Experimental fork of QEMU with video encoding patches https://git.openslx.org/bwlp/qemu.git/atom/hw/pci?h=spice_video_codecs 2022-11-07T19:08:17+00:00 2022-11-07T19:08:17+00:00 Akihiko Odaki 2022-08-29T08:35:24+00:00 urn:sha1:15377f6e79cc6aa08dbafe82607e0bda13ca44b5 There were several different ways to deal with the situation where the vector specified for a msix function is out of bound: - early return a function and keep progresssing - propagate the error to the caller - mark msix unusable - assert it is in bound - just ignore An out-of-bound vector should not be specified if the device implementation is correct so let msix functions always assert that the specified vector is in range. An exceptional case is virtio-pci, which allows the guest to configure vectors. For virtio-pci, it is more appropriate to introduce its own checks because it is sometimes too late to check the vector range in msix functions. Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com> Message-Id: <20220829083524.143640-1-akihiko.odaki@daynix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Yuval Shaia <yuval.shaia.ml@gmail.com> Signed-off-by: Akihiko Odaki &lt;<a href="mailto:akihiko.odaki@daynix.com" target="_blank">akihiko.odaki@daynix.com</a>&gt;<br> 2022-11-07T18:12:19+00:00 Huai-Cheng Kuo 2022-10-14T15:10:41+00:00 urn:sha1:5fb52f6cc8f621f2e51d181d81401d14e4d45102 Emulation of PCIe Data Object Exchange (DOE) PCIE Base Specification r6.0 6.3 Data Object Exchange Supports multiple DOE PCIe Extended Capabilities for a single PCIe device. For each capability, a static array of DOEProtocol should be passed to pcie_doe_init(). The protocols in that array will be registered under the DOE capability structure. For each protocol, vendor ID, type, and corresponding callback function (handle_request()) should be implemented. This callback function represents how the DOE request for corresponding protocol will be handled. pcie_doe_{read/write}_config() must be appended to corresponding PCI device's config_read/write() handler to enable DOE access. In pcie_doe_read_config(), false will be returned if pci_config_read() offset is not within DOE capability range. In pcie_doe_write_config(), the function will have no affect if the address is not within the related DOE PCIE extended capability. Signed-off-by: Huai-Cheng Kuo <hchkuo@avery-design.com.tw> Signed-off-by: Chris Browy <cbrowy@avery-design.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20221014151045.24781-2-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> 2022-06-29T23:19:40+00:00 Richard Henderson 2022-06-29T23:19:40+00:00 urn:sha1:621745c4f349ac09b72706c46febee983abca916 trivial patches pull request 20220629 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmK8FmsSHGxhdXJlbnRA # dml2aWVyLmV1AAoJEPMMOL0/L7482EkP/19M/AAUkGqIdU9Dj7H46r+LEKtrT7Xu # jNRDDrkhVQvx42mklSB+fO/ptMKUDgxvLs4mnuZFxM7SrTOb4h5jfZzyYjk73ENQ # YZ/TLxRtxAfRCcGwso7NGyk85mwt+sBFKZXfW6qsfc9AjDphLUOblfSieeFegz69 # BUtzbMOPSMR7e54y6azJX3gCkxLytSXYgk4otSLTrL233sT7pnwPRdxKGzCTA5vs # fRxKb4p/R05lWepcjrL2d2lB1TabsV0kqmNkHDvubVWlgyoK3Vt/1dzD1UP7CrvF # WghlZWmxCHrmLlBb+VSDUa22kpfv5fi/feauuug+dya+s1Mlq8HZTL8VtjUJHwLL # 92xRPeP/RfEJdoQDuMKXP9DWAAYM03HGgR37cE5NMDCyHG0XRKOJ+i2P7DQLVDjW # QyWX6bX1WV6FovdwwMnZR9OclvKtsZnb1jlfj+G2DdKXpLliDH6DkFm8mPQTM1L7 # w53iMtK88erEc+NP6+fPbbZmySvDVUcLmcTiBceZK6Vjo4oTGNrAWP+VgjBTJaz+ # 71ulkJ6vo39ZnEQOUlWrL/yW+8sQNaeO1tO67HZZ8dgTvAnPwyvKq88jSMzGCNpz # Wpcf4yVAEvU+fP3KkEaqQqmQeK/Vc+H6044O00tcLVICkpCdN/FwRjgfZanX9CIJ # xQjxW5mkb1Z3 # =fgtJ # -----END PGP SIGNATURE----- # gpg: Signature made Wed 29 Jun 2022 02:37:55 PM +0530 # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [undefined] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [undefined] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * tag 'trivial-branch-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu: hw/i386/xen/xen-hvm: Inline xen_piix_pci_write_config_client() and remove it hw/i386/xen/xen-hvm: Allow for stubbing xen_set_pci_link_route() hw/ide/atapi.c: Correct typos (CD-CDROM -> CD-ROM) common-user: Only compile the common user code if have_user is set hw/pci-host/i440fx: Remove unused parameter from i440fx_init() MAINTAINERS: Add softmmu/runstate.c to "Main loop" trivial typos: namesapce Trivial: 3 char repeat typos util: Return void on iova_tree_remove qom/object: Remove circular include dependency vga: avoid crash if no default vga card Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2022-06-28T09:06:02+00:00 Dr. David Alan Gilbert 2022-06-14T10:40:44+00:00 urn:sha1:118d4ed0453c325828e3678608cf32fd9c4a8c49 Inspired by Julia Lawall's fixing of Linux kernel comments, I looked at qemu, although I did it manually. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Message-Id: <20220614104045.85728-2-dgilbert@redhat.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu> 2022-06-27T22:53:18+00:00 Jagannathan Raman 2022-06-23T15:38:44+00:00 urn:sha1:71e3d004824724fe55cd1c4dba34477361a38319 MSI supports a maximum of PCI_MSI_VECTORS_MAX vectors - from 0 to PCI_MSI_VECTORS_MAX - 1. msi_set_mask() was previously using PCI_MSI_VECTORS_MAX as the upper limit for MSI vectors. Fix the upper limit to PCI_MSI_VECTORS_MAX - 1. Fixes: Coverity CID 1490141 Fixes: 08cf3dc61199 vfio-user: handle device interrupts Signed-off-by: Jagannathan Raman <jag.raman@oracle.com> Message-Id: <20220623153844.7367-1-jag.raman@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> 2022-06-15T15:43:42+00:00 Jagannathan Raman 2022-06-13T20:26:33+00:00 urn:sha1:08cf3dc611991e9697f62458107e13f2c582869a Forward remote device's interrupts to the guest Signed-off-by: Elena Ufimtseva <elena.ufimtseva@oracle.com> Signed-off-by: John G Johnson <john.g.johnson@oracle.com> Signed-off-by: Jagannathan Raman <jag.raman@oracle.com> Message-id: 9523479eaafe050677f4de2af5dd0df18c27cfd9.1655151679.git.jag.raman@oracle.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> 2022-06-11T01:15:34+00:00 Richard Henderson 2022-06-11T01:15:34+00:00 urn:sha1:30796f556790631c86c733ab06756981be0e1def virtio,pc,pci: fixes,cleanups,features more CXL patches VIOT Igor's huge AML rework fixes, cleanups all over the place Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmKj4YcPHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRpkNcIAKTsMfUVueTjelC2RwIdegQkypycKhCweKzc # QxddaEr0w+N2164byT3IUy9h53hV3qAAmMuGE4d8B2r5rykf+SwDfIeNmHNqntnA # oLraXIxSSAf4/1cTsRCVL/BXo2E9P+WHI3huw37HClmPLdyMjQa1AtpTpKnIsbmO # sBZf7t5yHDJ2WGZwBQ1IbAxvsdGo1fa1TCt1jZ9g1dmnQSTteQG8DHkGoRnkwTi7 # 510jb0e8uQEgKytCdLTHqESHlfgjvoI73OFOAR2dzTKy6KelFmdLYSo2FtsIdtT5 # 1fZNaDjtl6zQ4b2iLBgPpHtikKch9BzzhDMbCsq7FpvasZ8u2FE= # =LXG0 # -----END PGP SIGNATURE----- # gpg: Signature made Fri 10 Jun 2022 05:27:51 PM PDT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (53 commits) hw/vhost-user-scsi|blk: set `supports_config` flag correctly hw/virtio/vhost-user: don't use uninitialized variable tests/acpi: virt: update golden masters for VIOT hw/acpi/viot: sort VIOT ACPI table entries by PCI host bridge min_bus tests/acpi: virt: allow VIOT acpi table changes hw/acpi/viot: build array of PCI host bridges before generating VIOT ACPI table hw/acpi/viot: move the individual PCI host bridge entry generation to a new function hw/acpi/viot: rename build_pci_range_node() to enumerate_pci_host_bridges() hw/cxl: Fix missing write mask for HDM decoder target list registers pci: fix overflow in snprintf string formatting hw/machine: Drop cxl_supported flag as no longer useful hw/cxl: Move the CXLState from MachineState to machine type specific state. tests/acpi: Update q35/CEDT.cxl for new memory addresses. pci/pci_expander_bridge: For CXL HB delay the HB register memory region setup. tests/acpi: Allow modification of q35 CXL CEDT table. hw/cxl: Push linking of CXL targets into i386/pc rather than in machine.c hw/acpi/cxl: Pass in the CXLState directly rather than MachineState hw/cxl: Make the CXL fixed memory window setup a machine parameter. x86: acpi-build: do not include hw/isa/isa.h directly tests: acpi: update expected DSDT.tis.tpm2/DSDT.tis.tpm12 blobs ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org> 2022-06-09T23:32:49+00:00 Claudio Fontana 2022-05-31T11:47:07+00:00 urn:sha1:36f18c6989a3d1ff1d7a0e50b0868ef3958299b4 the code in pcibus_get_fw_dev_path contained the potential for a stack buffer overflow of 1 byte, potentially writing to the stack an extra NUL byte. This overflow could happen if the PCI slot is >= 0x10000000, and the PCI function is >= 0x10000000, due to the size parameter of snprintf being incorrectly calculated in the call: if (PCI_FUNC(d->devfn)) snprintf(path + off, sizeof(path) + off, ",%x", PCI_FUNC(d->devfn)); since the off obtained from a previous call to snprintf is added instead of subtracted from the total available size of the buffer. Without the accurate size guard from snprintf, we end up writing in the worst case: name (32) + "@" (1) + SLOT (8) + "," (1) + FUNC (8) + term NUL (1) = 51 bytes In order to provide something more robust, replace all of the code in pcibus_get_fw_dev_path with a single call to g_strdup_printf, so there is no need to rely on manual calculations. Found by compiling QEMU with FORTIFY_SOURCE=3 as the error: *** buffer overflow detected ***: terminated Thread 1 "qemu-system-x86" received signal SIGABRT, Aborted. [Switching to Thread 0x7ffff642c380 (LWP 121307)] 0x00007ffff71ff55c in __pthread_kill_implementation () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff71ff55c in __pthread_kill_implementation () at /lib64/libc.so.6 #1 0x00007ffff71ac6f6 in raise () at /lib64/libc.so.6 #2 0x00007ffff7195814 in abort () at /lib64/libc.so.6 #3 0x00007ffff71f279e in __libc_message () at /lib64/libc.so.6 #4 0x00007ffff729767a in __fortify_fail () at /lib64/libc.so.6 #5 0x00007ffff7295c36 in () at /lib64/libc.so.6 #6 0x00007ffff72957f5 in __snprintf_chk () at /lib64/libc.so.6 #7 0x0000555555b1c1fd in pcibus_get_fw_dev_path () #8 0x0000555555f2bde4 in qdev_get_fw_dev_path_helper.constprop () #9 0x0000555555f2bd86 in qdev_get_fw_dev_path_helper.constprop () #10 0x00005555559a6e5d in get_boot_device_path () #11 0x00005555559a712c in get_boot_devices_list () #12 0x0000555555b1a3d0 in fw_cfg_machine_reset () #13 0x0000555555bf4c2d in pc_machine_reset () #14 0x0000555555c66988 in qemu_system_reset () #15 0x0000555555a6dff6 in qdev_machine_creation_done () #16 0x0000555555c79186 in qmp_x_exit_preconfig.part () #17 0x0000555555c7b459 in qemu_init () #18 0x0000555555960a29 in main () Found-by: Dario Faggioli <Dario Faggioli <dfaggioli@suse.com> Found-by: Martin Liška <martin.liska@suse.com> Cc: qemu-stable@nongnu.org Signed-off-by: Claudio Fontana <cfontana@suse.de> Message-Id: <20220531114707.18830-1-cfontana@suse.de> Reviewed-by: Ani Sinha <ani@anisinha.ca> 2022-06-08T18:38:47+00:00 Peter Maydell 2022-06-08T18:38:47+00:00 urn:sha1:9323e79f10e5f5d8fffc3b307776173ca11faeae We have about 30 instances of the typo/variant spelling 'writeable', and over 500 of the more common 'writable'. Standardize on the latter. Change produced with: sed -i -e 's/\([Ww][Rr][Ii][Tt]\)[Ee]\([Aa][Bb][Ll][Ee]\)/\1\2/g' $(git grep -il writeable) and then hand-undoing the instance in linux-headers/linux/kvm.h. Most of these changes are in comments or documentation; the exceptions are: * a local variable in accel/hvf/hvf-accel-ops.c * a local variable in accel/kvm/kvm-all.c * the PMCR_WRITABLE_MASK macro in target/arm/internals.h * the EPT_VIOLATION_GPA_WRITABLE macro in target/i386/hvf/vmcs.h (which is never used anywhere) * the AR_TYPE_WRITABLE_MASK macro in target/i386/hvf/vmx.h (which is never used anywhere) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Weil <sw@weilnetz.de> Message-id: 20220505095015.2714666-1-peter.maydell@linaro.org 2022-05-13T11:57:26+00:00 Jonathan Cameron 2022-04-29T14:40:55+00:00 urn:sha1:aa970ed586f9c7f178b813bda2919e329b841e3c Simple function to search a PCIBus to find a port by it's port number. CXL interleave decoding uses the port number as a target so it is necessary to locate the port when doing interleave decoding. Signed-off-by: Jonathan Cameron <jonathan.cameron@huawei.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220429144110.25167-31-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>