
### Fixed
- CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data leakage.
See !44 and !42.
- Fix win32 builds by using the SLIRP_PACKED definition.
- Various coverity scan errors fixed. !41
- Fix new GCC warnings. !43
## [4.3.0] - 2020-04-22
### Added
- `SLIRP_VERSION_STRING` macro, with the git sha suffix when building from git
- `SlirpConfig.disable_dns`, to disable DNS redirection #16
### Changed
- `slirp_version_string()` now has the git sha suffix when building form git
- Limit DNS redirection to port 53 #16
### Fixed
- Fix build regression with mingw & NetBSD
- Fix use-afte-free in `ip_reass()` (CVE-2020-1983)
Michael Roth [Tue, 3 Aug 2021 03:28:58 +0000 (22:28 -0500)]
qga-win/msi: fix missing libstdc++-6 DLL in MSI installer
libstdc++ is required for the qga-vss.dll that provides fsfreeze
functionality. Currently it is not provided by the MSI installer,
resulting in fsfreeze being disabled in guest environments where it has
not been installed by other means.
In the future this would be better handled via gcc-cpp ComponentGroup
provided by msitools, but that would be better handled with a general
rework of DLL dependency handling in the installer build. Keep it
simple for now to fix this regression.
The g_regex_match function creates match_info even if it
returns FALSE. So we should always call g_match_info_free.
A better solution is using g_autoptr for match_info variable.
Signed-off-by: Kostiantyn Kostiuk <konstantin@daynix.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Michael Roth <michael.roth@amd.com>
qga-win: Increase VSS freeze timeout to 60 secs instead of 10
Currently Requester freeze times out after 10 seconds, while
the default timeout for Writer Freeze is 60 seconds. according to
VSS Documentation [1].
[1]: https://docs.microsoft.com/en-us/windows/win32/vss/overview-of-processing-a-backup-under-vss
* remotes/bonzini-gitlab/tags/for-upstream:
coverity-model: write models fully for non-array allocation functions
coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL
coverity-model: clean up the models for array allocation functions
coverity-model: remove model for more allocation functions
coverity-model: make g_free a synonym of free
coverity-model: update address_space_read/write models
vl: stop recording -smp in QemuOpts
vl: introduce machine_merge_property
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 2 Aug 2021 11:59:00 +0000 (12:59 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210802' into staging
target-arm queue:
* Add documentation of Arm 'mainstone', 'kzm', 'imx25-pdk' boards
* MAINTAINERS: Don't list Andrzej Zaborowski for various components
* docs: Remove stale TODO comments about license and version
* docs: Move licence/copyright from HTML output to rST comments
* docs: Format literal text correctly
* hw/arm/boot: Report error if there is no fw_cfg device in the machine
* docs: rSTify barrier.txt and bootindex.txt
* remotes/pmaydell/tags/pull-target-arm-20210802: (21 commits)
docs: Move user-facing barrier docs into system manual
ui/input-barrier: Move TODOs from barrier.txt to a comment
docs: Move the protocol part of barrier.txt into interop
docs: Move bootindex.txt into system section and rstify
hw/arm/boot: Report error if there is no fw_cfg device in the machine
docs/tools/virtiofsd.rst: Delete stray backtick
docs/about/removed-features: Fix markup error
docs: Format literals correctly
docs/system/arm/cpu-features.rst: Format literals correctly
docs/system/s390x/protvirt.rst: Format literals correctly
docs/devel: Format literals correctly
docs/devel/migration.rst: Format literals correctly
docs/devel/ebpf_rss.rst: Format literals correctly
docs/devel/build-system.rst: Correct typo in example code
docs/devel/build-system.rst: Format literals correctly
docs: Move licence/copyright from HTML output to rST comments
docs: Remove stale TODO comments about license and version
MAINTAINERS: Don't list Andrzej Zaborowski for various components
docs: Add documentation of Arm 'imx25-pdk' board
docs: Add documentation of Arm 'kzm' board
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 27 Jul 2021 20:41:12 +0000 (21:41 +0100)]
docs: Move user-facing barrier docs into system manual
The remaining text in docs/barrier.txt is user-facing description
of what the device is and how to use it. Move this into the
system manual and rstify it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210727204112.12579-4-peter.maydell@linaro.org
Peter Maydell [Tue, 27 Jul 2021 20:41:10 +0000 (21:41 +0100)]
docs: Move the protocol part of barrier.txt into interop
Most of docs/barrier.txt is describing the protocol implemented
by the input-barrier device. Move this into the interop
section of the manual, and rstify it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-id: 20210727204112.12579-2-peter.maydell@linaro.org
Peter Maydell [Tue, 27 Jul 2021 19:49:55 +0000 (20:49 +0100)]
docs: Move bootindex.txt into system section and rstify
Move bootindex.txt into the system section of the manual and turn it
into rST format. To make the document make more sense in the context
of the system manual, expand the title and introductory paragraphs to
give more context.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20210727194955.7764-1-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 16:33:51 +0000 (17:33 +0100)]
hw/arm/boot: Report error if there is no fw_cfg device in the machine
If the user provides both a BIOS/firmware image and also a guest
kernel filename, arm_setup_firmware_boot() will pass the
kernel image to the firmware via the fw_cfg device. However we
weren't checking whether there really was a fw_cfg device present,
and if there wasn't we would crash.
This crash can be provoked with a command line such as
qemu-system-aarch64 -M raspi3 -kernel /dev/null -bios /dev/null -display none
It is currently only possible on the raspi3 machine, because unless
the machine sets info->firmware_loaded we won't call
arm_setup_firmware_boot(), and the only machines which set that are:
* virt (has a fw-cfg device)
* sbsa-ref (checks itself for kernel_filename && firmware_loaded)
* raspi3 (crashes)
But this is an unfortunate beartrap to leave for future machine
model implementors, so we should handle this situation in boot.c.
Check in arm_setup_firmware_boot() whether the fw-cfg device exists
before trying to load files into it, and if it doesn't exist then
exit with a hopefully helpful error message.
Because we now handle this check in a machine-agnostic way, we
can remove the check from sbsa-ref.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/503 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210726163351.32086-1-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:38 +0000 (15:23 +0100)]
docs/tools/virtiofsd.rst: Delete stray backtick
The documentation of the posix_acl option has a stray backtick
at the end of the text (which is rendered literally into the HTML).
Delete it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20210726142338.31872-11-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:37 +0000 (15:23 +0100)]
docs/about/removed-features: Fix markup error
The section describing the removed feature "-usbdevice ccid" had a
typo so the markup started with single backtick and ended with double
backtick; fix it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-10-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:36 +0000 (15:23 +0100)]
docs: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").
The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).
This commit fixes various places in the manual which were
using single backticks when double backticks (for literal text)
were intended, and covers those files where only one or two
instances of these errors were made.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 26 Jul 2021 14:23:35 +0000 (15:23 +0100)]
docs/system/arm/cpu-features.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").
The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).
To format a literal (generally rendered as fixed-width font),
double-backticks are required.
cpu-features.rst consistently uses single backticks when double backticks
are required; correct it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-8-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:34 +0000 (15:23 +0100)]
docs/system/s390x/protvirt.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").
The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).
To format a literal (generally rendered as fixed-width font),
double-backticks are required.
protvirt.rst consistently uses single backticks when double backticks
are required; correct it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20210726142338.31872-7-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:33 +0000 (15:23 +0100)]
docs/devel: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").
The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).
Fix various places in the devel section of the manual which were
using single backticks when double backticks (for literal text)
were intended.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-6-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:32 +0000 (15:23 +0100)]
docs/devel/migration.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").
The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).
To format a literal (generally rendered as fixed-width font),
double-backticks are required.
Mostly migration.rst gets this right, but some places incorrectly use
single backticks where double backticks were intended; correct them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20210726142338.31872-5-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:31 +0000 (15:23 +0100)]
docs/devel/ebpf_rss.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").
The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).
To format a literal (generally rendered as fixed-width font),
double-backticks are required.
ebpf_rss.rst gets this wrong in a few places; correct them.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-4-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:30 +0000 (15:23 +0100)]
docs/devel/build-system.rst: Correct typo in example code
One of the example meson.build fragments incorrectly quotes some
symbols as 'CONFIG_FOO`; the correct syntax here is 'CONFIG_FOO'.
(This isn't a rST formatting mistake because the example is displayed
literally; it's just the wrong kind of quote.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-3-peter.maydell@linaro.org
Peter Maydell [Mon, 26 Jul 2021 14:23:29 +0000 (15:23 +0100)]
docs/devel/build-system.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").
The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).
build-system.rst seems to have been written under the mistaken
assumption that single-backticks mark up literal text (function
names, etc) which should be rendered in a fixed-width font.
The rST markup for this is ``double backticks``.
Update all the markup.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210726142338.31872-2-peter.maydell@linaro.org
Peter Maydell [Thu, 22 Jul 2021 19:20:16 +0000 (20:20 +0100)]
docs: Move licence/copyright from HTML output to rST comments
Our built HTML documentation now has a standard footer which
gives the license for QEMU (and its documentation as a whole).
In almost all pages, we either don't bother to state the
copyright/license for the individual rST sources, or we put
it in an rST comment. There are just three pages which render
copyright or license information into the user-visible HTML.
Quoting a specific (different) license for an individual HTML
page within the manual is confusing. Downgrade the license
and copyright info to a comment within the rST source, bringing
these pages in line with the rest of our documents.
Suggested-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Cleber Rosa <crosa@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20210722192016.24915-3-peter.maydell@linaro.org
Peter Maydell [Thu, 22 Jul 2021 19:20:15 +0000 (20:20 +0100)]
docs: Remove stale TODO comments about license and version
Since commits 13f934e79fa and 3a50c8f3067aaf, our HTML docs include a
footer to all pages stating the license and version. We can
therefore delete the TODO comments suggesting we should do that from
our .rst files.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Cleber Rosa <crosa@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20210722192016.24915-2-peter.maydell@linaro.org
Peter Maydell [Thu, 22 Jul 2021 18:09:51 +0000 (19:09 +0100)]
MAINTAINERS: Don't list Andrzej Zaborowski for various components
Andrzej Zaborowski is listed as an "Odd Fixes" maintainer for the
nSeries, Palm and PXA2XX boards, as well as the "Maintained" status
Arm 32-bit TCG backend.
Andrzej's last email to qemu-devel was back in 2017, and the email
before that was all the way back in 2013. We don't really need to
fill his email up with CCs on QEMU patches any more...
Remove Andrzej from the various boards sections (leaving them still
Odd Fixes with me as the backup patch reviewer). Add Richard
Henderson as the maintainer for the Arm TCG backend, since removing
Andrzej would otherwise leave that section with no M: line at all.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210722180951.29802-1-peter.maydell@linaro.org
Peter Maydell [Thu, 22 Jul 2021 17:52:29 +0000 (18:52 +0100)]
docs: Add documentation of Arm 'imx25-pdk' board
Add brief documentation of the Arm 'imx25-pdk' board.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210722175229.29065-4-peter.maydell@linaro.org
Peter Maydell [Thu, 22 Jul 2021 17:52:28 +0000 (18:52 +0100)]
docs: Add documentation of Arm 'kzm' board
Add brief documentation of the Arm 'kzm' board.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210722175229.29065-3-peter.maydell@linaro.org
Peter Maydell [Thu, 22 Jul 2021 17:52:27 +0000 (18:52 +0100)]
docs: Add documentation of Arm 'mainstone' board
Add brief documentation of the Arm 'mainstone' board.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210722175229.29065-2-peter.maydell@linaro.org
Peter Maydell [Mon, 2 Aug 2021 08:47:07 +0000 (09:47 +0100)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Mon 02 Aug 2021 05:23:19 BST
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
hw/net: e1000e: Don't zero out the VLAN tag in the legacy RX descriptor
hw/net: e1000e: Correct the initial value of VET register
hw/net: e1000: Correct the initial value of VET register
hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes
hw/net/vmxnet3: Do not abort QEMU if guest specified bad queue numbers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Christina Wang [Fri, 23 Jul 2021 07:55:12 +0000 (15:55 +0800)]
hw/net: e1000e: Don't zero out the VLAN tag in the legacy RX descriptor
In the legacy RX descriptor mode, VLAN tag was saved to d->special
by e1000e_build_rx_metadata() in e1000e_write_lgcy_rx_descr(), but
it was then zeroed out again at the end of the call, which is wrong.
Fixes: c89d416a2b0f ("e1000e: Don't zero out buffer address in rx descriptor") Reported-by: Markus Carlstedt <markus.carlstedt@windriver.com> Signed-off-by: Christina Wang <christina.wang@windriver.com> Signed-off-by: Bin Meng <bin.meng@windriver.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Christina Wang [Fri, 23 Jul 2021 07:55:11 +0000 (15:55 +0800)]
hw/net: e1000e: Correct the initial value of VET register
The initial value of VLAN Ether Type (VET) register is 0x8100, as per
the manual and real hardware.
While Linux e1000e driver always writes VET register to 0x8100, it is
not always the case for everyone. Drivers relying on the reset value
of VET won't be able to transmit and receive VLAN frames in QEMU.
Unlike e1000 in QEMU, e1000e uses a field 'vet' in "struct E1000Core"
to cache the value of VET register, but the cache only gets updated
when VET register is written. To always get a consistent VET value
no matter VET is written or remains its reset value, drop the 'vet'
field and use 'core->mac[VET]' directly.
Reported-by: Markus Carlstedt <markus.carlstedt@windriver.com> Signed-off-by: Christina Wang <christina.wang@windriver.com> Signed-off-by: Bin Meng <bin.meng@windriver.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Christina Wang [Fri, 23 Jul 2021 07:55:10 +0000 (15:55 +0800)]
hw/net: e1000: Correct the initial value of VET register
The initial value of VLAN Ether Type (VET) register is 0x8100, as per
the manual and real hardware.
While Linux e1000 driver always writes VET register to 0x8100, it is
not always the case for everyone. Drivers relying on the reset value
of VET won't be able to transmit and receive VLAN frames in QEMU.
Reported-by: Markus Carlstedt <markus.carlstedt@windriver.com> Signed-off-by: Christina Wang <christina.wang@windriver.com> Signed-off-by: Bin Meng <bin.meng@windriver.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
Pavel Pisa [Thu, 29 Jul 2021 12:33:27 +0000 (14:33 +0200)]
hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes
Problem reported by openEuler fuzz-sig group.
The buff2frame_bas function (hw\net\can\can_sja1000.c)
infoleak(qemu5.x~qemu6.x) or stack-overflow(qemu 4.x).
Reported-by: Qiang Ning <ningqiang1@huawei.com> Cc: qemu-stable@nongnu.org Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz> Signed-off-by: Jason Wang <jasowang@redhat.com>
Thomas Huth [Wed, 21 Jul 2021 14:15:59 +0000 (16:15 +0200)]
hw/net/vmxnet3: Do not abort QEMU if guest specified bad queue numbers
QEMU should never terminate unexpectedly just because the guest is
doing something wrong like specifying wrong queue numbers. Let's
simply refuse to set the device active in this case.
* remotes/rth-gitlab/tags/pull-tcg-20210730:
target/nios2: Mark raise_exception() as noreturn
accel/tcg: Remove double bswap for helper_atomic_sto_*_mmu
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Tue, 27 Jul 2021 16:03:16 +0000 (18:03 +0200)]
coverity-model: write models fully for non-array allocation functions
Coverity seems to have issues figuring out the properties of g_malloc0
and other non *_n functions. While this was "fixed" by removing the
custom second argument to __coverity_mark_as_afm_allocated__, inline
the code from the array-based allocation functions to avoid future
issues.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Wed, 28 Jul 2021 17:12:22 +0000 (19:12 +0200)]
coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL
g_malloc/g_malloc0/g_realloc only return NULL if the size is 0; we do not need
to cover that in the model, and so far have expected __coverity_alloc__
to model a non-NULL return value. But that apparently does not work
anymore, so add some extra conditionals that invoke __coverity_panic__
for NULL pointers.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 27 Jul 2021 15:56:04 +0000 (17:56 +0200)]
coverity-model: remove model for more allocation functions
These models are not needed anymore now that Coverity does not check
anymore that the result is used with "g_free". Coverity understands
GCC attributes and uses them to detect leaks.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 27 Jul 2021 15:54:15 +0000 (17:54 +0200)]
coverity-model: make g_free a synonym of free
Recently, Coverity has started complaining about using g_free() to free
memory areas allocated by GLib functions not included in model.c,
such as g_strfreev. This unfortunately goes against the GLib
documentation, which suggests that g_malloc() should be matched
with g_free() and plain malloc() with free(); since GLib 2.46 however
g_malloc() is hardcoded to always use the system malloc implementation,
and g_free is just "free" plus a tracepoint. Therefore, this
should not cause any problem in practice.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Use void * for consistency with the actual function; provide a model
for MemoryRegionCache functions and for address_space_rw. These
let Coverity understand the bounds of the data that various functions
read and write even at very high levels of inlining (e.g. pci_dma_read).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 29 Jul 2021 14:03:43 +0000 (16:03 +0200)]
vl: stop recording -smp in QemuOpts
-readconfig is still recording SMP options in QemuOpts instead of
using machine_opts_dict. This means that SMP options from -readconfig
are ignored.
Just stop using QemuOpts for -smp, making it return false for
is_qemuopts_group. Configuration files will merge the values in
machine_opts_dict using the new function machine_merge_property.
At the same time, fix -mem-prealloc which looked at QemuOpts to find the
number of guest CPUs, which it used as the default number of preallocation
threads.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 29 Jul 2021 13:53:27 +0000 (15:53 +0200)]
vl: introduce machine_merge_property
It will be used to parse smp-opts config groups from configuration
files. The point to note is that it does not steal a reference
from the caller. This is better because this function will be called
from qemu_config_foreach's callback; qemu_config_foreach does not cede
its reference to the qdict to the callback, and wants to free it. To
balance that extra reference, machine_parse_property_opt now needs
a qobject_unref.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* remotes/stefanha-gitlab/tags/block-pull-request:
MAINTAINERS: Added myself as a reviewer for the NVMe Block Driver
block/io_uring: resubmit when result is -EAGAIN
MAINTAINERS: add Stefano Garzarella as io_uring reviewer
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kraxel/tags/usb-20210729-pull-request:
docs: Fold usb2.txt passthrough information into usb.rst
docs: Fold usb2.txt physical port addressing info into usb.rst
docs: Fold usb2.txt USB controller information into usb.rst
docs: Incorporate information in usb-storage.txt into rST manual
usbredir: fix free call
ci: add libusb for windows builds
usb-host: wire up timer for windows
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
MAINTAINERS: Added myself as a reviewer for the NVMe Block Driver
I'm interested in following the activity around the NVMe bdrv.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210728183340.2018313-1-philmd@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
projects / qemu-xen.git / log