OSDN Git Service
Stefan Hajnoczi [Tue, 28 Nov 2023 21:31:16 +0000 (16:31 -0500)]
Update version for v8.2.0-rc2 release
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 28 Nov 2023 20:36:42 +0000 (15:36 -0500)]
Merge tag 'misc-next-
20231128' of https://github.com/philmd/qemu into staging
Misc fixes for 8.2
* buildsys: Invoke bash via 'env' (Samuel)
* doc: Fix example in s390-cpu-topology.rst (Zhao)
* HW: Fix AVR ATMega reset stack (Gihun) and VT82C686 IRQ routing (Zoltan)
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmVl7MUACgkQ4+MsLN6t
# wN4nsQ//U7/GGrMaNJF369pC0UfC0dfD39RoD9jmmrWUQB17baMvXo+BMBcELX0Q
# BtgRjIYwnywnVZlB11JL5Ql9ykSRqd7VeqnZfH//GqQO+ySF7jl6ekNT6YNjUbWu
# iF9bU3o0/LAVl/3pe9LQ4q/yOjzERA5o4JKYviHZYcWE811/5lBNgER4iPyCz6a8
# aGI3S5PGmq6a9x5266jkY2WWldDy7D1ujkuvxxc4tgnmbBjL21soJ/oRLOBjGTNl
# hCRfDTEiFZm7OxjV7oB03Nr3EGGStGdy0aPhhtFwzZxQ9yV7d2DLsbYGgwzZYkKQ
# 9v4DtGqYyvDA7LBmfxOrnzL0WXgN4xO3qekLqHDtChDzFFEYwtHvH0duPUiQv1Yu
# qHyOsfB58rKzWHeo0ACEjMWGdD1opCXCeoJlEf/saiQ5EgyBwph/z2mWYN4yak5H
# Zu3xF15BcnyavC6sVeuE+rT574dhCzOtH8Vf3WVwqfL5D5cyCjHlmPSAXXMqBkmh
# BMOD8O210n6IdzuuOQ038t3yGvIc0YysOmQgfLjRYlZa884q3wExgrufH+NYbGMj
# bFthPjLKgHm+q4k2mH65G98xwXQFT6rdHanw2iEJcPJbhhk9SNWYgaQ0r0Oi2Pfd
# zCQ22F1j9UqGcqKh+8tzAfjayRyQUJtgizPXEWanADkpIDYxrRk=
# =323/
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Nov 2023 08:36:05 EST
# gpg: using RSA key
FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'misc-next-
20231128' of https://github.com/philmd/qemu:
docs/s390: Fix wrong command example in s390-cpu-topology.rst
hw/avr/atmega: Fix wrong initial value of stack pointer
hw/audio/via-ac97: Route interrupts using via_isa_set_irq()
hw/isa/vt82c686: Route PIRQ inputs using via_isa_set_irq()
hw/usb/vt82c686-uhci-pci: Use ISA instead of PCI interrupts
hw/isa/vt82c686: Bring back via_isa_set_irq()
target/hexagon/idef-parser/prepare: use env to invoke bash
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 28 Nov 2023 20:36:27 +0000 (15:36 -0500)]
Merge tag 'pull-target-arm-
20231127' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* Set IL bit for pauth, SVE access, BTI trap syndromes
* Handle overflow in calculation of next timer tick
* hw/net/can/xlnx-zynqmp: Avoid underflow when popping FIFOs
* Various devices: Free array property memory on device finalize
* hw/ssi/xilinx_spips: fix an out of bound access
* hw/misc, hw/ssi: Fix some URLs for AMD / Xilinx models
* hw/dma/xlnx_csu_dma: don't throw guest errors when stopping the SRC DMA
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmVkzLAZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3o79D/0Yh7Q7N4+fc4xdBK5hb1GN
# 31rBWZ3z0XzBzXrN80g6ig5i+CvTq7+120yx4Kl5bdyAMGdXpryTeNSoa4ewmNtC
# +c6pqV8IUIHA3axepuHtwjs4wRzWoFz13gy+X/1spfhcrtFpWyRt0f3cc1fElhzX
# 2K/4H9TD2d5yZBvaKLoJ6GzdK2wtWfucvWQDOUigRF7rvSST3awZ6gkumm+/6EM5
# vbIVOqi+0JcnWKJj0i4S1vRUPg0+CuaZN8glXcGkq2BaMfOohpjFGTMY0KsAK1Cv
# Ow1guxxy2mcLixQ8pX7ii5WHVDCuPqTVcwHUQJqN5Ln6CFEre38jM1ZwgHpWhb8G
# CoVOu2B96QwPoICD7QomaKCJYHkAczC4KETsTz/Mc+zcU6+cQiv0swc2sDhwBlmT
# weHQAmZg5dPRl3DQ/8F3llhdYyvOGnUpaaBauJiuH2I5n/qhqbvcgu9G7pGwd2gm
# lk8LuzjbVEtBu2jFlPCMpvuSuJJciR/3/QdHMGlN6L0ooY6dFL9puW51wFKSh+Kx
# JqetuUJXVWLTiL9ekLnNPQkuQQwP3WQsIvQO8tjEiuojw1utk/50JPmXg/xHEahx
# rN8aiLstR4olh1i+CrIee3QR6IwhqZmvEVHROIw0ExJ1L04FCCtPlvJ/G2gD1ta2
# oLvqWLlc752+nND72lIJZg==
# =X700
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 27 Nov 2023 12:06:56 EST
# gpg: using RSA key
E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-
20231127' of https://git.linaro.org/people/pmaydell/qemu-arm:
hw/dma/xlnx_csu_dma: don't throw guest errors when stopping the SRC DMA
hw/misc, hw/ssi: Fix some URLs for AMD / Xilinx models
hw/ssi/xilinx_spips: fix an out of bound access
hw/input/stellaris_gamepad: Free StellarisGamepad::keycodes[] array
hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array
hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] array on finalize()
hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array on finalize()
hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize()
hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field
hw/net/can/xlnx-zynqmp: Avoid underflow while popping RX FIFO
hw/net/can/xlnx-zynqmp: Avoid underflow while popping TX FIFOs
target/arm: Handle overflow in calculation of next timer tick
target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 28 Nov 2023 14:23:30 +0000 (09:23 -0500)]
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- ide/via: Fix BAR4 value in legacy mode
- export/vhost-user-blk: Fix consecutive drains
- vmdk: Don't corrupt desc file in vmdk_write_cid
- iotests: fix default machine type detection
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmVl9GARHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9Y9KRAAx3ryUIdaVZX5RZbVC4ZmkgGIpSv+8dS+
# e98H+accyyVTVXlMNYWy0s7tP6sxhhlmGqfGLx/hDynvjJRxyS8VSOXXNIqYcHqN
# wGXcgLEgb+qxu7+Y8g3UhMeSmDyRhanOE/MxhMqGOKd/5nxfY1XdD7nkRwCsPAAi
# Tud/Jd7t0CSV0wUDfvMtBsQZCBSQyoSu3S3TjZ8I2CPjBaoYojj3XM+LKrlJu+B5
# zwgB5IURac1dOfsjYsX0M0zXxr6pTVNtkdNNwFoiNP+omoRjCXV3W9iTtyU+/zc3
# cnVzQQRE6XufQ/Q7IWHNE3/U5LvM3m+sjB+YryrMTRVItjpGUCgYGsrgodjZp7aj
# 4hmwxyZ8PN3+o96d5RWqhRXnY9fy5hzJZOhUMQV6lV/Z14wt8YYsJoqgi4wryoYf
# 7VdyZP2Szt2Sgl4+n0uSfPBoR+qMEwni1AxO8iK9OZbpewv7aBO3In4tOAvP/eB8
# VAoCZOfrILSXaR5aorlAPr6IOXanPvgOotmzNs0NaaqYnpfYr6KAH9FjyAm3DZqp
# b+/Ep+hrekq9XqnZGMblQsjlTFAc9mRWtqsHUrftl9FhRvSah4R+TyKov8lD23VZ
# bvw1etcc0p55Ws4RkUkGn8G5kRyhec3nkHdr4MODCR0s0uo0cBaITnoV0Ra9p7of
# K78WSodwZKQ=
# =ktlF
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Nov 2023 09:08:32 EST
# gpg: using RSA key
DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg: issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
ide/via: Fix BAR4 value in legacy mode
export/vhost-user-blk: Fix consecutive drains
vmdk: Don't corrupt desc file in vmdk_write_cid
iotests: fix default machine type detection
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
BALATON Zoltan [Sat, 25 Nov 2023 14:01:35 +0000 (15:01 +0100)]
ide/via: Fix BAR4 value in legacy mode
Return default value in legacy mode for BAR4 when unset. This can't be
set in reset method because BARs are cleared on reset so we return it
instead when BARs are read in legacy mode. This fixes UDMA on amigaone
with AmigaOS.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-ID: <
20231125140135.
AF6A075A4C3@zero.eik.bme.hu>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Mon, 27 Nov 2023 11:57:55 +0000 (12:57 +0100)]
export/vhost-user-blk: Fix consecutive drains
The vhost-user-blk export implement AioContext switches in its drain
implementation. This means that on drain_begin, it detaches the server
from its AioContext and on drain_end, attaches it again and schedules
the server->co_trip coroutine in the updated AioContext.
However, nothing guarantees that server->co_trip is even safe to be
scheduled. Not only is it unclear that the coroutine is actually in a
state where it can be reentered externally without causing problems, but
with two consecutive drains, it is possible that the scheduled coroutine
didn't have a chance yet to run and trying to schedule an already
scheduled coroutine a second time crashes with an assertion failure.
Following the model of NBD, this commit makes the vhost-user-blk export
shut down server->co_trip during drain so that resuming the export means
creating and scheduling a new coroutine, which is always safe.
There is one exception: If the drain call didn't poll (for example, this
happens in the context of bdrv_graph_wrlock()), then the coroutine
didn't have a chance to shut down. However, in this case the AioContext
can't have changed; changing the AioContext always involves a polling
drain. So in this case we can simply assert that the AioContext is
unchanged and just leave the coroutine running or wake it up if it has
yielded to wait for the AioContext to be attached again.
Fixes:
e1054cd4aad03a493a5d1cded7508f7c348205bf
Fixes: https://issues.redhat.com/browse/RHEL-1708
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20231127115755.22846-1-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Fam Zheng [Fri, 24 Nov 2023 11:56:54 +0000 (11:56 +0000)]
vmdk: Don't corrupt desc file in vmdk_write_cid
If the text description file is larger than DESC_SIZE, we force the last
byte in the buffer to be 0 and write it out.
This results in a corruption.
Try to allocate a big buffer in this case.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1923
Signed-off-by: Fam Zheng <fam@euphon.net>
Message-ID: <
20231124115654.
3239137-1-fam@euphon.net>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Andrey Drobyshev [Wed, 22 Nov 2023 12:15:38 +0000 (14:15 +0200)]
iotests: fix default machine type detection
The machine type is being detected based on "-M help" output, and we're
searching for the line ending with " (default)". However, in downstream
one of the machine types s marked as deprecated might become the
default, in which case this logic breaks as the line would now end with
" (default) (deprecated)". To fix potential issues here, let's relax
that requirement and detect the mere presence of " (default)" line
instead.
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Message-ID: <
20231122121538.32903-1-andrey.drobyshev@virtuozzo.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Stefan Hajnoczi [Tue, 28 Nov 2023 13:54:14 +0000 (08:54 -0500)]
Merge tag 'firmware/seabios-
20231128-pull-request' of https://gitlab.com/kraxel/qemu into staging
seabios: update to 1.16.3 release
This adds one bugfix compared to the snapshot
merged during the 8.2 devel cycle.
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmVloe0ACgkQTLbY7tPo
# cThCmA/9HciX9GJdVKhphS9hxA8ZtqmvB5SCZPEW0wBqpe2/nr6Jb2X7h3oL9h+i
# +pzdv0ZygO+Xxzt1thADO1ZFcF4C5l2j4wOrqrvNoTqtgmBgZBAnw/YkjdK+phjU
# ETaCgl0TsxHqe9XGpVjgTSB4VGgKmj+80DI2xCBUJPyAvOg9fgcvwpRojX8V+vVS
# DG3QM1g2lGlIHMLcYZBM95VNIyPdPED+tCagcw765s0EBT7/Di8yplQqYuosw3Cl
# pOKD7cgtDv/Ca0GeNMJlttM1ZrdPutDnapHeUlDax1Tf5c2FBWnBIe2nTyDHHIjC
# sMQ1DxRT6tI94L/jp+gYfsO02ILRcOZ2+rfUt/wy1fsPqPrIlD1r3HdBdSkdBLRE
# XLw6+5bijPKvyhkHM8fb2qt56ap2JLJ6EgkOHHekpGznEAkYB+sjeTlxiOzNxaDX
# C14SdiYgLmpfobxoNvvwRz4L0TTc4mSVIYhSxrGL0Qs1jucUK0+PpoGcacBXcAg8
# ScNwE3V+nUzjh9fGjqaCB6qcAuv4wijvnQAKmDatAkUeYcGMR9PKHHM1AL/JBchC
# DEQRa0VaNCkmy1Gcd1Hs5Wf98fqWot7O2j5zbzMm8lN+w6muPA4j7yguqRHZYcnA
# Xoor6vDxE9Zt67CLBhuN6Qgv8Ewy4DsJF+w9nVQXVI80Jk973gI=
# =ZbmR
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 28 Nov 2023 03:16:45 EST
# gpg: using RSA key
A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* tag 'firmware/seabios-
20231128-pull-request' of https://gitlab.com/kraxel/qemu:
seabios: update binaries to 1.16.3 release
seabios: update submodule to 1.16.3 release
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Zhao Liu [Mon, 27 Nov 2023 13:49:17 +0000 (21:49 +0800)]
docs/s390: Fix wrong command example in s390-cpu-topology.rst
From s390_possible_cpu_arch_ids() in hw/s390x/s390-virtio-ccw.c, the
"core-id" is the index of possible_cpus->cpus[], so it should only be
less than possible_cpus->len, which is equal to ms->smp.max_cpus.
Fix the wrong "core-id" 112, because it isn't less than maxcpus (36) in
-smp, and the valid core ids are 0-35 inclusive.
Signed-off-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
Message-ID: <
20231127134917.568552-1-zhao1.liu@linux.intel.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Gihun Nam [Mon, 27 Nov 2023 02:54:20 +0000 (11:54 +0900)]
hw/avr/atmega: Fix wrong initial value of stack pointer
The current implementation initializes the stack pointer of AVR devices
to 0. Although older AVR devices used to be like that, newer ones set
it to RAMEND.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1525
Signed-off-by: Gihun Nam <gihun.nam@outlook.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <PH0P222MB0010877445B594724D40C924DEBDA@PH0P222MB0010.NAMP222.PROD.OUTLOOK.COM>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
BALATON Zoltan [Sun, 26 Nov 2023 22:49:33 +0000 (23:49 +0100)]
hw/audio/via-ac97: Route interrupts using via_isa_set_irq()
This device is a function of VIA south bridge and should allow setting
interrupt routing within that chip. This is implemented in
via_isa_set_irq().
Fixes:
eb604411a78b82c468e2b8d81a9401eb8b9c7658
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-ID: <
5329840e4be6dd8ae143d07cbfe61d8d2d106654.
1701035944.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
BALATON Zoltan [Sun, 26 Nov 2023 22:49:31 +0000 (23:49 +0100)]
hw/isa/vt82c686: Route PIRQ inputs using via_isa_set_irq()
The chip has 4 pins (called PIRQA-D in VT82C686B and PINTA-D in
VT8231) that are meant to be connected to PCI IRQ lines and allow
routing PCI interrupts to the ISA PIC. Route these in
via_isa_set_irq() to make it possible to share them with internal
functions that can also be routed to the same ISA IRQs.
Fixes:
2fdadd02e675caca4aba4ae26317701fe2c4c901
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-ID: <
8c4513d8b78fac40e6d4e65a0a4b3a7f2f278a4b.
1701035944.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
BALATON Zoltan [Sun, 26 Nov 2023 22:49:30 +0000 (23:49 +0100)]
hw/usb/vt82c686-uhci-pci: Use ISA instead of PCI interrupts
This device is part of a superio/ISA bridge chip and IRQs from it are
routed to an ISA interrupt. Use via_isa_set_irq() function to implement
this in a vt82c686-uhci-pci specific irq handler.
This reverts commit
422a6e8075752bc5342afd3eace23a4990dd7d98.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-ID: <
ed5cdeaba7cf01eebdaa35f84c63427f4d8876b1.
1701035944.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
BALATON Zoltan [Sun, 26 Nov 2023 22:49:29 +0000 (23:49 +0100)]
hw/isa/vt82c686: Bring back via_isa_set_irq()
The VIA integrated south bridge chips combine several functions and
allow routing their interrupts to any of the ISA IRQs also allowing
multiple sources to share the same ISA IRQ. E.g. pegasos2 firmware
configures everything to use IRQ 9 but amigaone routes them to
separate ISA IRQs so the current simplified routing does not work.
Bring back via_isa_set_irq() and change it to take the component that
wants to change an IRQ and keep track of interrupt status of each
source separately and do the mapping to ISA IRQ within the ISA bridge.
This may not handle cases when an ISA IRQ is controlled by devices
directly, not going through via_isa_set_irq() such as serial, parallel
or keyboard but these IRQs being conventionally fixed are not likely
to be change by guests or share with other devices so this does not
cause a problem in practice.
This reverts commit
4e5a20b6da9b1f6d2e9621ed7eb8b239560104ae.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-ID: <
1c3902d4166234bef0a476026441eaac3dd6cda5.
1701035944.git.balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Samuel Tardieu [Thu, 23 Nov 2023 21:15:06 +0000 (22:15 +0100)]
target/hexagon/idef-parser/prepare: use env to invoke bash
This file is the only one involved in the compilation process which
still uses the /bin/bash path.
Signed-off-by: Samuel Tardieu <sam@rfc1149.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Anton Johansson <anjo@rev.ng>
Message-ID: <
20231123211506.636533-1-sam@rfc1149.net>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Kevin Wolf [Tue, 21 Nov 2023 17:34:16 +0000 (18:34 +0100)]
string-output-visitor: Support lists for non-integer types
With the introduction of list-based array properties in qdev, the string
output visitor has to deal with lists of non-integer elements now ('info
qtree' prints all properties with the string output visitor).
Currently there is no explicit support for such lists, and the resulting
output is only the last element because string_output_set() always
replaces the output with the latest value. Instead of replacing the old
value, append comma separated values in list context.
The difference can be observed in 'info qtree' with a 'rocker' device
that has a 'ports' list with more than one element.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <
20231121173416.346610-3-kwolf@redhat.com>
Kevin Wolf [Tue, 21 Nov 2023 17:34:15 +0000 (18:34 +0100)]
qdev: Fix crash in array property getter
Passing an uninitialised list to visit_start_list() happens to work for
the QObject output visitor because it treats the pointer as an opaque
value and never dereferences it, but the string output visitor expects a
valid list to check if it has more than one element.
The existing code crashes with the string output visitor if the
uninitialised value is non-NULL. Passing an explicit NULL would fix the
crash, but still result in wrong output.
Rework get_prop_array() so that it conforms to the expectations that the
string output visitor has. This includes building a real list first and
using visit_next_list() to iterate it.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1993
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Dan Hoffman <dhoff749@gmail.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <
20231121173416.346610-2-kwolf@redhat.com>
Gerd Hoffmann [Tue, 28 Nov 2023 07:49:26 +0000 (08:49 +0100)]
seabios: update binaries to 1.16.3 release
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Gerd Hoffmann [Tue, 28 Nov 2023 07:44:54 +0000 (08:44 +0100)]
seabios: update submodule to 1.16.3 release
git shortlog
1e1da7a96300..rel-1.16.3
-------------------------------------
Gerd Hoffmann (1):
limit address space used for pci devices.
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Frederic Konrad [Fri, 24 Nov 2023 14:35:05 +0000 (14:35 +0000)]
hw/dma/xlnx_csu_dma: don't throw guest errors when stopping the SRC DMA
UG1087 states for the source channel that: if SIZE is programmed to 0, and the
DMA is started, the interrupts DONE and MEM_DONE will be asserted.
This implies that it is allowed for the guest to stop the source DMA by writing
a size of 0 to the SIZE register, so remove the LOG_GUEST_ERROR in that case.
While at it remove the comment marking the SIZE register as write-only.
See: https://docs.xilinx.com/r/en-US/ug1087-zynq-ultrascale-registers/CSUDMA_SRC_SIZE-CSUDMA-Register
Signed-off-by: Frederic Konrad <fkonrad@amd.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Message-id:
20231124143505.
1493184-4-fkonrad@amd.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Frederic Konrad [Fri, 24 Nov 2023 14:35:04 +0000 (14:35 +0000)]
hw/misc, hw/ssi: Fix some URLs for AMD / Xilinx models
It seems that the url changed a bit, and it triggers an error. Fix the URLs so
the documentation can be reached again.
Signed-off-by: Frederic Konrad <fkonrad@amd.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Message-id:
20231124143505.
1493184-3-fkonrad@amd.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Frederic Konrad [Fri, 24 Nov 2023 14:35:03 +0000 (14:35 +0000)]
hw/ssi/xilinx_spips: fix an out of bound access
The spips, qspips, and zynqmp-qspips share the same realize function
(xilinx_spips_realize) and initialize their io memory region with different
mmio_ops passed through the class. The size of the memory region is set to
the largest area (0x200 bytes for zynqmp-qspips) thus it is possible to write
out of s->regs[addr] in xilinx_spips_write for spips and qspips.
This fixes that wrong behavior.
Reviewed-by: Luc Michel <luc.michel@amd.com>
Signed-off-by: Frederic Konrad <fkonrad@amd.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Message-id:
20231124143505.
1493184-2-fkonrad@amd.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Nov 2023 17:40:51 +0000 (18:40 +0100)]
hw/input/stellaris_gamepad: Free StellarisGamepad::keycodes[] array
Commit
0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit
a75f336b97 added:
DEFINE_PROP_ARRAY("keycodes", StellarisGamepad, num_buttons,
keycodes, qdev_prop_uint32, uint32_t),
but forgot to free the 'keycodes' array. Do it in the instance_finalize
handler.
Fixes:
a75f336b97 ("hw/input/stellaris_input: Convert to qdev")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20231121174051.63038-7-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Nov 2023 17:40:50 +0000 (18:40 +0100)]
hw/nvram/xlnx-efuse-ctrl: Free XlnxVersalEFuseCtrl[] "pg0-lock" array
Commit
0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit
9e4aa1fafe added:
DEFINE_PROP_ARRAY("pg0-lock",
XlnxVersalEFuseCtrl, extra_pg0_lock_n16,
extra_pg0_lock_spec, qdev_prop_uint16, uint16_t),
but forgot to free the 'extra_pg0_lock_spec' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes:
9e4aa1fafe ("hw/nvram: Xilinx Versal eFuse device") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20231121174051.63038-6-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Nov 2023 17:40:49 +0000 (18:40 +0100)]
hw/nvram/xlnx-efuse: Free XlnxEFuse::ro_bits[] array on finalize()
Commit
0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit
68fbcc344e added:
DEFINE_PROP_ARRAY("read-only", XlnxEFuse, ro_bits_cnt, ro_bits,
qdev_prop_uint32, uint32_t),
but forgot to free the 'ro_bits' array. Do it in the instance_finalize
handler.
Cc: qemu-stable@nongnu.org
Fixes:
68fbcc344e ("hw/nvram: Introduce Xilinx eFuse QOM") # v6.2.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20231121174051.63038-5-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Nov 2023 17:40:48 +0000 (18:40 +0100)]
hw/misc/mps2-scc: Free MPS2SCC::oscclk[] array on finalize()
Commit
0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit
4fb013afcc added:
DEFINE_PROP_ARRAY("oscclk", MPS2SCC, num_oscclk, oscclk_reset,
qdev_prop_uint32, uint32_t),
but forgot to free the 'oscclk_reset' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes:
4fb013afcc ("hw/misc/mps2-scc: Support configurable number of OSCCLK values") # v6.0.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20231121174051.63038-4-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Nov 2023 17:40:47 +0000 (18:40 +0100)]
hw/virtio: Free VirtIOIOMMUPCI::vdev.reserved_regions[] on finalize()
Commit
0be6bfac62 ("qdev: Implement variable length array properties")
added the DEFINE_PROP_ARRAY() macro with the following comment:
* It is the responsibility of the device deinit code to free the
* @_arrayfield memory.
Commit
8077b8e549 added:
DEFINE_PROP_ARRAY("reserved-regions", VirtIOIOMMUPCI,
vdev.nb_reserved_regions, vdev.reserved_regions,
qdev_prop_reserved_region, ReservedRegion),
but forgot to free the 'vdev.reserved_regions' array. Do it in the
instance_finalize() handler.
Cc: qemu-stable@nongnu.org
Fixes:
8077b8e549 ("virtio-iommu-pci: Add array of Interval properties") # v5.1.0+
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id:
20231121174051.63038-3-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Tue, 21 Nov 2023 17:40:46 +0000 (18:40 +0100)]
hw/virtio: Add VirtioPCIDeviceTypeInfo::instance_finalize field
The VirtioPCIDeviceTypeInfo structure, added in commit
a4ee4c8baa
("virtio: Helper for registering virtio device types") got extended
in commit
8ea90ee690 ("virtio: add class_size") with the @class_size
field. Do similarly with the @instance_finalize field.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20231121174051.63038-2-philmd@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Fri, 24 Nov 2023 18:33:25 +0000 (19:33 +0100)]
hw/net/can/xlnx-zynqmp: Avoid underflow while popping RX FIFO
Per https://docs.xilinx.com/r/en-US/ug1085-zynq-ultrascale-trm/Message-Format
Message Format
The same message format is used for RXFIFO, TXFIFO, and TXHPB.
Each message includes four words (16 bytes). Software must read
and write all four words regardless of the actual number of data
bytes and valid fields in the message.
There is no mention in this reference manual about what the
hardware does when not all four words are read. To fix the
reported underflow behavior, I choose to fill the 4 frame data
registers when the first register (ID) is accessed, which is how
I expect hardware would do.
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Reviewed-by: Vikram Garhwal <vikram.garhwal@amd.com>
Message-id:
20231124183325.95392-3-philmd@linaro.org
Fixes:
98e5d7a2b7 ("hw/net/can: Introduce Xilinx ZynqMP CAN controller")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1427
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Reviewed-by: Vikram Garhwal <vikram.garhwal@amd.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Philippe Mathieu-Daudé [Fri, 24 Nov 2023 18:33:24 +0000 (19:33 +0100)]
hw/net/can/xlnx-zynqmp: Avoid underflow while popping TX FIFOs
Per https://docs.xilinx.com/r/en-US/ug1085-zynq-ultrascale-trm/Message-Format
Message Format
The same message format is used for RXFIFO, TXFIFO, and TXHPB.
Each message includes four words (16 bytes). Software must read
and write all four words regardless of the actual number of data
bytes and valid fields in the message.
There is no mention in this reference manual about what the
hardware does when not all four words are written. To fix the
reported underflow behavior when DATA2 register is written,
I choose to fill the data with the previous content of the
ID / DLC / DATA1 registers, which is how I expect hardware
would do.
Note there is no hardware flag raised under such condition.
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Reviewed-by: Vikram Garhwal <vikram.garhwal@amd.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20231124183325.95392-2-philmd@linaro.org
Fixes:
98e5d7a2b7 ("hw/net/can: Introduce Xilinx ZynqMP CAN controller")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1425
Reviewed-by: Francisco Iglesias <francisco.iglesias@amd.com>
Reviewed-by: Vikram Garhwal <vikram.garhwal@amd.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 20 Nov 2023 17:35:06 +0000 (17:35 +0000)]
target/arm: Handle overflow in calculation of next timer tick
In commit
edac4d8a168 back in 2015 when we added support for
the virtual timer offset CNTVOFF_EL2, we didn't correctly update
the timer-recalculation code that figures out when the timer
interrupt is next going to change state. We got it wrong in
two ways:
* for the 0->1 transition, we didn't notice that gt->cval + offset
can overflow a uint64_t
* for the 1->0 transition, we didn't notice that the transition
might now happen before the count rolls over, if offset > count
In the former case, we end up trying to set the next interrupt
for a time in the past, which results in QEMU hanging as the
timer fires continuously.
In the latter case, we would fail to update the interrupt
status when we are supposed to.
Fix the calculations in both cases.
The test case is Alex Bennée's from the bug report, and tests
the 0->1 transition overflow case.
Fixes:
edac4d8a168 ("target-arm: Add CNTVOFF_EL2")
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/60
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20231120173506.
3729884-1-peter.maydell@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 20 Nov 2023 15:01:21 +0000 (15:01 +0000)]
target/arm: Set IL bit for pauth, SVE access, BTI trap syndromes
The syndrome register value always has an IL field at bit 25, which
is 0 for a trap on a 16 bit instruction, and 1 for a trap on a 32
bit instruction (or for exceptions which aren't traps on a known
instruction, like PC alignment faults). This means that our
syn_*() functions should always either take an is_16bit argument to
determine whether to set the IL bit, or else unconditionally set it.
We missed setting the IL bit for the syndrome for three kinds of trap:
* an SVE access exception
* a pointer authentication check failure
* a BTI (branch target identification) check failure
All of these traps are AArch64 only, and so the instruction causing
the trap is always 64 bit. This means we can unconditionally set
the IL bit in the syn_*() function.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20231120150121.
3458408-1-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Stefan Hajnoczi [Mon, 27 Nov 2023 13:59:00 +0000 (08:59 -0500)]
Merge tag 'qga-pull-2023-11-25' of https://github.com/kostyanf14/qemu into staging
qga-pull-2023-11-25
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEwsLBCepDxjwUI+uE711egWG6hOcFAmViLdsACgkQ711egWG6
# hOfKIQ//fLIycqEGGLqaORaO04lSOUHU5plSHTU6ACQxILZnMas7CDgfEc2ReCor
# iyGCUBmNJ0NiSMRZIKys+0gWh/jgCW613KlOKTvGsn1WOgzXId5TOZSx4P7vfw2o
# t7gizx02KdaTnOe3VeTCxBRUrCl1skNw487lek++5L7lKD6a4rstND8T4I2fnWyB
# 4Y0gWdIyouWMA2xxkQffxD4ycvHxGeEosp//e6KPB3dk7lM4AAh5CrX/WshItXhp
# dL1oykgBDfRCFP42exOs5PrB4fIrYbP58qEzP+9QZpysqsa3OX0AJZw3Wgd1sbHJ
# 40II+dQTZFN27NTEeZGw1dg38q0bTNvj2dHvv+w3CHjB8Er2Wfm0ERmSWurQGYf5
# uYqNeHfDVg2m6gi4Nzav679NtWlYLhDBN1pok+K8U/im9UK2M9Jk5XieKvOiE8qX
# OVBNMC0ty4Utq6KXZUTjbxQcj5/x50OovN+5CP55OAJBwOCk6Er9j5t9RNuKDLY9
# tkllpjZ6d4KI6uwu1zL4znjNGZvNd7eQNagerv5GNpR5mJZqjv/3snpALUqPHjDA
# GKBAXwGUXeMCyFR4Gi5NjX5czgDaK4naGrq8GN6T47q2CwUMvowXRX3nwpw0Q38W
# BwRjaFEg6mCNy6Vlfj6gIvVF/3PqJh3Iq4rL26I9EMqri0LZW0o=
# =RETE
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 25 Nov 2023 12:24:43 EST
# gpg: using RSA key
C2C2C109EA43C63C1423EB84EF5D5E8161BA84E7
# gpg: Good signature from "Kostiantyn Kostiuk (Upstream PR sign) <kkostiuk@redhat.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: C2C2 C109 EA43 C63C 1423 EB84 EF5D 5E81 61BA 84E7
* tag 'qga-pull-2023-11-25' of https://github.com/kostyanf14/qemu:
build-sys: fix meson project version usage
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 27 Nov 2023 13:58:21 +0000 (08:58 -0500)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* document what configure does with virtual environments
* bump known good meson version to v1.2.3
* upgrade macOS to 13 (Ventura) and Add manual testing of macOS 14 (Sonoma)
* use simple assertions instead of Coverity models
* miscellaneous fixes
* adjust URL to Coverity tools
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmVgv78UHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroPTmgf/VgDEIRP0teMsz1qAPWyH3eanoF8w
# XN9gN0jYUqv1pYVdBws3qxsZFr0GCUrEhF46wbDBj5BgNYjiO6Cg7la1Ryyry7sV
# GmwgAQhaCelY7USS4tGeK2A/EpEx4M/pOKfzJhAyjm9d87bdOBoankeYjCR0XZqD
# O9CypjA9mxx6Gi28RC1OjIIPxERgazpDMmm1gntEI29qoYiKvD7uOjA3EP7zrBhz
# 6Qi1/cx5WgvhePnFAab25jQDgkFaPViZSV28UdfH/29+bUkcJhyki56+vIoLbEtK
# 18+wVQkOFl10Ibo7cmQ4JnT8q7BaqhXbO54xmT3LKzMi1I8RCOpOiFFGjg==
# =+YGq
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 24 Nov 2023 10:22:39 EST
# gpg: using RSA key
F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
scripts: adjust url to Coverity tools
configure: Make only once with pseudo-"in source tree" builds
system: Use &error_abort in memory_region_init_ram_[device_]ptr()
disas/cris: Pass buffer size to format_dec() to avoid overflow warning
audio: Free consumed default audio devices
.gitlab-ci.d/cirrus: Add manual testing of macOS 14 (Sonoma)
buildsys: Bump known good meson version to v1.2.3
docs: document what configure does with virtual environments
tests: respect --enable/--disable-download for Avocado
coverity: physmem: use simple assertions instead of modelling
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Marc-André Lureau [Thu, 2 Nov 2023 14:10:10 +0000 (18:10 +0400)]
build-sys: fix meson project version usage
Program wixl found: YES (/usr/bin/wixl)
../qga/meson.build:149:16: ERROR: Unknown variable "project".
Fixes:
e20d68aa0b9 ("configure, meson: use command line options to configure qemu-ga")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Paolo Bonzini [Mon, 20 Nov 2023 21:04:31 +0000 (16:04 -0500)]
scripts: adjust url to Coverity tools
The URL to the Coverity tools download has changed; the old one points
to an obsolete version that is not supported anymore. Adjust to point
to the correct and supported tools.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Akihiko Odaki [Sun, 19 Nov 2023 10:16:02 +0000 (19:16 +0900)]
configure: Make only once with pseudo-"in source tree" builds
Pseudo-"in source tree" build used to run make in the build directory
as many times as goals. Worse, although .NOTPARALLEL is specified,
it does not work for patterns, and run make in parallel, which can break
things.
Add a new rule "build", and let it call make. The pattern rule only
needs to specify "build" as its prerequisite and have a no-op recipe so
that it does more than canceling built-in implicit rules.
Fixes:
dedad02720 ("configure: add support for pseudo-"in source tree" builds")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-ID: <
20231119101604.47325-1-akihiko.odaki@daynix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Philippe Mathieu-Daudé [Mon, 20 Nov 2023 13:31:11 +0000 (14:31 +0100)]
system: Use &error_abort in memory_region_init_ram_[device_]ptr()
If an unexpected error condition happens, we have to abort
(&fatal_error is meant for expected errors).
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <
20231120133112.82447-1-philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Philippe Mathieu-Daudé [Mon, 20 Nov 2023 13:22:22 +0000 (14:22 +0100)]
disas/cris: Pass buffer size to format_dec() to avoid overflow warning
Propagate the buffer size to format_dec() and use snprintf().
This should silence this UBSan -Wformat-overflow warning:
In file included from /usr/include/stdio.h:906,
from include/qemu/osdep.h:114,
from ../disas/cris.c:21:
In function 'sprintf',
inlined from 'format_dec' at ../disas/cris.c:1737:3,
inlined from 'print_with_operands' at ../disas/cris.c:2477:12,
inlined from 'print_insn_cris_generic.constprop' at ../disas/cris.c:2690:8:
/usr/include/bits/stdio2.h:30:10: warning: null destination pointer [-Wformat-overflow=]
30 | return __builtin___sprintf_chk (__s, __USE_FORTIFY_LEVEL - 1,
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
31 | __glibc_objsize (__s), __fmt,
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
32 | __va_arg_pack ());
| ~~~~~~~~~~~~~~~~~
Reported-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20231120132222.82138-1-philmd@linaro.org>
[Rewritten to fix logic and avoid repeated expression. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Akihiko Odaki [Mon, 20 Nov 2023 11:28:02 +0000 (20:28 +0900)]
audio: Free consumed default audio devices
Failed default audio devices were removed from the list but not freed,
and that made LeakSanitizer sad. Free default audio devices as they are
consumed.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <
20231120112804.9736-1-akihiko.odaki@daynix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Philippe Mathieu-Daudé [Thu, 9 Nov 2023 16:05:03 +0000 (17:05 +0100)]
.gitlab-ci.d/cirrus: Add manual testing of macOS 14 (Sonoma)
Upgrade libvirt-ci so it covers macOS 14. Add a manual entry
(QEMU_JOB_OPTIONAL: 1) to test on Sonoma release. Refresh the
lci-tool generated files.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20231109160504.93677-3-philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Philippe Mathieu-Daudé [Thu, 9 Nov 2023 16:05:02 +0000 (17:05 +0100)]
buildsys: Bump known good meson version to v1.2.3
We need meson v1.2.3 to build QEMU on macOS Sonoma. It
also builds fine all our CI jobs (as tested by also bumping
"accepted" in pythondeps.toml), so let's use it as our
"good enough" packaged wheel.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1939
Suggested-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20231109160504.93677-2-philmd@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 9 Nov 2023 14:54:40 +0000 (15:54 +0100)]
docs: document what configure does with virtual environments
Given the recent confusion around how QEMU detects the system
Meson installation, and/or decides to install its own, it is
time to fill in the "Python virtual environments and the QEMU
build system" section of the documentation.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Stefan Hajnoczi [Fri, 24 Nov 2023 13:00:18 +0000 (08:00 -0500)]
Merge tag 'pull-for-8.2-fixes-231123-1' of https://gitlab.com/stsquad/qemu into staging
various random fixes for 8.2
- replace fedora-i386 cross compiler with debian
- update cirrus MacOS image to Ventura
- merge debian-native and debian-amd64 docker images
- fix compile of plugins on Windows mingw cross
- add some doc notes on semihosting READC
- add some doc notes on gdbstub
- skip loading debug symbols if we have failed
- enable arm-softmmu TCG tests
- don't attempt to use native cross builds for linux-user
- clean up registers gdb test case (ppc64/s390x)
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmVfXowACgkQ+9DbCVqe
# KkQY6Af5AVjPG2aHmixvhTjxEx5dXAH3cGYsWbny3EByT2RijaTBBK/A4OB7RTVV
# fr11kGpCkJDk4JPoUz4yTuw6Q+7WBmB0tJJ5wcGyC9cyCjI/PttSTJUC7hiikifw
# dg1IVrJZX0ahOpUiDXAtDbeHK1/i95mDRtot40mnyv5HHYHlJKohKsUVtiQEWMeq
# 0/X/M5Zq8oJ6wCkbw1nsCqkWpZa7eh4YcB9cGNf87dd0ZJ9M93CbjdSQlsugF2gB
# pH+5ZGOj+L/zkbEKoaWJNwYzF4G6hJeLpqP2rLMqRfA5MM43wdd0dJ6gK0ylKeuR
# Bo7jC1oEOcuLibZY40OhlOwLTMWiDg==
# =ME/l
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 23 Nov 2023 09:15:40 EST
# gpg: using RSA key
6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-for-8.2-fixes-231123-1' of https://gitlab.com/stsquad/qemu:
tests/tcg: finesse the registers check for "hidden" regs
configure: don't try a "native" cross for linux-user
tests/tcg: enable semiconsole test for Arm
tests/tcg: enable arm softmmu tests
testing: move arm system tests into their own folder
hw/core: skip loading debug on all failures
docs/system: clarify limits of using gdbstub in system emulation
docs/emulation: expand warning about semihosting
tests/tcg: fixup Aarch64 semiconsole test
target/nios2: Deprecate the Nios II architecture
plugins: fix win plugin tests on cross compile
tests/docker: merge debian-native with debian-amd64
.gitlab-ci.d/cirrus: Upgrade macOS to 13 (Ventura)
tests/docker: replace fedora-i386 with debian-i686
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Paolo Bonzini [Fri, 10 Nov 2023 08:37:34 +0000 (09:37 +0100)]
tests: respect --enable/--disable-download for Avocado
Pass the content of $mkvenv_flags (which is either "--online"
or empty) down to tests/Makefile.include.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Vladimir Sementsov-Ogievskiy [Thu, 5 Oct 2023 14:03:26 +0000 (17:03 +0300)]
coverity: physmem: use simple assertions instead of modelling
Unfortunately Coverity doesn't follow the logic aroung "len" and "l"
variables in stacks finishing with flatview_{read,write}_continue() and
generate a lot of OVERRUN false-positives. When small buffer (2 or 4
bytes) is passed to mem read/write path, Coverity assumes the worst
case of sz=8 in stn_he_p()/ldn_he_p() (defined in
include/qemu/bswap.h), and reports buffer overrun.
To silence these false-positives we have model functions, which hide
real logic from Coverity.
However, it turned out that these new two assertions are enough to
quiet Coverity.
Assertions are better than hiding the logic, so let's drop the
modelling and move to assertions for memory r/w call stacks.
After patch, the sequence
cov-make-library --output-file /tmp/master.xmldb \
scripts/coverity-scan/model.c
cov-build --dir ~/covtmp/master make -j9
cov-analyze --user-model-file /tmp/master.xmldb \
--dir ~/covtmp/master --all --strip-path "$(pwd)
cov-format-errors --dir ~/covtmp/master \
--html-output ~/covtmp/master_html_report
Generate for me the same big set of CIDs excepept for 6 disappeared (so
it becomes even better).
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Acked-by: David Hildenbrand <david@redhat.com>
Message-ID: <
20231005140326.332830-1-vsementsov@yandex-team.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Alex Bennée [Tue, 21 Nov 2023 15:36:06 +0000 (15:36 +0000)]
tests/tcg: finesse the registers check for "hidden" regs
The reason the ppc64 and s390x test where failing was because gdb
hides them although they are still accessible via regnum. We can
re-arrange the test a little bit and include these two arches in our
test.
We also need to be a bit more careful handling remote-registers as the
format isn't easily parsed with pure white space separation. Once we
fold types like "long long" and "long double" into a single word we
can now assert all registers are either listed or elided.
Cc: Ilya Leoshkevich <iii@linux.ibm.com>
Cc: <qemu-s390x@nongnu.org>
Cc: Nicholas Piggin <npiggin@gmail.com>
Cc: Daniel Henrique Barboza <danielhb413@gmail.com>
Cc: <qemu-ppc@nongnu.org>
Cc: Luis Machado <luis.machado@arm.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231121153606.542101-1-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:32 +0000 (15:08 +0000)]
configure: don't try a "native" cross for linux-user
As 32 bit x86 become rarer we are starting to run into problems with
search paths. Although we switched to a Debian container we still
favour the native CC on a Bookworm host. As a result we have a broken
cross compile setup which then fails to build with:
BUILD i386-linux-user guest-tests
In file included from /usr/include/linux/stat.h:5,
from /usr/include/bits/statx.h:31,
from /usr/include/sys/stat.h:465,
from /home/alex/lsrc/qemu.git/tests/tcg/multiarch/linux/linux-test.c:28:
/usr/include/linux/types.h:5:10: fatal error: asm/types.h: No such file or directory
5 | #include <asm/types.h>
| ^~~~~~~~~~~~~
compilation terminated.
make[1]: *** [Makefile:119: linux-test] Error 1
make: *** [/home/alex/lsrc/qemu.git/tests/Makefile.include:50: build-tcg-tests-i386-linux-user] Error 2
This is likely to affect more and more linux-user builds so wrap the
whole check in a test for softmmu targets (aka bare metal) which don't
worry about such header niceties. This allows us to keep using the
host compiler for softmmu tests and the roms.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-14-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:31 +0000 (15:08 +0000)]
tests/tcg: enable semiconsole test for Arm
This still remains a MANUAL test due to blocking issues.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-13-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:30 +0000 (15:08 +0000)]
tests/tcg: enable arm softmmu tests
To make it easier to test 32 bit Arm softmmu issues implement a basic
boot.S so we can build the multiarch tests. Currently CHECK_UNALIGNED
is disabled as I haven't got the right magic set for it to work.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-12-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:29 +0000 (15:08 +0000)]
testing: move arm system tests into their own folder
Prepare for expanding the arm system tests by cleaning up the test
directory.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-11-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:28 +0000 (15:08 +0000)]
hw/core: skip loading debug on all failures
ELF_LOAD_FAILED is one of many negative return codes we can have. Lets
treat any positive size_t as a success for loading.
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-10-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:27 +0000 (15:08 +0000)]
docs/system: clarify limits of using gdbstub in system emulation
It seems some users will try and use the gdbstub to debug userspace
inside a system emulation. While possible clarify the limitations of
this approach and direct the users to a less head scratching way of
debugging user-space.
Clarifies: https://gitlab.com/qemu-project/qemu/-/issues/1274
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-9-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:26 +0000 (15:08 +0000)]
docs/emulation: expand warning about semihosting
A surprising feature of calls like SYS_READC is this can cause QEMU to
indefinitely block as there is no handling for EOF.
Clarifies: https://gitlab.com/qemu-project/qemu/-/issues/1963
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-8-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:25 +0000 (15:08 +0000)]
tests/tcg: fixup Aarch64 semiconsole test
We need to ensure we squash the serial port if we want to hand craft
our muxed input. As a bonus emit the example with a V=1 build to make
it easier for people to figure out.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-7-alex.bennee@linaro.org>
Philippe Mathieu-Daudé [Mon, 20 Nov 2023 15:08:24 +0000 (15:08 +0000)]
target/nios2: Deprecate the Nios II architecture
See commit
9ba1caf510 ("MAINTAINERS: Mark the Nios II CPU as orphan"),
last contribution from Chris was in 2012 [1] and Marek in 2018 [2].
[1] https://lore.kernel.org/qemu-devel/
1352607539-10455-2-git-send-email-crwulff@gmail.com/
[2] https://lore.kernel.org/qemu-devel/
805fc7b5-03f0-56d4-abfd-
ed010d4fa769@denx.de/
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Acked-by: Marek Vasut <marex@denx.de>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <
20231117070250.32932-1-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-6-alex.bennee@linaro.org>
Greg Manning [Mon, 20 Nov 2023 15:08:23 +0000 (15:08 +0000)]
plugins: fix win plugin tests on cross compile
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1972
Cross compile gcc is more picky about argument order than msys. Changed
the meson command to take the (now renamed) libqemu_plugin_api.a as a
lib, rather than an object. This puts it in the right place on both
native and cross compile gcc commands
Reenable plugins on crossbuilds
Signed-off-by: Greg Manning <gmanning@rapitasystems.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20231109124326.21106-2-gmanning@rapitasystems.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-5-alex.bennee@linaro.org>
Alex Bennée [Mon, 20 Nov 2023 15:08:22 +0000 (15:08 +0000)]
tests/docker: merge debian-native with debian-amd64
debian-native isn't really needed and suffers from the problem of
tracking a distros dependencies rather than the projects. With a
little surgery we can make the debian-amd64 container architecture
neutral and allow people to use it to build a native QEMU.
Rename it so it follows the same non-arch pattern of the other distro
containers.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Anders Roxell <anders.roxell@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-4-alex.bennee@linaro.org>
Philippe Mathieu-Daudé [Mon, 20 Nov 2023 15:08:21 +0000 (15:08 +0000)]
.gitlab-ci.d/cirrus: Upgrade macOS to 13 (Ventura)
macOS 14 "Sonoma" was released on September 2023 [1].
According to QEMU's support policy, we stop supporting the
previous major release two years after the the new major
release has been published. Replace the macOS 12 (Monterey)
testing by macOS 13 (Ventura, released on October 2022, [2]).
Refresh the generated files by running:
$ make lcitool-refresh
[1] https://www.apple.com/newsroom/2023/09/macos-sonoma-is-available-today/
[2] https://www.apple.com/newsroom/2022/10/macos-ventura-is-now-available/
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20231108162022.76189-1-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-3-alex.bennee@linaro.org>
Daniel P. Berrangé [Mon, 20 Nov 2023 15:08:20 +0000 (15:08 +0000)]
tests/docker: replace fedora-i386 with debian-i686
Fedora is gradually killing off i386 packages in its repos, via a
death-by-1000-cuts process. Thus Debian looks like a better long
term bet for i686 build testing. It has the added advantage that
we can generate it via lcitool too.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20231107164109.
1449014-1-berrange@redhat.com>
[AJB: tweak commit msg, set correct prefix]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20231120150833.
2552739-2-alex.bennee@linaro.org>
Stefan Hajnoczi [Wed, 22 Nov 2023 14:39:23 +0000 (09:39 -0500)]
Merge tag 'pull-riscv-to-apply-
20231122' of https://github.com/alistair23/qemu into staging
Fourth RISC-V PR for 8.2
This is a few bug fixes for the 8.2 release
* Add Zicboz block size to hwprobe
* Creat the virt machine FDT before machine init is complete
* Don't verify ISA compatibility for zicntr and zihpm
* Fix SiFive E CLINT clock frequency
* Fix invalid exception on MMU translation stage
* Fix mxr bit behavior
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmVdk4sACgkQr3yVEwxT
# gBP6gQ/+NzdRT8Wx/9ynnKs0XwXBwOjQTHDcxCIKLWYrM26c3M+4XEU6IBdg2X1T
# qRv9Xal/pXqvAz8tIunF1fNd0Syom4UezcjvLjzipWwS32+D9KEKhKz89aoQc2SQ
# lnTBYz6lSUNppp3wj68gNAyPpht+5zVwYZDsjeZCRlAS00dcl26Xde8kt9tJW7zy
# tPBvHtJP9AVc+HJdClytEZ79G+EHN5Y4ScoJsVinXSBZs9lIQD+nPmFbxopre6kg
# +RUk56eATIlVMISD5pCYyCr3jTebMqVIFY9xtQxb4R09aLYN6+k13NfsJeIcQgaF
# MbhAGE0WbXEhKyHe4BuVtyz2k+zYtoh6YSE2Czub2pzPAfpKKWiu4Odi7vHlYejw
# Nksn3N7LR3FbhrDst71+EQ28vUuEYfECEFICjzHb+DhxlPxHW9WC4f8ciTUpT57O
# HPWYN7zn5Yw97nGBVuITVO7DfcQcw8MS8HcFEelkeDOephiDKr327SWTL+lp5+P5
# fm7PM4Z92GRvT3Voj4mebVxC62CGqehDotWRvXCvc87m4DfLsmpt0nNeX9q18zw+
# phEZ5Q8AMmEnRzpmoXEzzcDWyJIO6huJFad0imTR6MqvXYxsJYIr+wURDB6POelP
# SfMqdX9cTu8xJ7Hw4gJT9ZgcTlKsTq5LNpGZ/kLPXS6/y7fgC5Y=
# =QK14
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 22 Nov 2023 00:37:15 EST
# gpg: using RSA key
6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-
20231122' of https://github.com/alistair23/qemu:
target/riscv/cpu_helper.c: Fix mxr bit behavior
target/riscv/cpu_helper.c: Invalid exception on MMU translation stage
riscv: Fix SiFive E CLINT clock frequency
target/riscv: don't verify ISA compatibility for zicntr and zihpm
hw/riscv/virt.c: do create_fdt() earlier, add finalize_fdt()
linux-user/riscv: Add Zicboz block size to hwprobe
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 22 Nov 2023 14:38:41 +0000 (09:38 -0500)]
Merge tag 'seabios-hppa-v13-pull-request' of https://github.com/hdeller/qemu-hppa into staging
SeaBIOS-hppa v13
Please pull an update of SeaBIOS-hppa to v13 to fix
a system reboot crash in qemu-system-hppa as reported in
https://gitlab.com/qemu-project/qemu/-/issues/1991
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZV0uiQAKCRD3ErUQojoP
# X/UEAP4vVLO/21SwO8/UpmImQPGTpoGUxA2DWYHBfjmyVGEoqwEA1sfhqpdahDJ0
# FLSculh9fFG7vWOMCZo2Xnur+X9ahgQ=
# =FaBT
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 17:26:17 EST
# gpg: using EDDSA key
BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'seabios-hppa-v13-pull-request' of https://github.com/hdeller/qemu-hppa:
target/hppa: Update SeaBIOS-hppa to version 13
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Ivan Klokov [Tue, 21 Nov 2023 07:17:57 +0000 (10:17 +0300)]
target/riscv/cpu_helper.c: Fix mxr bit behavior
According to RISCV Specification sect 9.5 on two stage translation when
V=1 the vsstatus(mstatus in QEMU's terms) field MXR, which makes
execute-only pages readable, only overrides VS-stage page protection.
Setting MXR at HS-level(mstatus_hs), however, overrides both VS-stage
and G-stage execute-only permissions.
The hypervisor extension changes the behavior of MXR\MPV\MPRV bits.
Due to RISCV Specification sect. 9.4.1 when MPRV=1, explicit memory
accesses are translated and protected, and endianness is applied, as
though the current virtualization mode were set to MPV and the current
nominal privilege mode were set to MPP. vsstatus.MXR makes readable
those pages marked executable at the VS translation stage.
Fixes:
36a18664ba ("target/riscv: Implement second stage MMU")
Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20231121071757.7178-3-ivan.klokov@syntacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Ivan Klokov [Tue, 21 Nov 2023 07:17:56 +0000 (10:17 +0300)]
target/riscv/cpu_helper.c: Invalid exception on MMU translation stage
According to RISCV privileged spec sect. 5.3.2 Virtual Address Translation Process
access-fault exceptions may raise only after PMA/PMP check. Current implementation
generates an access-fault for mbare mode even if there were no PMA/PMP errors.
This patch removes the erroneous MMU mode check and generates an access-fault
exception based on the pmp_violation flag only.
Fixes:
1448689c7b ("target/riscv: Allow specifying MMU stage")
Signed-off-by: Ivan Klokov <ivan.klokov@syntacore.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20231121071757.7178-2-ivan.klokov@syntacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Román Cárdenas [Fri, 17 Nov 2023 08:28:42 +0000 (09:28 +0100)]
riscv: Fix SiFive E CLINT clock frequency
If you check the manual of SiFive E310 (https://cdn.sparkfun.com/assets/7/f/0/2/7/fe310-g002-manual-v19p05.pdf),
you can see in Figure 1 that the CLINT is connected to the real time clock, which also feeds the AON peripheral (they share the same clock).
In page 43, the docs also say that the timer registers of the CLINT count ticks from the rtcclk.
I am currently playing with bare metal applications both in QEMU and a physical SiFive E310 board and
I confirm that the CLINT clock in the physical board runs at 32.768 kHz.
In QEMU, the same app produces a completely different outcome, as sometimes a new CLINT interrupt is triggered before finishing other tasks.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1978
Signed-off-by: Rom\ufffd\ufffdn C\ufffd\ufffdrdenas <rcardenas.rod@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20231117082840.55705-1-rcardenas.rod@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Clément Chigot [Tue, 14 Nov 2023 12:39:13 +0000 (13:39 +0100)]
target/riscv: don't verify ISA compatibility for zicntr and zihpm
The extensions zicntr and zihpm were officially added in the privilege
instruction set specification 1.12. However, QEMU has been implemented
them long before it and thus they are forced to be on during the cpu
initialization to ensure compatibility (see riscv_cpu_init).
riscv_cpu_disable_priv_spec_isa_exts was not updated when the above
behavior was introduced, resulting in these extensions to be disabled
after all.
Signed-off-by: Clément Chigot <chigot@adacore.com>
Fixes:
c004099330 ("target/riscv: add zicntr extension flag for TCG")
Fixes:
0824121660 ("target/riscv: add zihpm extension flag for TCG")
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20231114123913.536194-1-chigot@adacore.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Daniel Henrique Barboza [Fri, 10 Nov 2023 17:25:59 +0000 (14:25 -0300)]
hw/riscv/virt.c: do create_fdt() earlier, add finalize_fdt()
Commit
49554856f0 fixed a problem, where TPM devices were not appearing
in the FDT, by delaying the FDT creation up until virt_machine_done().
This create a side effect (see gitlab #1925) - devices that need access
to the '/chosen' FDT node during realize() stopped working because, at
that point, we don't have a FDT.
This happens because our FDT creation is monolithic, but it doesn't need
to be. We can add the needed FDT components for realize() time and, at
the same time, do another FDT round where we account for dynamic sysbus
devices. In other words, the problem fixed by
49554856f0 could also be
fixed by postponing only create_fdt_sockets() and its dependencies,
leaving everything else from create_fdt() to be done during init().
Split the FDT creation in two parts:
- create_fdt(), now moved back to virt_machine_init(), will create FDT
nodes that doesn't depend on additional (dynamic) devices from the
sysbus;
- a new finalize_fdt() step is added, where create_fdt_sockets() and
friends is executed, accounting for the dynamic sysbus devices that
were added during realize().
This will make both use cases happy: TPM devices are still working as
intended, and devices such as 'guest-loader' have a FDT to work on
during realize().
Fixes:
49554856f0 ("riscv: Generate devicetree only after machine initialization is complete")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1925
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20231110172559.73209-1-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Palmer Dabbelt [Fri, 10 Nov 2023 17:37:16 +0000 (09:37 -0800)]
linux-user/riscv: Add Zicboz block size to hwprobe
Support for probing the Zicboz block size landed in Linux 6.6, which was
released a few weeks ago. This provides the user-configured block size
when Zicboz is enabled.
Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20231110173716.24423-1-palmer@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Helge Deller [Tue, 21 Nov 2023 20:23:03 +0000 (21:23 +0100)]
target/hppa: Update SeaBIOS-hppa to version 13
SeaBIOS-hppa version 13 fixes a system reboot crash as reported
in https://gitlab.com/qemu-project/qemu/-/issues/1991
Signed-off-by: Helge Deller <deller@gmx.de>
Stefan Hajnoczi [Tue, 21 Nov 2023 18:56:12 +0000 (13:56 -0500)]
Update version for v8.2.0-rc1 release
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 21 Nov 2023 18:16:35 +0000 (13:16 -0500)]
Merge tag 'pull-lu-
20231121' of https://gitlab.com/rth7680/qemu into staging
linux-user: Fix loaddr computation for some elf files
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmVc0wUdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV97FQf+LHUf8Np5uiPwmu0f
# SUVlfxccp1KjQE2pppQ16TReNV/GsJd1u4VvInhDZSMrwceCmi1T8q3n75Vff5h0
# mUaCsNKCBVOgmvjtQ+9gOCEtPNYTpEBZyfs6I4iX4+mpkDSMON28CDakILHRSAG/
# NwFs3I8E773dERR6tJmvBjAKr0a7QYMHHbXFkGN0QSaCo3YVuqMgZj1+5oGGUMun
# 8f1HSRDvtAtKQgCmzsP9FEjpS4/T2ElppS0vvy063gD60Vkg9h8gyT/eFkQQMiHq
# SKo1nvhuCd/xMW67RIdm6fyvgkiDvNBV5/ae8Zqdlk7TGDQP24/V3gWtTEHyQWu6
# QteijA==
# =ryU1
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 10:55:49 EST
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* tag 'pull-lu-
20231121' of https://gitlab.com/rth7680/qemu:
linux-user: Fix loaddr computation for some elf files
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Thomas Huth [Tue, 21 Nov 2023 10:08:42 +0000 (11:08 +0100)]
Revert "tests/avocado: Enable reverse_debugging.py tests in gitlab CI"
This reverts commit
c4d74ab24a02c90b7a3240510b3dd4e1bec536dd.
The reverse debugging test is sometimes still failing. See:
https://gitlab.com/qemu-project/qemu/-/issues/1992
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <
20231121100842.677363-1-thuth@redhat.com>
Stefan Hajnoczi [Tue, 21 Nov 2023 15:27:10 +0000 (10:27 -0500)]
Merge tag 'pull-xenfv-
20231121' of git://git.infradead.org/users/dwmw2/qemu into staging
Xen fixes for 8.2-rc1
• Disable default serial when xen-console is used
• Fix Coverity warning in xen-block
# -----BEGIN PGP SIGNATURE-----
#
# iQJIBAABCAAyFiEEvgfZ/VSAmrLEsP9fY3Ys2mfi81kFAmVcmrAUHGR3bXcyQGlu
# ZnJhZGVhZC5vcmcACgkQY3Ys2mfi81njqg/8DFr03kVfwRujIZXDROoq40vjgdOF
# MoGgowDNapliXiecVcHzdvFXgRxwr9bhpX5eDEtfgROoH8mbPPd4YZJHdPNM0Yc3
# 0hoSWrIYocsYRAIoozXrtsNw8ep2vSEPNv5+CIVYkkie/mLs02cy43q09cJDzABx
# DvmSfC5o5JCs/x3qPLM6ydhnTaUipuPt1wnG9xaJLWgm/U9pK6Ba9w1eNGn8EE7m
# ekzpv9lYfCd/KbPogtXAEd7nkCOi/lKQVJmU7auXFi8FKwZNoKOYl3cTVln/EFmT
# az3qLSHgOZwElNQEYn0mBa/RgAQ2K9X7n12TgxG30VSUmajxJnl/eKy4ISyaAmwY
# vNVhdsXQICqM4OYaD2j8RiXX5YNtIC+MBb7nlUN7invKXE9ZylHbXvOstkUCjQ34
# x9CMVIibPoWk7XGUX+r7KUSwSQnpelVbqBWltkmgNjYuUIShDT6r5cOrYdM2orii
# UYOqPJqchbEDNoGwJK45EOSn8Ss5geAWuM7dFL0AuwZAbcKAqGG6vihPnDJyhnWA
# EPv2/5h2Vi24fqeWz3W+hckm8LXrc2Ow8A0rY3WAz7CvmBTgYCPx4d4kdTU6Gysn
# i8DRoKMhZS9WvHPPxY1v8+ysG1UCCNFe4qH0Wgv+ubSbr5GaK2igWIBQ5bXnuYL8
# R4Ef5pPLpa2jiF4=
# =cWon
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 06:55:28 EST
# gpg: using RSA key
BE07D9FD54809AB2C4B0FF5F63762CDA67E2F359
# gpg: issuer "dwmw2@infradead.org"
# gpg: Good signature from "David Woodhouse <dwmw2@infradead.org>" [unknown]
# gpg: aka "David Woodhouse <dwmw2@exim.org>" [unknown]
# gpg: aka "David Woodhouse <david@woodhou.se>" [unknown]
# gpg: aka "David Woodhouse <dwmw2@kernel.org>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: BE07 D9FD 5480 9AB2 C4B0 FF5F 6376 2CDA 67E2 F359
* tag 'pull-xenfv-
20231121' of git://git.infradead.org/users/dwmw2/qemu:
hw/xen: clean up xen_block_find_free_vdev() to avoid Coverity false positive
vl: disable default serial when xen-console is enabled
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 21 Nov 2023 15:26:43 +0000 (10:26 -0500)]
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- Fix graph lock related deadlocks with the stream job
- ahci: Fix legacy software reset
- ide/via: Fix switch between compatibility and native mode
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmVcmYoRHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9YDzw/7BD6wZpyCsDbFu9Jbt0L894tYQls7otnR
# yeAIaZVqSkDcMK8VBD/xAjV8UgX194oKPi42CDgS73avd0cSHLIM5cNgGkwCrMWS
# ry5uuOP6EWVMPPR/129cpH8uGvkl+qwCQf5gB13/8NvMbeN2mHOTC6WW+VA20vb0
# V0DJXhYszVzXa3L1a/m6f4Jwj54tTeZ56JcBblL3wi/soklb45gsnPJaHeGb3rzK
# yjPkw+kpVXTVbpacobGmzmjlD3Yqk69NexP2kyU1w2lqPnemYPH+9sa+7RxMspkj
# InQvqq6TFtMOrC/65/527p2ENRUOxn7Xwsa1+Hnar2i3BoyGugWE8GPxJDBxAWW4
# INJtpxIpiA7Scd26VBCNVstVe5EuyxkP97T85cgNUMgeE58y3i51i6eHd4GUIR7v
# PNc5TsSbnVV8sQ7RsXka4hRyjndIPRB0CBePydDoBz6zaGmcVU6ep0Oppah9gVu9
# CU0dBz2jV0r1dFhU1eZkCbd1ufdR93R/iD3gBD4vj1xSL3l+9OE/FKdrVE66uElL
# iAsHp3cimkPuWAx/jZaeAC7BDI0XS6s1TimddqJx90f2mZjkq8cmVp+HoVNP0jRQ
# VP6AIQy6is+P4QtDSekgXVJE8K95ngBzsr+ittR8jF4q67QzHVjLmJ9ZBXyrowlz
# gtZTy2WPxbM=
# =8dXj
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 06:50:34 EST
# gpg: using RSA key
DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg: issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
hw/ide/via: implement legacy/native mode switching
ide/via: don't attempt to set default BAR addresses
ide/pci: introduce pci_ide_update_mode() function
ide/ioport: move ide_portio_list[] and ide_portio_list2[] definitions to IDE core
iotests: Test two stream jobs in a single iothread
stream: Fix AioContext locking during bdrv_graph_wrlock()
block: Fix deadlocks in bdrv_graph_wrunlock()
block: Fix bdrv_graph_wrlock() call in blk_remove_bs()
hw/ide/ahci: fix legacy software reset
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Richard Henderson [Tue, 14 Nov 2023 20:13:29 +0000 (12:13 -0800)]
linux-user: Fix loaddr computation for some elf files
The file offset of the load segment is not relevant to the
low address, only the beginning of the virtual address page.
Cc: qemu-stable@nongnu.org
Fixes:
a93934fecd4 ("elf: take phdr offset into account when calculating the program load address")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1952
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Mark Cave-Ayland [Thu, 16 Nov 2023 10:33:55 +0000 (10:33 +0000)]
hw/ide/via: implement legacy/native mode switching
Allow the VIA IDE controller to switch between both legacy and native modes by
calling pci_ide_update_mode() to reconfigure the device whenever PCI_CLASS_PROG
is updated.
This patch moves the initial setting of PCI_CLASS_PROG from via_ide_realize() to
via_ide_reset(), and removes the direct setting of PCI_INTERRUPT_PIN during PCI
bus reset since this is now managed by pci_ide_update_mode(). This ensures that
the device configuration is always consistent with respect to the currently
selected mode.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-ID: <
20231116103355.588580-5-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Mark Cave-Ayland [Thu, 16 Nov 2023 10:33:54 +0000 (10:33 +0000)]
ide/via: don't attempt to set default BAR addresses
The via-ide device currently attempts to set the default BAR addresses to the
values shown in the datasheet, but this doesn't work for 2 reasons: firstly
BARS 1-4 do not set the bottom 2 bits to PCI_BASE_ADDRESS_SPACE_IO, and
secondly the initial PCI bus reset clears the values of all PCI device BARs
after the device itself has been reset.
Remove the setting of the default BAR addresses from via_ide_reset() to ensure
there is no doubt that these values are never exposed to the guest.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-ID: <
20231116103355.588580-4-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Mark Cave-Ayland [Thu, 16 Nov 2023 10:33:53 +0000 (10:33 +0000)]
ide/pci: introduce pci_ide_update_mode() function
This function reads the value of the PCI_CLASS_PROG register for PCI IDE
controllers and configures the PCI BARs and/or IDE ioports accordingly.
In the case where we switch to legacy mode, the PCI BARs are set to return zero
(as suggested in the "PCI IDE Controller" specification), the legacy IDE ioports
are enabled, and the PCI interrupt pin cleared to indicate legacy IRQ routing.
Conversely when we switch to native mode, the legacy IDE ioports are disabled
and the PCI interrupt pin set to indicate native IRQ routing. The contents of
the PCI BARs are unspecified, but this is not an issue since if a PCI IDE
controller has been switched to native mode then its BARs will need to be
programmed.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-ID: <
20231116103355.588580-3-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Mark Cave-Ayland [Thu, 16 Nov 2023 10:33:52 +0000 (10:33 +0000)]
ide/ioport: move ide_portio_list[] and ide_portio_list2[] definitions to IDE core
These definitions are present in ioport.c which is currently only available when
CONFIG_IDE_ISA is enabled. Move them to the IDE core so that they can be made
available to PCI IDE controllers that support switching to legacy mode.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-ID: <
20231116103355.588580-2-mark.cave-ayland@ilande.co.uk>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 15 Nov 2023 17:20:12 +0000 (18:20 +0100)]
iotests: Test two stream jobs in a single iothread
This tests two parallel stream jobs that will complete around the same
time and run on two different disks in the same iothreads. It is loosely
based on the bug report at https://issues.redhat.com/browse/RHEL-1761.
For me, this test hangs reliably with the originally reported bug in
blk_remove_bs(). After fixing it, it intermittently hangs for the bugs
fixed after it, missing AioContext unlocking in bdrv_graph_wrunlock()
and in stream_prepare(). The deadlocks seem to happen more frequently
when the test directory is on tmpfs.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20231115172012.112727-5-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 15 Nov 2023 17:20:11 +0000 (18:20 +0100)]
stream: Fix AioContext locking during bdrv_graph_wrlock()
In stream_prepare(), we need to temporarily drop the AioContext lock
that job_prepare_locked() took for us while calling the graph write lock
functions which can poll.
All block nodes related to this block job are in the same AioContext, so
we can pass any of them to bdrv_graph_wrlock()/ bdrv_graph_wrunlock().
Unfortunately, the one that we picked is base, which can be NULL - and
in this case the AioContext lock is not released and deadlocks can
occur.
Fix this by passing s->target_bs, which is never NULL.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20231115172012.112727-4-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 15 Nov 2023 17:20:10 +0000 (18:20 +0100)]
block: Fix deadlocks in bdrv_graph_wrunlock()
bdrv_graph_wrunlock() calls aio_poll(), which may run callbacks that
have a nested event loop. Nested event loops can depend on other
iothreads making progress, so in order to allow them to make progress it
must not hold the AioContext lock of another thread while calling
aio_poll().
This introduces a @bs parameter to bdrv_graph_wrunlock() whose
AioContext is temporarily dropped (which matches bdrv_graph_wrlock()),
and a bdrv_graph_wrunlock_ctx() that can be used if the BlockDriverState
doesn't necessarily exist any more when unlocking.
This also requires a change to bdrv_schedule_unref(), which was relying
on the incorrectly taken lock. It needs to take the lock itself now.
While this is a separate bug, it can't be fixed a separate patch because
otherwise the intermediate state would either deadlock or try to release
a lock that we don't even hold.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20231115172012.112727-3-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[kwolf: Fixed up bdrv_schedule_unref()]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 15 Nov 2023 17:20:09 +0000 (18:20 +0100)]
block: Fix bdrv_graph_wrlock() call in blk_remove_bs()
While not all callers of blk_remove_bs() are correct in this respect,
the assumption in the function is that callers hold the AioContext lock
of the BlockBackend (this is required by the drain calls in it).
In order to avoid deadlock in the nested event loop, bdrv_graph_wrlock()
has then to be called with the root BlockDriverState as its parameter
instead of NULL, so that this AioContext lock is temporarily dropped.
Fixes: https://issues.redhat.com/browse/RHEL-1761
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20231115172012.112727-2-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Niklas Cassel [Wed, 8 Nov 2023 22:26:57 +0000 (23:26 +0100)]
hw/ide/ahci: fix legacy software reset
Legacy software contains a standard mechanism for generating a reset to a
Serial ATA device - setting the SRST (software reset) bit in the Device
Control register.
Serial ATA has a more robust mechanism called COMRESET, also referred to
as port reset. A port reset is the preferred mechanism for error
recovery and should be used in place of software reset.
Commit
e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
improved the handling of PxCI, such that PxCI gets cleared after handling
a non-NCQ, or NCQ command (instead of incorrectly clearing PxCI after
receiving anything - even a FIS that failed to parse, which should NOT
clear PxCI, so that you can see which command slot that caused an error).
However, simply clearing PxCI after a non-NCQ, or NCQ command, is not
enough, we also need to clear PxCI when receiving a SRST in the Device
Control register.
A legacy software reset is performed by the host sending two H2D FISes,
the first H2D FIS asserts SRST, and the second H2D FIS deasserts SRST.
The first H2D FIS will not get a D2H reply, and requires the FIS to have
the C bit set to one, such that the HBA itself will clear the bit in PxCI.
The second H2D FIS will get a D2H reply once the diagnostic is completed.
The clearing of the bit in PxCI for this command should ideally be done
in ahci_init_d2h() (if it was a legacy software reset that caused the
reset (a COMRESET does not use a command slot)). However, since the reset
value for PxCI is 0, modify ahci_reset_port() to actually clear PxCI to 0,
that way we can avoid complex logic in ahci_init_d2h().
This fixes an issue for FreeBSD where the device would fail to reset.
The problem was not noticed in Linux, because Linux uses a COMRESET
instead of a legacy software reset by default.
Fixes:
e2a5d9b3d9c3 ("hw/ide/ahci: simplify and document PxCI handling")
Reported-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Message-ID: <
20231108222657.117984-1-nks@flawful.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
David Woodhouse [Thu, 9 Nov 2023 15:21:13 +0000 (15:21 +0000)]
hw/xen: clean up xen_block_find_free_vdev() to avoid Coverity false positive
Coverity couldn't see that nr_existing was always going to be zero when
qemu_xen_xs_directory() returned NULL in the ENOENT case (CID
1523906).
Perhaps more to the point, neither could Peter at first glance. Improve
the code to hopefully make it clearer to Coverity and human reviewers
alike.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
David Woodhouse [Thu, 9 Nov 2023 11:23:54 +0000 (11:23 +0000)]
vl: disable default serial when xen-console is enabled
If a Xen console is configured on the command line, do not add a default
serial port.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Stefan Hajnoczi [Tue, 21 Nov 2023 11:25:14 +0000 (06:25 -0500)]
Merge tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu into staging
UI: fixes for 8.2-rc1
# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmVciOwcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5VtiD/oDEfDSwTxkAD6TMFoY
# n2XlzrElTAwYl0lgzzWHrdfoR2vtplIz3gK7u7MCa+rjUMowZbV3EBrMYDMoMWVU
# NkuUeSZsHYuXjaKt/nCqnmxklmq0tGN9NOwdOD1V++u257qbkUSl2w7/K0xEohAs
# NAeF3wWoCArQyjLD4K6LVsMe9IMrOP1VyGYrKBKQ91xpsuagkrjJt8RnO9MwodNs
# 8a65HRKq7HPXvMqZF7v4HgZ2pa1vrWZv4zVTraUBHaW9XpdIoiAd2+WeshjuawhO
# G6nQFpHVnQb8FBLrg+f5RItH+CjxhGvBa4DZmuGl1Y3s/fXN2N5QpUNIBqhgtE4P
# fZ+iXIpyE8sqj0TThnusszgBGWKadVjQJ8nVEVTKHzXtIa2mthF2MyY/EgnR4zQa
# 0H0YiE0SXYvoHxaErkvAfdt75OH0JBhiDcclFb1axFY2dhcgMuM7q7CR5HeO4fRd
# UEvLb8K7TLPtBGBxH5Z9z+ecxN6jIIqetosbbWFAfuIbd+at64AMh2N/MYZk2Chy
# 7E6ZGqNb8htOo2R5MitijpTm48vTs0gGjmyq7RHifG/yDHSUrPLrOgDkSC3IKY7y
# Xc9aK6fqm0l6LTLDbmZhM/znoc/1TErw/T3S4rqky0wvFTpuhP29vwd8WuyQ1ZpS
# viNCue6q0tScUz179wKEfYfyag==
# =o08n
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 05:39:40 EST
# gpg: using RSA key
87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* tag 'ui-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
ui/pixman-minimal.h: fix empty allocation
vl: add missing display_remote++
ui/console: fix default VC when there are no display
ui: use "vc" chardev for dbus, gtk & spice-app
vl: revert behaviour for -display none
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 21 Nov 2023 11:24:53 +0000 (06:24 -0500)]
Merge tag 'pull-target-arm-
20231121' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* enable FEAT_RNG on Neoverse-N2
* hw/intc/arm_gicv3: ICC_PMR_EL1 high bits should be RAZ
* Fix SME FMOPA (16-bit), BFMOPA
* hw/core/machine: Constify MachineClass::valid_cpu_types[]
* stm32f* machines: Report error when user asks for wrong CPU type
* hw/arm/fsl-imx: Do not ignore Error argument
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmVchLYZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3kHMD/47tKxzrsXc6+V9esRQGi2H
# 1hAgLBwglEdxLXokF+Di41sh/fvK7wYVXO/hiWlq+9h3kG3D/u1N5r1TdMPMUb9j
# 4Sg3rOejn7nzkxVZ6MZ/K/1j84C9bfrt4sboVHZVRvWuvbiyuTuivEr4IqLYO4x3
# AIwhFMQ5gbNrmClZh/DBxj0keO13cp63Fg2JSSICdi+1Dw9rRXTyhJloMu1omeqc
# k/BXzjSeNXpLSMyGWBR3uaPcJBaGC1xnz3Z1V7fUY1EYD2Cu1oo5lEZ9aNO5t30d
# XW/qVGLa3b1Cb7WuEO247RnU3N2oZotozjFtdj/8IQoYWspM9RHyipEimUlegVdO
# 3fpu8QGsN1ljNiwjdk0i6OwS7SGxcPtteFOaqEf/Yogj4EOKTn/Rx5TT4vJ5DhmI
# 2w/9J15JWDIE1paNwecuFWbxCOOzSsOtSxzuyLSZDU3GlNfJ4zoF6YboROLYfejy
# NXZABFhGd/0ykX7r0VY1GGYXUQ+akv6q+VDmVZCP9gMiRUiqmFPwMLMLlcuHb8G5
# 8UztN5SvOG2EYXj28Zx0BnGCNiGdI15rWMb0veqAtbnn3yEdltW3O475BAhZ0PB7
# OVpLWnXwmWURm/BGlwb1PH5s3kgWgzOebcBgcnCftwFQ8EedQAQDA5FmT+nK5SfV
# VoOf89PngTubU6B3BOfeBw==
# =thIa
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 05:21:42 EST
# gpg: using RSA key
E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-
20231121' of https://git.linaro.org/people/pmaydell/qemu-arm:
hw/arm/fsl-imx: Do not ignore Error argument
hw/arm/stm32f100: Report error when incorrect CPU is used
hw/arm/stm32f205: Report error when incorrect CPU is used
hw/arm/stm32f405: Report error when incorrect CPU is used
hw/core/machine: Constify MachineClass::valid_cpu_types[]
target/arm: Fix SME FMOPA (16-bit), BFMOPA
hw/intc/arm_gicv3: ICC_PMR_EL1 high bits should be RAZ
target/arm: enable FEAT_RNG on Neoverse-N2
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 21 Nov 2023 11:24:28 +0000 (06:24 -0500)]
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
# Version: GnuPG v1
#
# iQEcBAABAgAGBQJlXF+GAAoJEO8Ells5jWIROT0H/RGk64ds4eiKskWxwG9p8K8s
# wCLdgadf/PRnKmMLR3i5gMX87Db83nUtX/tEgoNxSGuvTdK/JRuqf2oMLv5AOF27
# 6573reJW1z0Ho9Se5JW+DPI18hX7YzqwyJQ9QslGOSRXJb20O4iC2rICfI8MeFsW
# tBTsBcJ4qwsVK4nqY/3Tz57lhZLF2xYZtdgvxS4urqg/PrcbAMq8SSB8cq7tjUUs
# sgDMQQx4n/r8wlBJE1nnvF/NxtLyTj/rrS9J1rF7ztp/suea/vHxM3t9vTqjLSlY
# TyFORcfSCK2edp2+QwARJTTU9FlnuSwf28Pnm2lMQjp5HjBO20bpCBIWGQl6C9A=
# =T88Y
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 02:43:02 EST
# gpg: using RSA key
EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [full]
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
net: do not delete nics in net_cleanup()
net: Update MemReentrancyGuard for NIC
net: Provide MemReentrancyGuard * to qemu_new_nic()
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 21 Nov 2023 11:24:02 +0000 (06:24 -0500)]
Merge tag 'pull-ppc-
20231121' of https://github.com/legoater/qemu into staging
ppc queue:
* PNV I2C fixes
* VSX instruction fix when converting floating point to integer values
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmVcZ18ACgkQUaNDx8/7
# 7KG1GBAAopdIWc33pY1kaJlHxXDDtTxShWT384r62unPO0vaDtvmlLBvD0kTRIzk
# E6OcWeGS/L2D03nI127o5Y677koL20TlOpsR4fZdOwbQUSSVTMsLN5m8Rqvu4Ptx
# zA8t/Oio+RTxkZ1SHRuEQNC5EWzFklm5R95zyvLEAbMdJ44thlXyo9KgWe8XoBBV
# tkreEzWvv4F4Nf7nZYnxvOIHsi/8No0bMMjBNGC/v+svpayuaWmsCP4/4vmVRYRP
# 28R6uMooo9xu0X6oBzqbAV6y6XFSP8pwsvVPd1yAbFhS3w2qw18VpWoMUl2UkVGx
# ZNNHjt3HPtGAEtnWAdvzVS8sFi929pHf2v5/h8gEhfZ2e4NVS1zJj3K3OqJgWfEB
# XjiIO4NF4gnbXKIlvZX8m5RqdtxbdKx7BVmJtlzJd7IDERRLe0cNSCZ06s/GcICi
# AHtxhyA5GGWs2HDQwkOimwDOholjjVbz/sIcHLCpm/jyxcdk9VwE6hBO/9nTcntg
# IaQ/kWHlbQgTNXNuFDBwiOMuEQ5G4bb6sdqH+CWZU/owFqgXHIlki7oneX6SB09T
# GUyVwScLWlspCJRpX/y4ubyfGB3ZqAQ9REita4YIMveDvNU83LS344MRrBpzQ+ZI
# 1yCoHdBsNUkpr9dN/uwkjDSBlDoyWJ2TAgQHsprNUD04ChML7Fs=
# =qx4p
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 21 Nov 2023 03:16:31 EST
# gpg: using RSA key
A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@redhat.com>" [unknown]
# gpg: aka "Cédric Le Goater <clg@kaod.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* tag 'pull-ppc-
20231121' of https://github.com/legoater/qemu:
ppc/pnv: Fix PNV I2C invalid status after reset
ppc/pnv: PNV I2C engines assigned incorrect XSCOM addresses
target/ppc: Fix bugs in VSX_CVT_FP_TO_INT and VSX_CVT_FP_TO_INT2 macros
ppc/pnv: Fix potential overflow in I2C model
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Tue, 21 Nov 2023 11:23:21 +0000 (06:23 -0500)]
Merge tag 'pull-loongarch-
20231121' of https://gitlab.com/gaosong/qemu into staging
fixes tcg_out_mov aborted.
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZVwXJgAKCRBAov/yOSY+
# 30HKBAC4+3oAaMqRDEBTlYT0oHmU3IVRv7Pkuht72YZ57qQwjq21jMpxRdeuAAT2
# McGzDIH/IbF0qG1HBako00jiwgGpx90aBU0KwOVgBjyjvUK2VXE268UoRs+WYVG/
# 7ljOHEnpvwJVTquAtDNFZIw0EFwiF75MP2rKvrSG8KmmrSu4hg==
# =oHNA
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 20 Nov 2023 21:34:14 EST
# gpg: using RSA key
B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF
* tag 'pull-loongarch-
20231121' of https://gitlab.com/gaosong/qemu:
tcg/loongarch64: Fix tcg_out_mov() Aborted
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Manos Pitsidianakis [Tue, 21 Nov 2023 09:38:39 +0000 (11:38 +0200)]
ui/pixman-minimal.h: fix empty allocation
In the minimal pixman API stub that is used when the real pixman
dependency is missing a NULL dereference happens when
virtio-gpu-rutabaga allocates a pixman image with bits = NULL and
rowstride_bytes = zero. A buffer of rowstride_bytes * height is
allocated which is NULL. However, in that scenario pixman calculates a
new stride value based on given width, height and format size.
This commit adds a helper function that performs the same logic as
pixman.
Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <
20231121093840.
2121195-1-manos.pitsidianakis@linaro.org>
Marc-André Lureau [Fri, 17 Nov 2023 11:15:13 +0000 (15:15 +0400)]
vl: add missing display_remote++
We should also consider -display vnc= as setting up a remote display,
and not attempt to add another default one.
The display_remote++ in qemu_setup_display() isn't necessary at this
point, but is there for completeness and further usages of the variable.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1988
Fixes: commit
484629fc81 ("vl: simplify display_remote logic ")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Marc-André Lureau [Wed, 8 Nov 2023 13:25:22 +0000 (17:25 +0400)]
ui/console: fix default VC when there are no display
When display is "none", we may still have remote displays (I think it
would be simpler if VNC/Spice were regular display btw). Return the
default VC then, and set them up to fix a regression when using remote
display and it used the TTY instead.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1989
Fixes: commit
1bec1cc0d ("ui/console: allow to override the default VC")
Reported-by: German Maglione <gmaglione@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Marc-André Lureau [Fri, 17 Nov 2023 10:55:07 +0000 (14:55 +0400)]
ui: use "vc" chardev for dbus, gtk & spice-app
Those display have their own implementation of "vc" chardev, which
doesn't use pixman. They also don't implement the width/height/cols/rows
options, so qemu_display_get_vc() should return a compatible argument.
This patch was meant to be with the pixman series, when the "vc" field
was introduced. It fixes a regression where VC are created on the
tty (or null) instead of the display own "vc" implementation.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Marc-André Lureau [Fri, 17 Nov 2023 14:03:16 +0000 (18:03 +0400)]
vl: revert behaviour for -display none
Commit
1bec1cc0d ("ui/console: allow to override the default VC") changed
the behaviour of the "-display none" option, so that it now creates a
QEMU monitor on the terminal. "-display none" should not be tangled up
with whether we create a monitor or a serial terminal; it should purely
and only disable the graphical window. Changing its behaviour like this
breaks command lines which, for example, use semihosting for their
output and don't want a graphical window, as they now get a monitor they
never asked for.
It also breaks the command line we document for Xen in
docs/system/i386/xen.html:
$ ./qemu-system-x86_64 --accel kvm,xen-version=0x40011,kernel-irqchip=split \
-display none -chardev stdio,mux=on,id=char0,signal=off -mon char0 \
-device xen-console,chardev=char0 -drive file=${GUEST_IMAGE},if=xen
qemu-system-x86_64: cannot use stdio by multiple character devices
qemu-system-x86_64: could not connect serial device to character backend
'stdio'
When qemu is compiled without PIXMAN, by default the serials aren't
muxed with the monitor anymore on stdio. The serials are redirected to
"null" instead, and the monitor isn't set up.
Fixes: commit
1bec1cc0d ("ui/console: allow to override the default VC")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: David Woodhouse <dwmw@amazon.co.uk>
David Woodhouse [Wed, 15 Nov 2023 17:24:35 +0000 (17:24 +0000)]
net: do not delete nics in net_cleanup()
In net_cleanup() we only need to delete the netdevs, as those may have
state which outlives Qemu when it exits, and thus may actually need to
be cleaned up on exit.
The nics, on the other hand, are owned by the device which created them.
Most devices don't bother to clean up on exit because they don't have
any state which will outlive Qemu... but XenBus devices do need to clean
up their nodes in XenStore, and do have an exit handler to delete them.
When the XenBus exit handler destroys the xen-net-device, it attempts
to delete its nic after net_cleanup() had already done so. And crashes.
Fix this by only deleting netdevs as we walk the list. As the comment
notes, we can't use QTAILQ_FOREACH_SAFE() as each deletion may remove
*multiple* entries, including the "safely" saved 'next' pointer. But
we can store the *previous* entry, since nics are safe.
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Akihiko Odaki [Thu, 1 Jun 2023 03:18:59 +0000 (12:18 +0900)]
net: Update MemReentrancyGuard for NIC
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
This implementation follows what bottom half does, but it does not add
a tracepoint for the case that the network device backend started
delivering a packet to a device which is already engaging in I/O. This
is because such reentrancy frequently happens for
qemu_flush_queued_packets() and is insignificant.
Fixes: CVE-2023-3019
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Akihiko Odaki [Thu, 1 Jun 2023 03:18:58 +0000 (12:18 +0900)]
net: Provide MemReentrancyGuard * to qemu_new_nic()
Recently MemReentrancyGuard was added to DeviceState to record that the
device is engaging in I/O. The network device backend needs to update it
when delivering a packet to a device.
In preparation for such a change, add MemReentrancyGuard * as a
parameter of qemu_new_nic().
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Jason Wang <jasowang@redhat.com>
OSDN Git Service
