OSDN Git Service
Daniel P. Berrangé [Fri, 19 Feb 2021 17:47:31 +0000 (17:47 +0000)]
ui, monitor: remove deprecated VNC ACL option and HMP commands
The VNC ACL concept has been replaced by the pluggable "authz" framework
which does not use monitor commands.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Peter Maydell [Wed, 17 Mar 2021 21:02:37 +0000 (21:02 +0000)]
Merge remote-tracking branch 'remotes/mcayland/tags/qemu-openbios-
20210316' into staging
qemu-openbios queue
# gpg: Signature made Tue 16 Mar 2021 20:36:15 GMT
# gpg: using RSA key
CC621AB98E82200D915CC9C45BC2C56FAE0F321F
# gpg: issuer "mark.cave-ayland@ilande.co.uk"
# gpg: Good signature from "Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>" [full]
# Primary key fingerprint: CC62 1AB9 8E82 200D 915C C9C4 5BC2 C56F AE0F 321F
* remotes/mcayland/tags/qemu-openbios-
20210316:
Update OpenBIOS images to
4a004110 built from submodule.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 19:30:13 +0000 (19:30 +0000)]
Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-
20210316.0' into staging
VFIO update 2021-03-16
* Fix "listerner" typo (Zenghui Yu)
* Inclusive language and MAINTAINERS update (Philippe Mathieu-Daudé)
* vIOMMU unmap notifier fixes (Eric Auger)
* Migration fixes and optimizations (Shenming Lu)
* Use host page size for dirty bitmap (Kunkun Jiang)
* Use log_global_start/stop to switch dirty tracking (Keqian Zhu)
# gpg: Signature made Tue 16 Mar 2021 16:59:10 GMT
# gpg: using RSA key
239B9B6E3BB08B22
# gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full]
# gpg: aka "Alex Williamson <alex@shazbot.org>" [full]
# gpg: aka "Alex Williamson <alwillia@redhat.com>" [full]
# gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" [full]
# Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22
* remotes/awilliam/tags/vfio-update-
20210316.0:
vfio/migrate: Move switch of dirty tracking into vfio_memory_listener
vfio: Support host translation granule size
vfio: Avoid disabling and enabling vectors repeatedly in VFIO migration
vfio: Set the priority of the VFIO VM state change handler explicitly
vfio: Move the saving of the config space to the right place in VFIO migration
spapr_iommu: Fix vhost integration regression
vfio: Do not register any IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifier
MAINTAINERS: Cover docs/igd-assign.txt in VFIO section
hw/vfio/pci-quirks: Replace the word 'blacklist'
vfio: Fix vfio_listener_log_sync function name typo
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 18:28:03 +0000 (18:28 +0000)]
Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-
20210316' into staging
9pfs: code cleanup
* Use lock-guard design pattern instead of manual lock/unlock.
# gpg: Signature made Tue 16 Mar 2021 10:49:09 GMT
# gpg: using RSA key
96D8D110CF7AF8084F88590134C2B58765A47395
# gpg: issuer "qemu_oss@crudebyte.com"
# gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38 4926 30DB 47C3 A012 D5F4
# Subkey fingerprint: 96D8 D110 CF7A F808 4F88 5901 34C2 B587 65A4 7395
* remotes/cschoenebeck/tags/pull-9p-
20210316:
hw/9pfs/9p-synth: Replaced qemu_mutex_lock with QEMU_LOCK_GUARD
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 17:14:45 +0000 (17:14 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/audio-
20210316-pull-request' into staging
coreaudio fixes and cleanups.
# gpg: Signature made Tue 16 Mar 2021 10:47:36 GMT
# gpg: using RSA key
A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/audio-
20210316-pull-request:
coreaudio: Handle output device change
coreaudio: Extract device operations
coreaudio: Drop support for macOS older than 10.6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 15:01:09 +0000 (15:01 +0000)]
Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-
20210316' into staging
s390x updates:
- get rid of legacy_s390_alloc() and phys_mem_set_alloc()
- tcg: implement the MVPG condition-code-option bit
- fix g_autofree variable handing in the pci vfio code
- use official z15 names in the cpu model definitions
# gpg: Signature made Tue 16 Mar 2021 10:04:21 GMT
# gpg: using RSA key
C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg: issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF
* remotes/cohuck-gitlab/tags/s390x-
20210316:
s390x/pci: Add missing initialization for g_autofree variables
target/s390x: Store r1/r2 for page-translation exceptions during MVPG
target/s390x: Implement the MVPG condition-code-option bit
s390x/cpu_model: use official name for 8562
exec: Get rid of phys_mem_set_alloc()
s390x/kvm: Get rid of legacy_s390_alloc()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 13:38:15 +0000 (13:38 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/ui-
20210316-pull-request' into staging
vnc+spice: password-secret option.
bugfixes for cocoa, vnc, opengl.
# gpg: Signature made Tue 16 Mar 2021 05:37:58 GMT
# gpg: using RSA key
A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/ui-
20210316-pull-request:
ui/cocoa: Comment about modifier key input quirks
ui: fold qemu_alloc_display in only caller
ui: honour the actual guest display dimensions without rounding
ui: use client width/height in WMVi message
ui: avoid sending framebuffer updates outside client desktop bounds
ui: add more trace points for VNC client/server messages
ui/cocoa: Do not exit immediately after shutdown
opengl: Do not convert format with glTexImage2D on OpenGL ES
ui: deprecate "password" option for SPICE server
ui: introduce "password-secret" option for SPICE server
ui: introduce "password-secret" option for VNC servers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 10:38:27 +0000 (10:38 +0000)]
Merge remote-tracking branch 'remotes/vivier/tags/m68k-for-6.0-pull-request' into staging
m68k pull request
20210315
Add m68k virt machine
# gpg: Signature made Mon 15 Mar 2021 20:41:51 GMT
# gpg: using RSA key
CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg: issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier/tags/m68k-for-6.0-pull-request:
m68k: add Virtual M68k Machine
m68k: add a system controller
m68k: add an interrupt controller
hw/intc: add goldfish-pic
hw/char: add goldfish-tty
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 09:07:28 +0000 (09:07 +0000)]
Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-
20210315' into staging
virtiofs and migration pull 2021-03-15
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
# gpg: Signature made Mon 15 Mar 2021 20:03:03 GMT
# gpg: using RSA key
45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert-gitlab/tags/pull-virtiofs-
20210315:
migration: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
monitor: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
migration/tls: add error handling in multifd_tls_handshake_thread
migration/tls: fix inverted semantics in multifd_channel_connect
virtiofsd: Convert some functions to return bool
virtiofsd: Don't allow empty paths in lookup_name()
virtiofsd: Don't allow empty filenames
virtiofsd: Add qemu version and copyright info
virtiofsd: Release vu_dispatch_lock when stopping queue
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 16 Mar 2021 21:08:07 +0000 (21:08 +0000)]
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-misc-
20210315' into staging
Fix qemu_strtosz testsuite failures for i686.
# gpg: Signature made Mon 15 Mar 2021 18:49:12 GMT
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth-gitlab/tags/pull-misc-
20210315:
utils: Use fixed-point arithmetic in qemu_strtosz
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Mark Cave-Ayland [Tue, 16 Mar 2021 08:20:56 +0000 (08:20 +0000)]
Update OpenBIOS images to
4a004110 built from submodule.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Keqian Zhu [Tue, 9 Mar 2021 03:19:13 +0000 (11:19 +0800)]
vfio/migrate: Move switch of dirty tracking into vfio_memory_listener
For now the switch of vfio dirty page tracking is integrated into
@vfio_save_handler. The reason is that some PCI vendor driver may
start to track dirty base on _SAVING state of device, so if dirty
tracking is started before setting device state, vfio will report
full-dirty to QEMU.
However, the dirty bmap of all ramblocks are fully set when setup
ram saving, so it's not matter whether the device is in _SAVING
state when start vfio dirty tracking.
Moreover, this logic causes some problems [1]. The object of dirty
tracking is guest memory, but the object of @vfio_save_handler is
device state, which produces unnecessary coupling and conflicts:
1. Coupling: Their saving granule is different (perVM vs perDevice).
vfio will enable dirty_page_tracking for each devices, actually
once is enough.
2. Conflicts: The ram_save_setup() traverses all memory_listeners
to execute their log_start() and log_sync() hooks to get the
first round dirty bitmap, which is used by the bulk stage of
ram saving. However, as vfio dirty tracking is not yet started,
it can't get dirty bitmap from vfio. Then we give up the chance
to handle vfio dirty page at bulk stage.
Move the switch of vfio dirty_page_tracking into vfio_memory_listener
can solve above problems. Besides, Do not require devices in SAVING
state for vfio_sync_dirty_bitmap().
[1] https://www.spinics.net/lists/kvm/msg229967.html
Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Keqian Zhu <zhukeqian1@huawei.com>
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <
20210309031913.11508-1-zhukeqian1@huawei.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Kunkun Jiang [Thu, 4 Mar 2021 13:34:46 +0000 (21:34 +0800)]
vfio: Support host translation granule size
The cpu_physical_memory_set_dirty_lebitmap() can quickly deal with
the dirty pages of memory by bitmap-traveling, regardless of whether
the bitmap is aligned correctly or not.
cpu_physical_memory_set_dirty_lebitmap() supports pages in bitmap of
host page size. So it'd better to set bitmap_pgsize to host page size
to support more translation granule sizes.
[aw: The Fixes commit below introduced code to restrict migration
support to configurations where the target page size intersects the
host dirty page support. For example, a 4K guest on a 4K host.
Due to the above flexibility in bitmap handling, this restriction
unnecessarily prevents mixed target/host pages size that could
otherwise be supported. Use host page size for dirty bitmap.]
Fixes:
87ea529c502 ("vfio: Get migration capability flags for container")
Signed-off-by: Kunkun Jiang <jiangkunkun@huawei.com>
Message-Id: <
20210304133446.1521-1-jiangkunkun@huawei.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Shenming Lu [Wed, 10 Mar 2021 03:02:33 +0000 (11:02 +0800)]
vfio: Avoid disabling and enabling vectors repeatedly in VFIO migration
In VFIO migration resume phase and some guest startups, there are
already unmasked vectors in the vector table when calling
vfio_msix_enable(). So in order to avoid inefficiently disabling
and enabling vectors repeatedly, let's allocate all needed vectors
first and then enable these unmasked vectors one by one without
disabling.
Signed-off-by: Shenming Lu <lushenming@huawei.com>
Message-Id: <
20210310030233.1133-4-lushenming@huawei.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Shenming Lu [Wed, 10 Mar 2021 03:02:32 +0000 (11:02 +0800)]
vfio: Set the priority of the VFIO VM state change handler explicitly
In the VFIO VM state change handler when stopping the VM, the _RUNNING
bit in device_state is cleared which makes the VFIO device stop, including
no longer generating interrupts. Then we can save the pending states of
all interrupts in the GIC VM state change handler (on ARM).
So we have to set the priority of the VFIO VM state change handler
explicitly (like virtio devices) to ensure it is called before the
GIC's in saving.
Signed-off-by: Shenming Lu <lushenming@huawei.com>
Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <
20210310030233.1133-3-lushenming@huawei.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Shenming Lu [Wed, 10 Mar 2021 03:02:31 +0000 (11:02 +0800)]
vfio: Move the saving of the config space to the right place in VFIO migration
On ARM64 the VFIO SET_IRQS ioctl is dependent on the VM interrupt
setup, if the restoring of the VFIO PCI device config space is
before the VGIC, an error might occur in the kernel.
So we move the saving of the config space to the non-iterable
process, thus it will be called after the VGIC according to
their priorities.
As for the possible dependence of the device specific migration
data on it's config space, we can let the vendor driver to
include any config info it needs in its own data stream.
Signed-off-by: Shenming Lu <lushenming@huawei.com>
Reviewed-by: Kirti Wankhede <kwankhede@nvidia.com>
Message-Id: <
20210310030233.1133-2-lushenming@huawei.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Eric Auger [Tue, 9 Feb 2021 21:32:33 +0000 (22:32 +0100)]
spapr_iommu: Fix vhost integration regression
Previous work on dev-iotlb message broke spapr_iommu/vhost integration
as it did for SMMU and virtio-iommu. The spapr_iommu currently
only sends IOMMU_NOTIFIER_UNMAP notifications. Since commit
958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support"),
VHOST first tries to register IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifier
and if it fails, falls back to legacy IOMMU_NOTIFIER_UNMAP. So
spapr_iommu must fail on the IOMMU_NOTIFIER_DEVIOTLB_UNMAP
registration.
Reported-by: Peter Xu <peterx@redhat.com>
Fixes:
b68ba1ca5767 ("memory: Add IOMMU_NOTIFIER_DEVIOTLB_UNMAP IOMMUTLBNotificationType")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <
20210209213233.40985-3-eric.auger@redhat.com>
Acked-by: David Gibson <david@gibson.dropbear.id.au>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Eric Auger [Tue, 9 Feb 2021 21:32:32 +0000 (22:32 +0100)]
vfio: Do not register any IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifier
In an attempt to fix smmu/virtio-iommu - vhost regression, commit
958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support")
broke virtio-iommu integration. This is due to the fact VFIO registers
IOMMU_NOTIFIER_ALL notifiers, which includes IOMMU_NOTIFIER_DEVIOTLB_UNMAP
and this latter now is rejected by the virtio-iommu. As a consequence,
the registration fails. VHOST behaves like a device with an ATC cache. The
VFIO device does not support this scheme yet.
Let's register only legacy MAP and UNMAP notifiers.
Fixes:
958ec334bca3 ("vhost: Unbreak SMMU and virtio-iommu on dev-iotlb support")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <
20210209213233.40985-2-eric.auger@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Philippe Mathieu-Daudé [Tue, 2 Feb 2021 15:56:11 +0000 (16:56 +0100)]
MAINTAINERS: Cover docs/igd-assign.txt in VFIO section
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <
20210202155611.998424-1-philmd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Philippe Mathieu-Daudé [Fri, 5 Feb 2021 17:18:17 +0000 (18:18 +0100)]
hw/vfio/pci-quirks: Replace the word 'blacklist'
Follow the inclusive terminology from the "Conscious Language in your
Open Source Projects" guidelines [*] and replace the word "blacklist"
appropriately.
[*] https://github.com/conscious-lang/conscious-lang-docs/blob/main/faq.md
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Acked-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <
20210205171817.
2108907-9-philmd@redhat.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Zenghui Yu [Fri, 4 Dec 2020 01:42:40 +0000 (09:42 +0800)]
vfio: Fix vfio_listener_log_sync function name typo
There is an obvious typo in the function name of the .log_sync() callback.
Spell it correctly.
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Message-Id: <
20201204014240.772-1-yuzenghui@huawei.com>
Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
Peter Maydell [Tue, 16 Mar 2021 13:17:54 +0000 (13:17 +0000)]
Merge remote-tracking branch 'remotes/kraxel/tags/usb-
20210315-pull-request' into staging
usb: -usbdevice cleanup and un-deprecation.
usb: split usb-storage.
usb: misc fixes and cleanups.
# gpg: Signature made Mon 15 Mar 2021 18:02:28 GMT
# gpg: using RSA key
A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* remotes/kraxel/tags/usb-
20210315-pull-request:
usb/storage: clear csw on reset
usb/storage: add kconfig symbols
usb/storage move usb-storage device to separate source file
usb/storage: move usb-bot device to separate source file
usb/storage: move declarations to usb/msd.h header
hw/usb: Extract VT82C686 UHCI PCI function into a new unit
hw/usb/hcd-uhci: Expose generic prototypes to local header
hw/southbridge: Add missing Kconfig dependency VT82C686 on USB_UHCI
usb: Document the missing -usbdevice options
usb: Un-deprecate -usbdevice (except for -usbdevice audio which gets removed)
usb: remove '-usbdevice u2f-key'
usb: remove support for -usbdevice parameters
hw/usb/bus: Remove the "full-path" property
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 16 Mar 2021 10:53:47 +0000 (10:53 +0000)]
Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging
# gpg: Signature made Mon 15 Mar 2021 08:42:25 GMT
# gpg: using RSA key
EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
net: Do not fill legacy info_str for backends
hmp: Use QAPI NetdevInfo in hmp_info_network
net: Move NetClientState.info_str to dynamic allocations
tests: Add tests for query-netdev command
qapi: net: Add query-netdev command
pvrdma: wean code off pvrdma_ring.h kernel header
lan9118: switch to use qemu_receive_packet() for loopback
cadence_gem: switch to use qemu_receive_packet() for loopback
pcnet: switch to use qemu_receive_packet() for loopback
rtl8139: switch to use qemu_receive_packet() for loopback
tx_pkt: switch to use qemu_receive_packet_iov() for loopback
sungem: switch to use qemu_receive_packet() for loopback
msf2-mac: switch to use qemu_receive_packet() for loopback
dp8393x: switch to use qemu_receive_packet() for loopback packet
e1000: switch to use qemu_receive_packet() for loopback
net: introduce qemu_receive_packet()
e1000: fail early for evil descriptor
net: validate that ids are well formed
net: Fix build error when DEBUG_NET is on
virtio-net: calculating proper msix vectors on init
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
# Conflicts:
# hw/core/machine.c
Mahmoud Mandour [Thu, 11 Mar 2021 03:15:37 +0000 (05:15 +0200)]
hw/9pfs/9p-synth: Replaced qemu_mutex_lock with QEMU_LOCK_GUARD
Replaced a call to qemu_mutex_lock and its respective call to
qemu_mutex_unlock and used QEMU_LOCK_GUARD macro in their place.
This simplifies the code by removing the call required to unlock
and also eliminates goto paths.
Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com>
Acked-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <
20210311031538.5325-9-ma.mandourr@gmail.com>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Akihiko Odaki [Thu, 11 Mar 2021 15:15:12 +0000 (00:15 +0900)]
coreaudio: Handle output device change
An output device change can occur when plugging or unplugging an
earphone.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <
20210311151512.22096-3-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Akihiko Odaki [Thu, 11 Mar 2021 15:15:11 +0000 (00:15 +0900)]
coreaudio: Extract device operations
This change prepare to support dynamic device changes, which requires to
perform device initialization/deinitialization multiple times.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <
20210311151512.22096-2-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Akihiko Odaki [Thu, 11 Mar 2021 15:15:10 +0000 (00:15 +0900)]
coreaudio: Drop support for macOS older than 10.6
Mac OS X 10.6 was released in 2009.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <
20210311151512.22096-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Akihiko Odaki [Fri, 12 Mar 2021 13:32:12 +0000 (22:32 +0900)]
ui/cocoa: Comment about modifier key input quirks
Based-on: <
20210310042348.21931-1-akihiko.odaki@gmail.com>
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <
20210312133212.3131-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Marc-André Lureau [Fri, 12 Mar 2021 10:00:42 +0000 (14:00 +0400)]
ui: fold qemu_alloc_display in only caller
A minor code simplification.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210312100108.
2706195-2-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Laurent Vivier [Fri, 12 Mar 2021 21:41:45 +0000 (22:41 +0100)]
m68k: add Virtual M68k Machine
The machine is based on Goldfish interfaces defined by Google
for Android simulator. It uses Goldfish-rtc (timer and RTC),
Goldfish-pic (PIC) and Goldfish-tty (for serial port and early tty).
The machine is created with 128 virtio-mmio bus, and they can
be used to use serial console, GPU, disk, NIC, HID, ...
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210312214145.
2936082-6-laurent@vivier.eu>
Laurent Vivier [Fri, 12 Mar 2021 21:41:44 +0000 (22:41 +0100)]
m68k: add a system controller
Add a system controller for the m68k-virt machine.
This controller allows the kernel to power off or reset the machine.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210312214145.
2936082-5-laurent@vivier.eu>
Laurent Vivier [Fri, 12 Mar 2021 21:41:43 +0000 (22:41 +0100)]
m68k: add an interrupt controller
A (generic) copy of the GLUE device we already have for q800 to use with
the m68k-virt machine.
The q800 one would disappear in the future as q800 uses actually the djMEMC
controller.
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210312214145.
2936082-4-laurent@vivier.eu>
Laurent Vivier [Fri, 12 Mar 2021 21:41:42 +0000 (22:41 +0100)]
hw/intc: add goldfish-pic
Implement the goldfish pic device as defined in
https://android.googlesource.com/platform/external/qemu/+/master/docs/GOLDFISH-VIRTUAL-HARDWARE.TXT
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210312214145.
2936082-3-laurent@vivier.eu>
Laurent Vivier [Fri, 12 Mar 2021 21:41:41 +0000 (22:41 +0100)]
hw/char: add goldfish-tty
Implement the goldfish tty device as defined in
https://android.googlesource.com/platform/external/qemu/+/master/docs/GOLDFISH-VIRTUAL-HARDWARE.TXT
and based on the kernel driver code:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/tree/drivers/tty/goldfish.c
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210312214145.
2936082-2-laurent@vivier.eu>
Mahmoud Mandour [Thu, 11 Mar 2021 03:15:35 +0000 (05:15 +0200)]
migration: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
Replaced various qemu_mutex_lock calls and their respective
qemu_mutex_unlock calls with QEMU_LOCK_GUARD macro. This simplifies
the code by eliminating the respective qemu_mutex_unlock calls.
Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com>
Message-Id: <
20210311031538.5325-7-ma.mandourr@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Mahmoud Mandour [Thu, 11 Mar 2021 03:15:34 +0000 (05:15 +0200)]
monitor: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
Removed various qemu_mutex_lock and their respective qemu_mutex_unlock
calls and used lock guard macros (QEMU_LOCK_GUARD and
WITH_QEMU_LOCK_GUARD). This simplifies the code by
eliminating qemu_mutex_unlock calls.
Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com>
Message-Id: <
20210311031538.5325-6-ma.mandourr@gmail.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Hao Wang [Tue, 9 Feb 2021 10:42:37 +0000 (18:42 +0800)]
migration/tls: add error handling in multifd_tls_handshake_thread
If any error happens during multifd send thread creating (e.g. channel broke
because new domain is destroyed by the dst), multifd_tls_handshake_thread
may exit silently, leaving main migration thread hanging (ram_save_setup ->
multifd_send_sync_main -> qemu_sem_wait(&p->sem_sync)).
Fix that by adding error handling in multifd_tls_handshake_thread.
Signed-off-by: Hao Wang <wanghao232@huawei.com>
Message-Id: <
20210209104237.
2250941-3-wanghao232@huawei.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Chuan Zheng <zhengchuan@huawei.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Hao Wang [Tue, 9 Feb 2021 10:42:36 +0000 (18:42 +0800)]
migration/tls: fix inverted semantics in multifd_channel_connect
Function multifd_channel_connect() return "true" to indicate failure,
which is rather confusing. Fix that.
Signed-off-by: Hao Wang <wanghao232@huawei.com>
Message-Id: <
20210209104237.
2250941-2-wanghao232@huawei.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Chuan Zheng <zhengchuan@huawei.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 14:10:02 +0000 (15:10 +0100)]
virtiofsd: Convert some functions to return bool
Both currently only return 0 or 1.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <
20210312141003.819108-3-groug@kaod.org>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 14:10:01 +0000 (15:10 +0100)]
virtiofsd: Don't allow empty paths in lookup_name()
When passed an empty filename, lookup_name() returns the inode of
the parent directory, unless the parent is the root in which case
the st_dev doesn't match and lo_find() returns NULL. This is
because lookup_name() passes AT_EMPTY_PATH down to fstatat() or
statx().
This behavior doesn't quite make sense because users of lookup_name()
then pass the name to unlinkat(), renameat() or renameat2(), all of
which will always fail on empty names.
Drop AT_EMPTY_PATH from the flags in lookup_name() so that it has
the consistent behavior of "returning an existing child inode or
NULL" for all directories.
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <
20210312141003.819108-2-groug@kaod.org>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 14:10:03 +0000 (15:10 +0100)]
virtiofsd: Don't allow empty filenames
POSIX.1-2017 clearly stipulates that empty filenames aren't
allowed ([1] and [2]). Since virtiofsd is supposed to mirror
the host file system hierarchy and the host can be assumed to
be linux, we don't really expect clients to pass requests with
an empty path in it. If they do so anyway, this would eventually
cause an error when trying to create/lookup the actual inode
on the underlying POSIX filesystem. But this could still confuse
some code that wouldn't be ready to cope with this.
Filter out empty names coming from the client at the top level,
so that the rest doesn't have to care about it. This is done
everywhere we already call is_safe_path_component(), but
in a separate helper since the usual error for empty path
names is ENOENT instead of EINVAL.
[1] https://pubs.opengroup.org/onlinepubs/
9699919799/basedefs/V1_chap03.html#tag_03_170
[2] https://pubs.opengroup.org/onlinepubs/
9699919799/basedefs/V1_chap04.html#tag_04_13
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <
20210312141003.819108-4-groug@kaod.org>
Reviewed-by: Connor Kuehl <ckuehl@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Vivek Goyal [Wed, 3 Mar 2021 19:53:39 +0000 (14:53 -0500)]
virtiofsd: Add qemu version and copyright info
Option "-V" currently displays the fuse protocol version virtiofsd is
using. For example, I see this.
$ ./virtiofsd -V
"using FUSE kernel interface version 7.33"
People also want to know software version of virtiofsd so that they can
figure out if a certain fix is part of currently running virtiofsd or
not. Eric Ernst ran into this issue.
David Gilbert thinks that it probably is best that we simply carry the
qemu version and display that information given we are part of qemu
tree.
So this patch enhances version information and also adds qemu version
and copyright info. Not sure if copyright information is supposed
to be displayed along with version info. Given qemu-storage-daemon
and other utilities are doing it, so I continued with same pattern.
This is how now output looks like.
$ ./virtiofsd -V
virtiofsd version 5.2.50 (
v5.2.0-2357-gcbcf09872a-dirty)
Copyright (c) 2003-2020 Fabrice Bellard and the QEMU Project developers
using FUSE kernel interface version 7.33
Reported-by: Eric Ernst <eric.g.ernst@gmail.com>
Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <
20210303195339.GB3793@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Sergio Lopez <slp@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Greg Kurz [Fri, 12 Mar 2021 09:22:12 +0000 (10:22 +0100)]
virtiofsd: Release vu_dispatch_lock when stopping queue
QEMU can stop a virtqueue by sending a VHOST_USER_GET_VRING_BASE request
to virtiofsd. As with all other vhost-user protocol messages, the thread
that runs the main event loop in virtiofsd takes the vu_dispatch lock in
write mode. This ensures that no other thread can access virtqueues or
memory tables at the same time.
In the case of VHOST_USER_GET_VRING_BASE, the main thread basically
notifies the queue thread that it should terminate and waits for its
termination:
main()
virtio_loop()
vu_dispatch_wrlock()
vu_dispatch()
vu_process_message()
vu_get_vring_base_exec()
fv_queue_cleanup_thread()
pthread_join()
Unfortunately, the queue thread ends up calling virtio_send_msg()
at some point, which itself needs to grab the lock:
fv_queue_thread()
g_list_foreach()
fv_queue_worker()
fuse_session_process_buf_int()
do_release()
lo_release()
fuse_reply_err()
send_reply()
send_reply_iov()
fuse_send_reply_iov_nofree()
fuse_send_msg()
virtio_send_msg()
vu_dispatch_rdlock() <-- Deadlock !
Simply have the main thread to release the lock before going to
sleep and take it back afterwards. A very similar patch was already
sent by Vivek Goyal sometime back:
https://listman.redhat.com/archives/virtio-fs/2021-January/msg00073.html
The only difference here is that this done in fv_queue_set_started()
because fv_queue_cleanup_thread() can also be called from virtio_loop()
without the lock being held.
Signed-off-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <
20210312092212.782255-8-groug@kaod.org>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Peter Maydell [Mon, 15 Mar 2021 19:23:00 +0000 (19:23 +0000)]
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging
Pull request
# gpg: Signature made Mon 15 Mar 2021 09:50:58 GMT
# gpg: using RSA key
8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8
* remotes/stefanha-gitlab/tags/block-pull-request:
virtio-blk: Respect discard granularity
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Sun, 14 Mar 2021 22:49:30 +0000 (16:49 -0600)]
utils: Use fixed-point arithmetic in qemu_strtosz
Once we've parsed the fractional value, extract it into an integral
64-bit fraction. Perform the scaling with integer arithmetic, and
simplify the overflow detection.
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <
20210315155835.
1970210-2-richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 15 Mar 2021 16:59:55 +0000 (16:59 +0000)]
Merge remote-tracking branch 'remotes/philmd/tags/avr-
20210315' into staging
AVR patches queue
- Only reset 'interrupt_request' mask once all interrupts executed
- Documentation and typo fixes
# gpg: Signature made Sun 14 Mar 2021 23:45:34 GMT
# gpg: using RSA key
FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* remotes/philmd/tags/avr-
20210315:
target/avr: Fix interrupt execution
target/avr: Fix some comment spelling errors
hw/avr/arduino: List board schematic links
hw/misc/led: Add yellow LED
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Daniel P. Berrangé [Thu, 11 Mar 2021 18:29:57 +0000 (18:29 +0000)]
ui: honour the actual guest display dimensions without rounding
A long time ago the VNC server code had some memory corruption
fixes done in:
commit
bea60dd7679364493a0d7f5b54316c767cf894ef
Author: Peter Lieven <pl@kamp.de>
Date: Mon Jun 30 10:57:51 2014 +0200
ui/vnc: fix potential memory corruption issues
One of the implications of the fix was that the VNC server would have a
thin black bad down the right hand side if the guest desktop width was
not a multiple of 16. In practice this was a non-issue since the VNC
server was always honouring a guest specified resolution and guests
essentially always pick from a small set of sane resolutions likely in
real world hardware.
We recently introduced support for the extended desktop resize extension
and as a result the VNC client has ability to specify an arbitrary
desktop size and the guest OS may well honour it exactly. As a result we
no longer have any guarantee that the width will be a multiple of 16,
and so when resizing the desktop we have a 93% chance of getting the
black bar on the right hand size.
The VNC server maintains three different desktop dimensions
1. The guest surface
2. The server surface
3. The client desktop
The requirement for the width to be a multiple of 16 only applies to
item 2, the server surface, for the purpose of doing dirty bitmap
tracking.
Normally we will set the client desktop size to always match the server
surface size, but that's not a strict requirement. In order to cope with
clients that don't support the desktop size encoding, we already allow
for the client desktop to be a different size that the server surface.
Thus we can trivially eliminate the black bar, but setting the client
desktop size to be the un-rounded server surface size - the so called
"true width".
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210311182957.486939-5-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Daniel P. Berrangé [Thu, 11 Mar 2021 18:29:56 +0000 (18:29 +0000)]
ui: use client width/height in WMVi message
The WMVi message is supposed to provide the same width/height
information as the regular desktop resize and extended desktop
resize messages. There can be times where the client width and
height are different from the pixman surface dimensions.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210311182957.486939-4-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Daniel P. Berrangé [Thu, 11 Mar 2021 18:29:55 +0000 (18:29 +0000)]
ui: avoid sending framebuffer updates outside client desktop bounds
We plan framebuffer update rects based on the VNC server surface. If the
client doesn't support desktop resize, then the client bounds may differ
from the server surface bounds. VNC clients may become upset if we then
send an update message outside the bounds of the client desktop.
This takes the approach of clamping the rectangles from the worker
thread immediately before sending them. This may sometimes results in
sending a framebuffer update message with zero rectangles.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210311182957.486939-3-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Daniel P. Berrangé [Thu, 11 Mar 2021 18:29:54 +0000 (18:29 +0000)]
ui: add more trace points for VNC client/server messages
This adds trace points for desktop size and audio related messages.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20210311182957.486939-2-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Akihiko Odaki [Fri, 19 Feb 2021 11:16:52 +0000 (20:16 +0900)]
ui/cocoa: Do not exit immediately after shutdown
ui/cocoa used to call exit immediately after calling
qemu_system_shutdown_request, which prevents QEMU from actually
perfoming system shutdown. Just sleep forever, and wait QEMU to call
exit and kill the Cocoa thread.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <
20210219111652.20623-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Akihiko Odaki [Fri, 19 Feb 2021 09:48:03 +0000 (18:48 +0900)]
opengl: Do not convert format with glTexImage2D on OpenGL ES
OpenGL ES does not support conversion from the given data format
to the internal format with glTexImage2D.
Use the given data format as the internal format, and ignore
the given alpha channels with GL_TEXTURE_SWIZZLE_A in case the
format contains alpha channels.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <
20210219094803.90860-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Daniel P. Berrangé [Thu, 11 Mar 2021 11:43:43 +0000 (11:43 +0000)]
ui: deprecate "password" option for SPICE server
With the new "password-secret" option, there is no reason to use the old
inecure "password" option with -spice, so it can be deprecated.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20210311114343.439820-4-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Daniel P. Berrangé [Thu, 11 Mar 2021 11:43:42 +0000 (11:43 +0000)]
ui: introduce "password-secret" option for SPICE server
Currently when using SPICE the "password" option provides the password
in plain text on the command line. This is insecure as it is visible
to all processes on the host. As an alternative, the password can be
provided separately via the monitor.
This introduces a "password-secret" option which lets the password be
provided up front.
$QEMU --object secret,id=vncsec0,file=passwd.txt \
--spice port=5901,password-secret=vncsec0
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20210311114343.439820-3-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Daniel P. Berrangé [Thu, 11 Mar 2021 11:43:41 +0000 (11:43 +0000)]
ui: introduce "password-secret" option for VNC servers
Currently when using VNC the "password" flag turns on password based
authentication. The actual password has to be provided separately via
the monitor.
This introduces a "password-secret" option which lets the password be
provided up front.
$QEMU --object secret,id=vncsec0,file=passwd.txt \
--vnc localhost:0,password-secret=vncsec0
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20210311114343.439820-2-berrange@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Fri, 12 Mar 2021 09:49:54 +0000 (10:49 +0100)]
usb/storage: clear csw on reset
Stale data in csw (specifically residue) can confuse the state machine
and allows the guest trigger an assert(). So clear csw on reset to
avoid this happening in case the guest resets the device in the middle
of a request.
Buglink: https://bugs.launchpad.net/qemu/+bug/1523811
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <
20210312094954.796799-1-kraxel@redhat.com>
Gerd Hoffmann [Fri, 12 Mar 2021 09:04:25 +0000 (10:04 +0100)]
usb/storage: add kconfig symbols
Add new kconfig symbols so usb-storage and usb-bot can
be enabled or disabled individually at build time.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <
20210312090425.772900-5-kraxel@redhat.com>
Gerd Hoffmann [Fri, 12 Mar 2021 09:04:24 +0000 (10:04 +0100)]
usb/storage move usb-storage device to separate source file
Pure code motion, no functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <
20210312090425.772900-4-kraxel@redhat.com>
Gerd Hoffmann [Fri, 12 Mar 2021 09:04:23 +0000 (10:04 +0100)]
usb/storage: move usb-bot device to separate source file
Pure code motion, no functional change.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <
20210312090425.772900-3-kraxel@redhat.com>
Gerd Hoffmann [Fri, 12 Mar 2021 09:04:22 +0000 (10:04 +0100)]
usb/storage: move declarations to usb/msd.h header
In preparation for splitting the usb-storage.c file move
declarations to the new usb/msd.h header file.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <
20210312090425.772900-2-kraxel@redhat.com>
Philippe Mathieu-Daudé [Tue, 9 Mar 2021 19:08:02 +0000 (20:08 +0100)]
hw/usb: Extract VT82C686 UHCI PCI function into a new unit
Extract the VT82C686 PCI UHCI function into a new unit so
it is only build when the VT82C686 south bridge is selected.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210309190802.830969-4-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Philippe Mathieu-Daudé [Tue, 9 Mar 2021 19:08:01 +0000 (20:08 +0100)]
hw/usb/hcd-uhci: Expose generic prototypes to local header
Extract generic UHCI prototypes into a new "hcd-uhci.h" local
header so we can reuse them in other units.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <
20210309190802.830969-3-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Philippe Mathieu-Daudé [Tue, 9 Mar 2021 19:08:00 +0000 (20:08 +0100)]
hw/southbridge: Add missing Kconfig dependency VT82C686 on USB_UHCI
The VT82C686 south bridge provides a USB UHCI bus via a PCI function.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <
20210309190802.830969-2-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Thomas Huth [Wed, 10 Mar 2021 17:33:23 +0000 (18:33 +0100)]
usb: Document the missing -usbdevice options
There are some more -usbdevice options that have never been mentioned
in the documentation. Now that we removed -usbdevice from the list
of deprecated features again, we should document them properly.
While we're at it, also sort them alphabetically.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20210310173323.
1422754-5-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Thomas Huth [Wed, 10 Mar 2021 17:33:22 +0000 (18:33 +0100)]
usb: Un-deprecate -usbdevice (except for -usbdevice audio which gets removed)
When trying to remove the -usbdevice option, there were complaints that
"-usbdevice braille" is still a very useful shortcut for some people.
Thus we never remove this option. Since it's not such a big burden to
keep it around, and it's also convenient in the sense that you don't
have to worry to enable a host controller explicitly with this option,
we should remove it from he deprecation list again.
However, there is one exception: "-usbdevice audio" should go away, since
audio devices without "audiodev=..." parameter are also on the deprecation
list and you cannot use "-usbdevice audio" with "audiodev".
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20210310173323.
1422754-4-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Paolo Bonzini [Wed, 10 Mar 2021 17:33:21 +0000 (18:33 +0100)]
usb: remove '-usbdevice u2f-key'
It never worked.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20210310173323.
1422754-3-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Paolo Bonzini [Wed, 10 Mar 2021 17:33:20 +0000 (18:33 +0100)]
usb: remove support for -usbdevice parameters
No device needs them anymore and in fact they're undocumented.
Remove the code. The only change in behavior is that "-usbdevice
braille:hello" now reports an error, which is a bugfix.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cc: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20210310173323.
1422754-2-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Thomas Huth [Tue, 2 Mar 2021 12:01:52 +0000 (13:01 +0100)]
hw/usb/bus: Remove the "full-path" property
This property was only required for the pc-1.0 and earlier machine
types. Since these have been removed now, we can delete the property
as well.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20210302120152.118042-1-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Peter Maydell [Mon, 15 Mar 2021 15:34:27 +0000 (15:34 +0000)]
Merge remote-tracking branch 'remotes/bkoppelmann2/tags/pull-tricore-
20210314' into staging
- Added triboard with tc27x_soc
- Cleaned up get_physical_address()
- Fixed corner case bugs in OPC2_32_RRPW_IMASK and OPC2_32_RRPW_IMASK
insns
# gpg: Signature made Sun 14 Mar 2021 13:53:11 GMT
# gpg: using RSA key
6E636A7E83F2DD0CFA6E6E370AD2C6396B69CA14
# gpg: issuer "kbastian@mail.uni-paderborn.de"
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>" [full]
# Primary key fingerprint: 6E63 6A7E 83F2 DD0C FA6E 6E37 0AD2 C639 6B69 CA14
* remotes/bkoppelmann2/tags/pull-tricore-
20210314:
target/tricore: Fix OPC2_32_RRPW_EXTR for width=0
target/tricore: Fix imask OPC2_32_RRPW_IMASK for r3+1 == r2
tricore: fixed faulty conditions for extr and imask
target/tricore: Remove unused definitions
target/tricore: Pass MMUAccessType to get_physical_address()
target/tricore: Replace magic value by MMU_DATA_LOAD definition
tricore: added triboard with tc27x_soc
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Miroslav Rezanina [Mon, 15 Mar 2021 10:13:52 +0000 (11:13 +0100)]
s390x/pci: Add missing initialization for g_autofree variables
When declaring g_autofree variable without initialization, compiler
will raise "may be used uninitialized in this function" warning due
to automatic free handling.
This is mentioned in docs/devel/style.rst (quote from section
"Automatic memory deallocation"):
* Variables declared with g_auto* MUST always be initialized,
otherwise the cleanup function will use uninitialized stack memory
Add initialization for these declarations to prevent the warning and
comply with coding style.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Fixes:
cd7498d07fbb ("s390x/pci: Add routine to get the vfio dma available count")
Fixes:
1e7552ff5c34 ("s390x/pci: get zPCI function info from host")
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <
20210315101352.152888-1-mrezanin@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
David Hildenbrand [Mon, 15 Mar 2021 08:54:49 +0000 (09:54 +0100)]
target/s390x: Store r1/r2 for page-translation exceptions during MVPG
The PoP states:
When EDAT-1 does not apply, and a program interruption due to a
page-translation exception is recognized by the MOVE PAGE
instruction, the contents of the R1 field of the instruction are
stored in bit positions 0-3 of location 162, and the contents of
the R2 field are stored in bit positions 4-7.
If [...] an ASCE-type, region-first-translation,
region-second-translation, region-third-translation, or
segment-translation exception was recognized, the contents of
location 162 are unpredictable.
So we have to write r1/r2 into the lowcore on page-translation
exceptions. Simply handle all exceptions inside our mvpg helper now.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20210315085449.34676-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Richard Henderson [Mon, 15 Mar 2021 08:54:48 +0000 (09:54 +0100)]
target/s390x: Implement the MVPG condition-code-option bit
If the CCO bit is set, MVPG should not generate an exception but
report page translation faults via a CC code.
Create a new helper, access_prepare_nf, which can use probe_access_flags
in non-faulting mode, and then handle watchpoints.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
[thuth: Added logic to still inject protection exceptions]
Signed-off-by: Thomas Huth <thuth@redhat.com>
[david: Look at env->tlb_fill_exc to determine if there was an exception]
Signed-off-by: David Hildenbrand <david@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20210315085449.34676-2-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Cornelia Huck [Thu, 11 Mar 2021 13:27:46 +0000 (14:27 +0100)]
s390x/cpu_model: use official name for 8562
The single-frame z15 is called "z15 T02" (and the multi-frame z15
"z15 T01").
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <
20210311132746.
1777754-1-cohuck@redhat.com>
David Hildenbrand [Wed, 3 Mar 2021 13:09:16 +0000 (14:09 +0100)]
exec: Get rid of phys_mem_set_alloc()
As the last user is gone, we can get rid of phys_mem_set_alloc() and
simplify.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Halil Pasic <pasic@linux.ibm.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Thomas Huth <thuth@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <
20210303130916.22553-3-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
David Hildenbrand [Wed, 3 Mar 2021 13:09:15 +0000 (14:09 +0100)]
s390x/kvm: Get rid of legacy_s390_alloc()
legacy_s390_alloc() was required for dealing with the absence of the ESOP
feature -- on old HW (< gen 10) and old z/VM versions (< 6.3).
As z/VM v6.2 (and even v6.3) is no longer supported since 2017 [1]
and we don't expect to have real users on such old hardware, let's drop
legacy_s390_alloc().
Still check+report an error just in case someone still runs on
such old z/VM environments, or someone runs under weird nested KVM
setups (where we can manually disable ESOP via the CPU model).
No need to check for KVM_CAP_GMAP - that should always be around on
kernels that also have KVM_CAP_DEVICE_CTRL (>= v3.15).
[1] https://www.ibm.com/support/lifecycle/search?q=z%2FVM
Suggested-by: Cornelia Huck <cohuck@redhat.com>
Suggested-by: Thomas Huth <thuth@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Halil Pasic <pasic@linux.ibm.com>
Cc: Cornelia Huck <cohuck@redhat.com>
Cc: Christian Borntraeger <borntraeger@de.ibm.com>
Cc: Thomas Huth <thuth@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Peter Xu <peterx@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <
20210303130916.22553-2-david@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Akihiko Odaki [Thu, 25 Feb 2021 00:12:39 +0000 (09:12 +0900)]
virtio-blk: Respect discard granularity
Report the configured granularity for discard operation to the
guest. If this is not set use the block size.
Since until now we have ignored the configured discard granularity
and always reported the block size, let's add
'report-discard-granularity' property and disable it for older
machine types to avoid migration issues.
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <
20210225001239.47046-1-akihiko.odaki@gmail.com>
Alexey Kirillov [Wed, 3 Mar 2021 09:59:10 +0000 (12:59 +0300)]
net: Do not fill legacy info_str for backends
As we use QAPI NetClientState->stored_config to store and get information
about backend network devices, we can drop fill of legacy field info_str
for them.
We still use info_str field for NIC and hubports, so we can not completely
remove it.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexey Kirillov [Wed, 3 Mar 2021 09:59:09 +0000 (12:59 +0300)]
hmp: Use QAPI NetdevInfo in hmp_info_network
Replace usage of legacy field info_str of NetClientState for backend
network devices with QAPI NetdevInfo stored_config that already used
in QMP query-netdev.
This change increases the detail of the "info network" output and takes
a more general approach to composing the output.
NIC and hubports still use legacy info_str field.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexey Kirillov [Wed, 3 Mar 2021 09:59:08 +0000 (12:59 +0300)]
net: Move NetClientState.info_str to dynamic allocations
The info_str field of the NetClientState structure is static and has a size
of 256 bytes. This amount is often unclaimed, and the field itself is used
exclusively for HMP "info network".
The patch translates info_str to dynamic memory allocation.
This action is also allows us to painlessly discard usage of this field
for backend devices.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexey Kirillov [Wed, 3 Mar 2021 09:59:07 +0000 (12:59 +0300)]
tests: Add tests for query-netdev command
A simply qtest that checks for correct number of netdevs in the response
of the query-netdev.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru>
Acked-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexey Kirillov [Wed, 3 Mar 2021 09:59:06 +0000 (12:59 +0300)]
qapi: net: Add query-netdev command
The query-netdev command is used to get the configuration of the current
network device backends (netdevs).
This is the QMP analog of the HMP command "info network" but only for
netdevs (i.e. excluding NIC and hubports).
The query-netdev command returns an array of objects of the NetdevInfo
type, which are an extension of Netdev type. It means that response can
be used for netdev-add after small modification. This can be useful for
recreate the same netdev configuration.
Information about the network device is filled in when it is created or
modified and is available through the NetClientState->stored_config.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru>
Acked-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Cornelia Huck [Fri, 22 Jan 2021 18:00:29 +0000 (19:00 +0100)]
pvrdma: wean code off pvrdma_ring.h kernel header
The pvrdma code relies on the pvrdma_ring.h kernel header for some
basic ring buffer handling. The content of that header isn't very
exciting, but contains some (q)atomic_*() invocations that (a)
cause manual massaging when doing a headers update, and (b) are
an indication that we probably should not be importing that header
at all.
Let's reimplement the ring buffer handling directly in the pvrdma
code instead. This arguably also improves readability of the code.
Importing the header can now be dropped.
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Tested-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexander Bulekov [Mon, 1 Mar 2021 19:35:30 +0000 (14:35 -0500)]
lan9118: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexander Bulekov [Mon, 1 Mar 2021 19:33:43 +0000 (14:33 -0500)]
cadence_gem: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexander Bulekov [Mon, 1 Mar 2021 15:33:34 +0000 (10:33 -0500)]
pcnet: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/qemu/+bug/1917085
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Alexander Bulekov [Fri, 26 Feb 2021 18:47:53 +0000 (13:47 -0500)]
rtl8139: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/qemu/+bug/1910826
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 05:27:52 +0000 (13:27 +0800)]
tx_pkt: switch to use qemu_receive_packet_iov() for loopback
This patch switches to use qemu_receive_receive_iov() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 05:14:35 +0000 (13:14 +0800)]
sungem: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 05:00:01 +0000 (13:00 +0800)]
msf2-mac: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 04:57:40 +0000 (12:57 +0800)]
dp8393x: switch to use qemu_receive_packet() for loopback packet
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 04:13:22 +0000 (12:13 +0800)]
e1000: switch to use qemu_receive_packet() for loopback
This patch switches to use qemu_receive_packet() which can detect
reentrancy and return early.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 03:44:36 +0000 (11:44 +0800)]
net: introduce qemu_receive_packet()
Some NIC supports loopback mode and this is done by calling
nc->info->receive() directly which in fact suppresses the effort of
reentrancy check that is done in qemu_net_queue_send().
Unfortunately we can't use qemu_net_queue_send() here since for
loopback there's no sender as peer, so this patch introduce a
qemu_receive_packet() which is used for implementing loopback mode
for a NIC with this check.
NIC that supports loopback mode will be converted to this helper.
This is intended to address CVE-2021-3416.
Cc: Prasad J Pandit <ppandit@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Wed, 24 Feb 2021 05:45:28 +0000 (13:45 +0800)]
e1000: fail early for evil descriptor
During procss_tx_desc(), driver can try to chain data descriptor with
legacy descriptor, when will lead underflow for the following
calculation in process_tx_desc() for bytes:
if (tp->size + bytes > msh)
bytes = msh - tp->size;
This will lead a infinite loop. So check and fail early if tp->size if
greater or equal to msh.
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Reported-by: Ruhr-University Bochum <bugs-syssec@rub.de>
Cc: Prasad J Pandit <ppandit@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Jason Wang <jasowang@redhat.com>
Paolo Bonzini [Fri, 12 Mar 2021 14:51:38 +0000 (09:51 -0500)]
net: validate that ids are well formed
When a network or network device is created from the command line or HMP,
QemuOpts ensures that the id passes the id_wellformed check. However,
QMP skips this:
$ qemu-system-x86_64 -qmp stdio -S -nic user,id=123/456
qemu-system-x86_64: -nic user,id=123/456: Parameter id expects an identifier
Identifiers consist of letters, digits, -, ., _, starting with a letter.
$ qemu-system-x86_64 -qmp stdio -S
{"execute":"qmp_capabilities"}
{"return": {}}
{"execute":"netdev_add", "arguments": {"type": "user", "id": "123/456"}}
{"return": {}}
After:
$ qemu-system-x86_64 -qmp stdio -S
{"execute":"qmp_capabilities"}
{"return": {}}
{"execute":"netdev_add", "arguments": {"type": "user", "id": "123/456"}}
{"error": {"class": "GenericError", "desc": "Parameter "id" expects an identifier"}}
Validity checks should be performed always at the bottom of the call chain,
because QMP skips all the steps above. At the same time we know that every
call chain should go through either QMP or (for legacy) through QemuOpts.
Because the id for -net and -nic is automatically generated and not
well-formed by design, just add the check to QMP.
Cc: Jason Wang <jasowang@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Bin Meng [Sun, 28 Feb 2021 05:02:18 +0000 (13:02 +0800)]
net: Fix build error when DEBUG_NET is on
"qemu-common.h" should be included to provide the forward declaration
of qemu_hexdump() when DEBUG_NET is on.
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Jason Wang [Mon, 8 Mar 2021 04:49:19 +0000 (12:49 +0800)]
virtio-net: calculating proper msix vectors on init
Currently, the default msix vectors for virtio-net-pci is 3 which is
obvious not suitable for multiqueue guest, so we depends on the user
or management tools to pass a correct vectors parameter. In fact, we
can simplifying this by calculating the number of vectors on realize.
Consider we have N queues, the number of vectors needed is 2*N + 2
(#queue pairs + plus one config interrupt and control vq). We didn't
check whether or not host support control vq because it was added
unconditionally by qemu to avoid breaking legacy guests such as Minix.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Ivanov Arkasha [Fri, 12 Mar 2021 16:47:54 +0000 (19:47 +0300)]
target/avr: Fix interrupt execution
Only one interrupt is in progress at the moment.
It is only necessary to set to reset interrupt_request
after all interrupts have been executed.
Signed-off-by: Ivanov Arkasha <ivanovrkasha@gmail.com>
Message-Id: <
20210312164754.18437-1-arkaisp2021@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Lichang Zhao [Fri, 9 Oct 2020 06:44:46 +0000 (14:44 +0800)]
target/avr: Fix some comment spelling errors
I found that there are many spelling errors in the comments of qemu/target/avr.
I used spellcheck to check the spelling errors and found some errors in the folder.
Signed-off-by: Lichang Zhao <zhaolichang@huawei.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
Reviewed-by: Philippe Mathieu-Daude<f4bug@amsat.org>
Message-Id: <
20201009064449.2336-12-zhaolichang@huawei.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Philippe Mathieu-Daudé [Sat, 13 Mar 2021 15:18:19 +0000 (16:18 +0100)]
hw/avr/arduino: List board schematic links
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Message-Id: <
20210313165445.
2113938-3-f4bug@amsat.org>
Philippe Mathieu-Daudé [Sat, 13 Mar 2021 15:18:34 +0000 (16:18 +0100)]
hw/misc/led: Add yellow LED
Add the yellow "lime" LED.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Rolnik <mrolnik@gmail.com>
Message-Id: <
20210313165445.
2113938-2-f4bug@amsat.org>
OSDN Git Service
