summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.0-20200417' ↵Peter Maydell2020-04-203-61/+58Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging ppc patch queue for 2020-04-17 Here are a few late bugfixes for qemu-5.0 in the ppc target code. Unless some really nasty last minute bug shows up, I expect this to be the last ppc pull request for qemu-5.0. # gpg: Signature made Fri 17 Apr 2020 06:02:13 BST # gpg: using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392 # gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full] # gpg: aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full] # gpg: aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full] # gpg: aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown] # Primary key fingerprint: 75F4 6586 AE61 A66C C44E 87DC 6C38 CACA 20D9 B392 * remotes/dgibson/tags/ppc-for-5.0-20200417: target/ppc: Fix mtmsr(d) L=1 variant that loses interrupts target/ppc: Fix wrong interpretation of the disposition flag. linux-user/ppc: Fix padding in mcontext_t for ppc64 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * target/ppc: Fix mtmsr(d) L=1 variant that loses interruptsNicholas Piggin2020-04-171-19/+27
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If mtmsr L=1 sets MSR[EE] while there is a maskable exception pending, it does not cause an interrupt. This causes the test case to hang: https://lists.gnu.org/archive/html/qemu-ppc/2019-10/msg00826.html More recently, Linux reduced the occurance of operations (e.g., rfi) which stop translation and allow pending interrupts to be processed. This started causing hangs in Linux boot in long-running kernel tests, running with '-d int' shows the decrementer stops firing despite DEC wrapping and MSR[EE]=1. https://lists.ozlabs.org/pipermail/linuxppc-dev/2020-April/208301.html The cause is the broken mtmsr L=1 behaviour, which is contrary to the architecture. From Power ISA v3.0B, p.977, Move To Machine State Register, Programming Note states: If MSR[EE]=0 and an External, Decrementer, or Performance Monitor exception is pending, executing an mtmsrd instruction that sets MSR[EE] to 1 will cause the interrupt to occur before the next instruction is executed, if no higher priority exception exists Fix this by handling L=1 exactly the same way as L=0, modulo the MSR bits altered. The confusion arises from L=0 being "context synchronizing" whereas L=1 is "execution synchronizing", which is a weaker semantic. However this is not a relaxation of the requirement that these exceptions cause interrupts when MSR[EE]=1 (e.g., when mtmsr executes to completion as TCG is doing here), rather it specifies how a pipelined processor can have multiple instructions in flight where one may influence how another behaves. Cc: qemu-stable@nongnu.org Reported-by: Anton Blanchard <anton@ozlabs.org> Reported-by: Nathan Chancellor <natechancellor@gmail.com> Tested-by: Nathan Chancellor <natechancellor@gmail.com> Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Message-Id: <20200414111131.465560-1-npiggin@gmail.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Tested-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
| * target/ppc: Fix wrong interpretation of the disposition flag.Ganesh Goudar2020-04-171-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bitwise AND with kvm_run->flags to evaluate if we recovered from MCE or not is not correct, As disposition in kvm_run->flags is a two-bit integer value and not a bit map, So check for equality instead of bitwise AND. Without the fix qemu treats any unrecoverable mce error as recoverable and ends up in a mce loop inside the guest, Below are the MCE logs before and after the fix. Before fix: [ 66.775757] MCE: CPU0: Initiator CPU [ 66.775891] MCE: CPU0: Unknown [ 66.776587] MCE: CPU0: machine check (Harmless) Host UE Indeterminate [Recovered] [ 66.776857] MCE: CPU0: NIP: [c0080000000e00b8] mcetest_tlbie+0xb0/0x128 [mcetest_tlbie] After fix: [ 20.650577] CPU: 0 PID: 1415 Comm: insmod Tainted: G M O 5.6.0-fwnmi-arv+ #11 [ 20.650618] NIP: c0080000023a00e8 LR: c0080000023a00d8 CTR: c000000000021fe0 [ 20.650660] REGS: c0000001fffd3d70 TRAP: 0200 Tainted: G M O (5.6.0-fwnmi-arv+) [ 20.650708] MSR: 8000000002a0b033 <SF,VEC,VSX,EE,FP,ME,IR,DR,RI,LE> CR: 42000222 XER: 20040000 [ 20.650758] CFAR: c00000000000b940 DAR: c0080000025e00e0 DSISR: 00000200 IRQMASK: 0 [ 20.650758] GPR00: c0080000023a00d8 c0000001fddd79a0 c0080000023a8500 0000000000000039 [ 20.650758] GPR04: 0000000000000001 0000000000000000 0000000000000000 0000000000000007 [ 20.650758] GPR08: 0000000000000007 c0080000025e00e0 0000000000000000 00000000000000f7 [ 20.650758] GPR12: 0000000000000000 c000000001900000 c00000000101f398 c0080000025c052f [ 20.650758] GPR16: 00000000000003a8 c0080000025c0000 c0000001fddd7d70 c0000000015b7940 [ 20.650758] GPR20: 000000000000fff1 c000000000f72c28 c0080000025a0988 0000000000000000 [ 20.650758] GPR24: 0000000000000100 c0080000023a05d0 c0000000001f1d70 0000000000000000 [ 20.650758] GPR28: c0000001fde20000 c0000001fd02b2e0 c0080000023a0000 c0080000025e0000 [ 20.651178] NIP [c0080000023a00e8] mcetest_tlbie+0xe8/0xf0 [mcetest_tlbie] [ 20.651220] LR [c0080000023a00d8] mcetest_tlbie+0xd8/0xf0 [mcetest_tlbie] [ 20.651262] Call Trace: [ 20.651280] [c0000001fddd79a0] [c0080000023a00d8] mcetest_tlbie+0xd8/0xf0 [mcetest_tlbie] (unreliable) [ 20.651340] [c0000001fddd7a10] [c00000000001091c] do_one_initcall+0x6c/0x2c0 [ 20.651390] [c0000001fddd7af0] [c0000000001f7998] do_init_module+0x90/0x298 [ 20.651433] [c0000001fddd7b80] [c0000000001f61a8] load_module+0x1f58/0x27a0 [ 20.651476] [c0000001fddd7d40] [c0000000001f6c70] __do_sys_finit_module+0xe0/0x100 [ 20.651526] [c0000001fddd7e20] [c00000000000b9d0] system_call+0x5c/0x68 [ 20.651567] Instruction dump: [ 20.651594] e8410018 3c620000 e8638020 480000cd e8410018 3c620000 e8638028 480000bd [ 20.651646] e8410018 7be904e4 39400000 612900e0 <7d434a64> 4bffff74 3c4c0001 38428410 [ 20.651699] ---[ end trace 4c40897f016b4340 ]--- [ 20.653310] Bus error [ 20.655575] MCE: CPU0: machine check (Harmless) Host UE Indeterminate [Not recovered] [ 20.655575] MCE: CPU0: NIP: [c0080000023a00e8] mcetest_tlbie+0xe8/0xf0 [mcetest_tlbie] [ 20.655576] MCE: CPU0: Initiator CPU [ 20.655576] MCE: CPU0: Unknown Signed-off-by: Ganesh Goudar <ganeshgr@linux.ibm.com> Message-Id: <20200408170944.16003-1-ganeshgr@linux.ibm.com> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
| * linux-user/ppc: Fix padding in mcontext_t for ppc64Richard Henderson2020-04-171-40/+29Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The padding that was added in 95cda4c44ee was added to a union, and so it had no effect. This fixes misalignment errors detected by clang sanitizers for ppc64 and ppc64le. In addition, only ppc64 allocates space for VSX registers, so do not save them for ppc32. The kernel only has references to CONFIG_SPE in signal_32.c, so do not attempt to save them for ppc64. Fixes: 95cda4c44ee Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200407032105.26711-1-richard.henderson@linaro.org> Acked-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
* | Merge remote-tracking branch ↵Peter Maydell2020-04-201-1/+1
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/vivier2/tags/linux-user-for-5.0-pull-request' into staging Fix epoll_create1() for qemu-alpha # gpg: Signature made Thu 16 Apr 2020 16:28:15 BST # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * remotes/vivier2/tags/linux-user-for-5.0-pull-request: linux-user/syscall.c: add target-to-host mapping for epoll_create1() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | linux-user/syscall.c: add target-to-host mapping for epoll_create1()Sergei Trofimovich2020-04-161-1/+1
| |/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Noticed by Barnabás Virágh as a python-3.7 failue on qemu-alpha. The bug shows up on alpha as it's one of the targets where EPOLL_CLOEXEC differs from other targets: sysdeps/unix/sysv/linux/alpha/bits/epoll.h: EPOLL_CLOEXEC = 01000000 sysdeps/unix/sysv/linux/bits/epoll.h: EPOLL_CLOEXEC = 02000000 Bug: https://bugs.gentoo.org/717548 Reported-by: Barnabás Virágh Signed-off-by: Sergei Trofimovich <slyfox@gentoo.org> CC: Riku Voipio <riku.voipio@iki.fi> CC: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200415220508.5044-1-slyfox@gentoo.org> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* / block/iscsi:fix heap-buffer-overflow in iscsi_aio_ioctl_cbChen Qun2020-04-201-2/+1Star
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is an overflow, the source 'datain.data[2]' is 100 bytes, but the 'ss' is 252 bytes.This may cause a security issue because we can access a lot of unrelated memory data. The len for sbp copy data should take the minimum of mx_sb_len and sb_len_wr, not the maximum. If we use iscsi device for VM backend storage, ASAN show stack: READ of size 252 at 0xfffd149dcfc4 thread T0 #0 0xaaad433d0d34 in __asan_memcpy (aarch64-softmmu/qemu-system-aarch64+0x2cb0d34) #1 0xaaad45f9d6d0 in iscsi_aio_ioctl_cb /qemu/block/iscsi.c:996:9 #2 0xfffd1af0e2dc (/usr/lib64/iscsi/libiscsi.so.8+0xe2dc) #3 0xfffd1af0d174 (/usr/lib64/iscsi/libiscsi.so.8+0xd174) #4 0xfffd1af19fac (/usr/lib64/iscsi/libiscsi.so.8+0x19fac) #5 0xaaad45f9acc8 in iscsi_process_read /qemu/block/iscsi.c:403:5 #6 0xaaad4623733c in aio_dispatch_handler /qemu/util/aio-posix.c:467:9 #7 0xaaad4622f350 in aio_dispatch_handlers /qemu/util/aio-posix.c:510:20 #8 0xaaad4622f350 in aio_dispatch /qemu/util/aio-posix.c:520 #9 0xaaad46215944 in aio_ctx_dispatch /qemu/util/async.c:298:5 #10 0xfffd1bed12f4 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x512f4) #11 0xaaad46227de0 in glib_pollfds_poll /qemu/util/main-loop.c:219:9 #12 0xaaad46227de0 in os_host_main_loop_wait /qemu/util/main-loop.c:242 #13 0xaaad46227de0 in main_loop_wait /qemu/util/main-loop.c:518 #14 0xaaad43d9d60c in qemu_main_loop /qemu/softmmu/vl.c:1662:9 #15 0xaaad4607a5b0 in main /qemu/softmmu/main.c:49:5 #16 0xfffd1a460b9c in __libc_start_main (/lib64/libc.so.6+0x20b9c) #17 0xaaad43320740 in _start (aarch64-softmmu/qemu-system-aarch64+0x2c00740) 0xfffd149dcfc4 is located 0 bytes to the right of 100-byte region [0xfffd149dcf60,0xfffd149dcfc4) allocated by thread T0 here: #0 0xaaad433d1e70 in __interceptor_malloc (aarch64-softmmu/qemu-system-aarch64+0x2cb1e70) #1 0xfffd1af0e254 (/usr/lib64/iscsi/libiscsi.so.8+0xe254) #2 0xfffd1af0d174 (/usr/lib64/iscsi/libiscsi.so.8+0xd174) #3 0xfffd1af19fac (/usr/lib64/iscsi/libiscsi.so.8+0x19fac) #4 0xaaad45f9acc8 in iscsi_process_read /qemu/block/iscsi.c:403:5 #5 0xaaad4623733c in aio_dispatch_handler /qemu/util/aio-posix.c:467:9 #6 0xaaad4622f350 in aio_dispatch_handlers /qemu/util/aio-posix.c:510:20 #7 0xaaad4622f350 in aio_dispatch /qemu/util/aio-posix.c:520 #8 0xaaad46215944 in aio_ctx_dispatch /qemu/util/async.c:298:5 #9 0xfffd1bed12f4 in g_main_context_dispatch (/lib64/libglib-2.0.so.0+0x512f4) #10 0xaaad46227de0 in glib_pollfds_poll /qemu/util/main-loop.c:219:9 #11 0xaaad46227de0 in os_host_main_loop_wait /qemu/util/main-loop.c:242 #12 0xaaad46227de0 in main_loop_wait /qemu/util/main-loop.c:518 #13 0xaaad43d9d60c in qemu_main_loop /qemu/softmmu/vl.c:1662:9 #14 0xaaad4607a5b0 in main /qemu/softmmu/main.c:49:5 #15 0xfffd1a460b9c in __libc_start_main (/lib64/libc.so.6+0x20b9c) #16 0xaaad43320740 in _start (aarch64-softmmu/qemu-system-aarch64+0x2c00740) Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20200418062602.10776-1-kuhn.chenqun@huawei.com Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Update version for v5.0.0-rc3 releasePeter Maydell2020-04-151-1/+1
| | | | Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* vhost-user-gpu: Release memory returned by vu_queue_pop() with free()Philippe Mathieu-Daudé2020-04-152-3/+3
| | | | | | | | | | | vu_queue_pop() returns memory that must be freed with free(). Cc: qemu-stable@nongnu.org Reported-by: Coverity (CID 1421887 ALLOC_FREE_MISMATCH) Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2020-04-15-tag' ↵Peter Maydell2020-04-155-51/+73
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging qemu-ga patch queue for hard-freeze * enforce 48MB limit for guest-file-read to avoid memory allocation failures # gpg: Signature made Wed 15 Apr 2020 15:23:48 BST # gpg: using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584 # gpg: issuer "mdroth@linux.vnet.ibm.com" # gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full] # gpg: aka "Michael Roth <mdroth@utexas.edu>" [full] # gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full] # Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584 * remotes/mdroth/tags/qga-pull-2020-04-15-tag: qga: Restrict guest-file-read count to 48 MB to avoid crashes qga: Extract qmp_guest_file_read() to common commands.c qga: Extract guest_file_handle_find() to commands-common.h Revert "prevent crash when executing guest-file-read with large count" Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * qga: Restrict guest-file-read count to 48 MB to avoid crashesPhilippe Mathieu-Daudé2020-04-152-3/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On [*] Daniel Berrangé commented: The QEMU guest agent protocol is not sensible way to access huge files inside the guest. It requires the inefficient process of reading the entire data into memory than duplicating it again in base64 format, and then copying it again in the JSON serializer / monitor code. For arbitrary general purpose file access, especially for large files, use a real file transfer program or use a network block device, not the QEMU guest agent. To avoid bug reports as BZ#1594054 (CVE-2018-12617), follow his suggestion to put a low, hard limit on "count" in the guest agent QAPI schema, and don't allow count to be larger than 48 MB. [*] https://www.mail-archive.com/qemu-devel@nongnu.org/msg693176.html Fixes: CVE-2018-12617 Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1594054 Reported-by: Fakhri Zulkifli <mohdfakhrizulkifli@gmail.com> Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> *update schema documentation to indicate 48MB limit instead of 10MB Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
| * qga: Extract qmp_guest_file_read() to common commands.cPhilippe Mathieu-Daudé2020-04-154-36/+35Star
| | | | | | | | | | | | | | Extract the common code shared by both POSIX/Win32 implementations. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
| * qga: Extract guest_file_handle_find() to commands-common.hPhilippe Mathieu-Daudé2020-04-153-6/+26
| | | | | | | | | | | | | | | | As we are going to reuse this method, declare it in common header. Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
| * Revert "prevent crash when executing guest-file-read with large count"Philippe Mathieu-Daudé2020-04-151-7/+1Star
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As noted by Daniel Berrangé in [*], the fix from commit 807e2b6fce which replaced malloc() by try_malloc() is not enough, the process can still run out of memory a few line later: 346 buf = g_try_malloc0(count + 1); 347 if (!buf) { 348 error_setg(errp, 349 "failed to allocate sufficient memory " 350 "to complete the requested service"); 351 return NULL; 352 } 353 is_ok = ReadFile(fh, buf, count, &read_count, NULL); 354 if (!is_ok) { 355 error_setg_win32(errp, GetLastError(), "failed to read file"); 356 slog("guest-file-read failed, handle %" PRId64, handle); 357 } else { 358 buf[read_count] = 0; 359 read_data = g_new0(GuestFileRead, 1); ^^^^^^ Instead we are going to put a low hard limit on 'count' in the next commits. This reverts commit 807e2b6fce022707418bc8f61c069d91c613b3d2. [*] https://lists.gnu.org/archive/html/qemu-devel/2018-06/msg03471.html Suggested-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Michael Roth <mdroth@linux.vnet.ibm.com>
* Merge remote-tracking branch 'remotes/stsquad/tags/pull-more-fixes-150420-1' ↵Peter Maydell2020-04-1515-44/+57
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging More small fixes for rc3 - tweak docker FEATURE flags for document building - include sphinx configure check in config.log - disable PIE for Windows builds - fix /proc/self/stat handling - a number of gdbstub fixups following GByteArray conversion # gpg: Signature made Wed 15 Apr 2020 11:38:56 BST # gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full] # Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44 * remotes/stsquad/tags/pull-more-fixes-150420-1: gdbstub: Introduce gdb_get_float32() to get 32-bit float registers gdbstub: Do not use memset() on GByteArray gdbstub: i386: Fix gdb_get_reg16() parameter to unbreak gdb target/m68k/helper: Fix m68k_fpu_gdb_get_reg() use of GByteArray linux-user: fix /proc/self/stat handling configure: disable PIE for Windows builds configure: redirect sphinx-build check to config.log tests/docker: add docs FEATURE flag and use for test-misc Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * gdbstub: Introduce gdb_get_float32() to get 32-bit float registersPhilippe Mathieu-Daudé2020-04-152-4/+11
| | | | | | | | | | | | | | | | | | | | | | | | Since we now use a GByteArray, we can not use stfl_p() directly. Introduce the gdb_get_float32() helper to load a float32 register. Fixes: a010bdbe719 ("extend GByteArray to read register helpers") Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200414163853.12164-2-philmd@redhat.com> Message-Id: <20200414200631.12799-14-alex.bennee@linaro.org>
| * gdbstub: Do not use memset() on GByteArrayPhilippe Mathieu-Daudé2020-04-153-6/+12
| | | | | | | | | | | | | | | | | | | | | | Introduce gdb_get_zeroes() to fill a GByteArray with zeroes. Fixes: a010bdbe719 ("extend GByteArray to read register helpers") Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200414102427.7459-1-philmd@redhat.com> [AJB: used slightly more gliby set_size approach] Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200414200631.12799-13-alex.bennee@linaro.org>
| * gdbstub: i386: Fix gdb_get_reg16() parameter to unbreak gdbPeter Xu2020-04-151-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We should only pass in gdb_get_reg16() with the GByteArray* object itself, no need to shift. Without this patch, gdb remote attach will crash QEMU: (gdb) target remote :1234 Remote debugging using :1234 Remote communication error. Target disconnected.: Connection reset by peer. $ qemu-system-x86_64 -m 1G -smp 4 ... -s ERROR:qemu/gdbstub.c:1843:handle_read_all_regs: assertion failed: (len == gdbserver_state.mem_buf->len) Bail out! ERROR:qemu/gdbstub.c:1843:handle_read_all_regs: assertion failed: (len == gdbserver_state.mem_buf->len) Fixes: a010bdbe719 ("extend GByteArray to read register helpers") Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200409164954.36902-3-peterx@redhat.com> Message-Id: <20200414200631.12799-12-alex.bennee@linaro.org>
| * target/m68k/helper: Fix m68k_fpu_gdb_get_reg() use of GByteArrayPhilippe Mathieu-Daudé2020-04-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Since a010bdbe719 the gdbstub API takes a GByteArray*. Unfortunately we forgot to update the gdb_get_reg*() calls. Do it now. Fixes: a010bdbe719 ("extend GByteArray to read register helpers") Reported-by: Peter Xu <peterx@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Peter Xu <peterx@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200409172509.4078-1-philmd@redhat.com> Message-Id: <20200414200631.12799-11-alex.bennee@linaro.org>
| * linux-user: fix /proc/self/stat handlingAlex Bennée2020-04-151-24/+19Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In the original bug report long files names in Guix caused /proc/self/stat be truncated without the trailing ") " as specified in proc manpage which says: (2) comm %s The filename of the executable, in parentheses. This is visible whether or not the executable is swapped out. In the kernel this is currently done by do_task_stat calling proc_task_name() which uses a structure limited by TASK_COMM_LEN (16). Additionally it should only be reporting the executable name rather than the full path. Fix both these failings while cleaning up the code to use GString to build up the reported values. As the whole function is cleaned up also adjust the white space to the current coding style. Message-ID: <fb4c55fa-d539-67ee-c6c9-de8fb63c8488@inria.fr> Reported-by: Brice Goglin <Brice.Goglin@inria.fr> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200414200631.12799-10-alex.bennee@linaro.org>
| * configure: disable PIE for Windows buildsAlex Bennée2020-04-151-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | It seems on some compilers the test can pass but still give you broken binaries. Fixes: d2cd29e30736 Fixes: https://bugs.launchpad.net/qemu/+bug/1871798 Cc: Bug 1871798 <1871798@bugs.launchpad.net> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Howard Spoelstra <hsp.cat7@gmail.com> Tested-by: James Le Cuirot <chewi@aura-online.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200414200631.12799-9-alex.bennee@linaro.org>
| * configure: redirect sphinx-build check to config.logAlex Bennée2020-04-151-1/+3
| | | | | | | | | | | | | | | | | | Otherwise it's hard to debug whats going on. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200414200631.12799-8-alex.bennee@linaro.org>
| * tests/docker: add docs FEATURE flag and use for test-miscAlex Bennée2020-04-157-6/+8
|/ | | | | | | | | | | | | | | The test-misc docker test fails on a number of images which don't have the prerequisites to build the docs. Use the FEATURES flag so we can skip those tests. As the sphinx test fails to detect whatever feature we need to get hxtool to work we drop them from debian9 so the windows build doesn't attempt to build the docs. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200414200631.12799-7-alex.bennee@linaro.org>
* Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2020-04-143-3/+4
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bugfixes, and reworking of the atomics documentation. # gpg: Signature made Tue 14 Apr 2020 15:38:01 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: hax: Windows doesn't like posix device names tests: numa: test one backend with prealloc enabled hostmem: set default prealloc_threads to valid value Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * hax: Windows doesn't like posix device namesVolker Rümelin2020-04-141-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | Patch acb9f95a7c "i386: Fix GCC warning with snprintf when HAX is enabled" replaced Windows device names with posix device names. Revert this. Fixes: acb9f95a7c "i386: Fix GCC warning with snprintf when HAX is enabled" Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Message-Id: <20200322210211.29603-1-vr_qemu@t-online.de> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * tests: numa: test one backend with prealloc enabledIgor Mammedov2020-04-141-1/+1
| | | | | | | | | | | | | | | | | | Cannibalize one backend in the HMAT test to make sure that prealloc=y is tested. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20200325094423.24293-3-imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * hostmem: set default prealloc_threads to valid valueIgor Mammedov2020-04-141-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 4ebc74dbbf removed default prealloc_threads initialization by mistake, and that makes QEMU crash with division on zero at numpages_per_thread = numpages / memset_num_threads; when QEMU is started with following backend -object memory-backend-ram,id=ram-node0,prealloc=yes,size=128M Return back initialization removed by 4ebc74dbbf to fix issue. Fixes: 4ebc74dbbf7ad50e4101629f3f5da5fdc1544051 Reported-by: Raphael Norwitz <raphael.norwitz@nutanix.com> Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Message-Id: <20200325094423.24293-2-imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Merge remote-tracking branch ↵Peter Maydell2020-04-1414-41/+616
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 'remotes/pmaydell/tags/pull-target-arm-20200414' into staging patch queue: * Fix some problems that trip up Coverity's scanner * run-coverity-scan: New script automating the scan-and-upload process * docs: Improve our gdbstub documentation * configure: Honour --disable-werror for Sphinx * docs: Fix errors produced when building with Sphinx 3.0 * docs: Require Sphinx 1.6 or better * Add deprecation notice for KVM support on AArch32 hosts # gpg: Signature made Tue 14 Apr 2020 17:25:22 BST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20200414: Deprecate KVM support for AArch32 docs: Require Sphinx 1.6 or better kernel-doc: Use c:struct for Sphinx 3.0 and later scripts/kernel-doc: Add missing close-paren in c:function directives configure: Honour --disable-werror for Sphinx docs: Improve our gdbstub documentation scripts/coverity-scan: Add Docker support scripts/run-coverity-scan: Script to run Coverity Scan build linux-user/flatload.c: Use "" for include of QEMU header target_flat.h thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock() etc thread.h: Fix Coverity version of qemu_cond_timedwait() osdep.h: Drop no-longer-needed Coverity workarounds Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | Deprecate KVM support for AArch32Peter Maydell2020-04-141-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The Linux kernel has dropped support for allowing 32-bit Arm systems to host KVM guests (kernel commit 541ad0150ca4aa663a2, which just landed upstream in the 5.7 merge window). Mark QEMU's support for this configuration as deprecated, so that we can delete that support code in 5.2. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Andrew Jones <drjones@redhat.com>
| * | docs: Require Sphinx 1.6 or betterPeter Maydell2020-04-141-2/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Versions of Sphinx older than 1.6 can't build all of our documentation, because they are too picky about the syntax of the argument to the option:: directive; see Sphinx bugs #646, #3366: https://github.com/sphinx-doc/sphinx/issues/646 https://github.com/sphinx-doc/sphinx/issues/3366 Trying to build with a 1.4.x Sphinx fails with docs/system/images.rst:4: SEVERE: Duplicate ID: "cmdoption-qcow2-arg-encrypt" and a 1.5.x Sphinx fails with docs/system/invocation.rst:544: WARNING: Malformed option description '[enable=]PATTERN', should look like "opt", "-opt args", "--opt args", "/opt args" or "+opt args" Update our needs_sphinx setting to indicate that we require at least 1.6. This will allow configure to fall back to "don't build the docs" rather than causing the build to fail entirely, which is probably what most users building on a host old enough to have such an old Sphinx would want; if they do want the docs then they'll have a useful indication of what they need to do (upgrade Sphinx!) rather than a confusing error message. In theory our distro support policy would suggest that we should support building on the Sphinx shipped in those distros, but: * EPEL7 has Sphinx 1.2.3 (which we've never supported!) * Debian Stretch has Sphinx 1.4.8 Trying to get our docs to work with Sphinx 1.4 is not tractable for the 5.0 release and I'm not sure it's worthwhile effort anyway; at least with this change the build as a whole now succeeds. Thanks to John Snow for doing the investigation and testing to confirm what Sphinx versions fail in what ways and what distros shipped what. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
| * | kernel-doc: Use c:struct for Sphinx 3.0 and laterPeter Maydell2020-04-142-1/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The kernel-doc Sphinx plugin and associated script currently emit 'c:type' directives for "struct foo" documentation. Sphinx 3.0 warns about this: /home/petmay01/linaro/qemu-from-laptop/qemu/docs/../include/exec/memory.h:3: WARNING: Type must be either just a name or a typedef-like declaration. If just a name: Error in declarator or parameters Invalid C declaration: Expected identifier in nested name, got keyword: struct [error at 6] struct MemoryListener ------^ If typedef-like declaration: Error in declarator or parameters Invalid C declaration: Expected identifier in nested name. [error at 21] struct MemoryListener ---------------------^ because it wants us to use the new-in-3.0 'c:struct' instead. Plumb the Sphinx version through to the kernel-doc script and use it to select 'c:struct' for newer versions than 3.0. Fixes: LP:1872113 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
| * | scripts/kernel-doc: Add missing close-paren in c:function directivesPeter Maydell2020-04-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When kernel-doc generates a 'c:function' directive for a function one of whose arguments is a function pointer, it fails to print the close-paren after the argument list of the function pointer argument, for instance in the memory API documentation: .. c:function:: void memory_region_init_resizeable_ram (MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, uint64_t max_size, void (*resized) (const char*, uint64_t length, void *host, Error ** errp) which should have a ')' after the 'void *host' which is the last argument to 'resized'. Older versions of Sphinx don't try to parse the argumnet to c:function, but Sphinx 3.0 does do this and will complain: /home/petmay01/linaro/qemu-from-laptop/qemu/docs/../include/exec/memory.h:834: WARNING: Error in declarator or parameters Invalid C declaration: Expecting "," or ")" in parameters, got "EOF". [error at 208] void memory_region_init_resizeable_ram (MemoryRegion * mr, struct Object * owner, const char * name, uint64_t size, uint64_t max_size, void (*resized) (const char*, uint64_t length, void *host, Error ** errp) ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------^ Add the missing close-paren. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200411182934.28678-3-peter.maydell@linaro.org Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
| * | configure: Honour --disable-werror for SphinxPeter Maydell2020-04-142-2/+9
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If we are not making warnings fatal for compilation, make them non-fatal when building the Sphinx documentation also. (For instance Sphinx 3.0 warns about some constructs that older versions were happy with, which is a build failure if we use the warnings-as-errors flag.) This provides a workaround at least for LP:1872113. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200411182934.28678-2-peter.maydell@linaro.org Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
| * | docs: Improve our gdbstub documentationPeter Maydell2020-04-142-14/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The documentation of our -s and -gdb options is quite old; in particular it still claims that it will cause QEMU to stop and wait for the gdb connection, when this has not been true for some time: you also need to pass -S if you want to make QEMU not launch the guest on startup. Improve the documentation to mention this requirement in the executable's --help output, the documentation of the -gdb option in the manual, and in the "GDB usage" chapter. Includes some minor tweaks to these paragraphs of documentation since I was editing them anyway (such as dropping the description of our gdb support as "primitive"). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20200403094014.9589-1-peter.maydell@linaro.org
| * | scripts/coverity-scan: Add Docker supportPeter Maydell2020-04-142-0/+221
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add support for running the Coverity Scan tools inside a Docker container rather than directly on the host system. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200319193323.2038-7-peter.maydell@linaro.org
| * | scripts/run-coverity-scan: Script to run Coverity Scan buildPeter Maydell2020-04-142-0/+316
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a new script to automate the process of running the Coverity Scan build tools and uploading the resulting tarball to the website. This is intended eventually to be driven from Travis, but it can be run locally, if you are a maintainer of the QEMU project on the Coverity Scan website and have the secret upload token. The script must be run on a Fedora 30 system. Support for using a Docker container is added in a following commit. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200319193323.2038-6-peter.maydell@linaro.org
| * | linux-user/flatload.c: Use "" for include of QEMU header target_flat.hPeter Maydell2020-04-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The target_flat.h file is a QEMU header, so we should include it using quotes, not angle brackets. Coverity otherwise is unable to find the header: "../linux-user/flatload.c", line 40: error #1712: cannot open source file "target_flat.h" #include <target_flat.h> ^ because the relevant directory is only on the -iquote path, not the -I path. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200319193323.2038-5-peter.maydell@linaro.org
| * | thread.h: Remove trailing semicolons from Coverity qemu_mutex_lock() etcPeter Maydell2020-04-141-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | All the Coverity-specific definitions of qemu_mutex_lock() and friends have a trailing semicolon. This works fine almost everywhere because of QEMU's mandatory-braces coding style and because most callsites are simple, but target/s390x/sigp.c has a use of qemu_mutex_trylock() as an if() statement, which makes the ';' a syntax error: "../target/s390x/sigp.c", line 461: warning #18: expected a ")" if (qemu_mutex_trylock(&qemu_sigp_mutex)) { ^ Remove the bogus semicolons from the macro definitions. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200319193323.2038-4-peter.maydell@linaro.org
| * | thread.h: Fix Coverity version of qemu_cond_timedwait()Peter Maydell2020-04-141-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For Coverity's benefit, we provide simpler versions of functions like qemu_mutex_lock(), qemu_cond_wait() and qemu_cond_timedwait(). When we added qemu_cond_timedwait() in commit 3dcc9c6ec4ea, a cut and paste error meant that the Coverity version of qemu_cond_timedwait() was using the wrong _impl function, which makes the Coverity parser complain: "/qemu/include/qemu/thread.h", line 159: warning #140: too many arguments in function call return qemu_cond_timedwait(cond, mutex, ms); ^ "/qemu/include/qemu/thread.h", line 159: warning #120: return value type does not match the function type return qemu_cond_timedwait(cond, mutex, ms); ^ "/qemu/include/qemu/thread.h", line 156: warning #1563: function "qemu_cond_timedwait" not emitted, consider modeling it or review parse diagnostics to improve fidelity static inline bool (qemu_cond_timedwait)(QemuCond *cond, QemuMutex *mutex, ^ These aren't fatal, but reduce the scope of the analysis. Fix the error. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200319193323.2038-3-peter.maydell@linaro.org
| * | osdep.h: Drop no-longer-needed Coverity workaroundsPeter Maydell2020-04-141-14/+0Star
|/ / | | | | | | | | | | | | | | | | | | | | | | In commit a1a98357e3fd in 2018 we added some workarounds for Coverity not being able to handle the _Float* types introduced by recent glibc. Newer versions of the Coverity scan tools have support for these types, and will fail with errors about duplicate typedefs if we have our workaround. Remove our copy of the typedefs. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200319193323.2038-2-peter.maydell@linaro.org
* | Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell2020-04-138-5/+126
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | pc: bugfixes, maintainers A couple of bugfixes. Add a new vhost-user-blk maintainer. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 13 Apr 2020 11:57:17 BST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: exec: Fix for qemu_ram_resize() callback fw_cfg: Migrate ACPI table mr sizes separately acpi: Use macro for table-loader file name MAINTAINERS: Add myself as vhost-user-blk maintainer Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | exec: Fix for qemu_ram_resize() callbackDavid Hildenbrand2020-04-131-2/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Summarizing the issue: 1. Memory regions contain ram blocks with a different size, if the size is not properly aligned. While memory regions can have an unaligned size, ram blocks can't. This is true when creating resizable memory region with an unaligned size. 2. When resizing a ram block/memory region, the size of the memory region is set to the aligned size. The callback is called with the aligned size. The unaligned piece is lost. Because of the above, if ACPI blob length modifications happens after the initial virt_acpi_build() call, and the changed blob length is within the PAGE size boundary, then the revised size is not seen by the firmware on Guest reboot. Hence make sure callback is called if memory region size is changed, irrespective of aligned or not. Signed-off-by: David Hildenbrand <david@redhat.com> [Shameer: added commit log] Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20200403101827.30664-4-shameerali.kolothum.thodi@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
| * | fw_cfg: Migrate ACPI table mr sizes separatelyShameer Kolothum2020-04-133-1/+97
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Any sub-page size update to ACPI MRs will be lost during migration, as we use aligned size in ram_load_precopy() -> qemu_ram_resize() path. This will result in inconsistency in FWCfgEntry sizes between source and destination. In order to avoid this, save and restore them separately during migration. Up until now, this problem may not be that relevant for x86 as both ACPI table and Linker MRs gets padded and aligned. Also at present, qemu_ram_resize() doesn't invoke callback to update FWCfgEntry for unaligned size changes. But since we are going to fix the qemu_ram_resize() in the subsequent patch, the issue may become more serious especially for RSDP MR case. Moreover, the issue will soon become prominent in arm/virt as well where the MRs are not padded or aligned at all and eventually have acpi table changes as part of future additions like NVDIMM hot-add feature. Suggested-by: David Hildenbrand <david@redhat.com> Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Acked-by: David Hildenbrand <david@redhat.com> Message-Id: <20200403101827.30664-3-shameerali.kolothum.thodi@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| * | acpi: Use macro for table-loader file nameShameer Kolothum2020-04-133-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use macro for "etc/table-loader" and move it to the header file similar to ACPI_BUILD_TABLE_FILE/ACPI_BUILD_RSDP_FILE etc. Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20200403101827.30664-2-shameerali.kolothum.thodi@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
| * | MAINTAINERS: Add myself as vhost-user-blk maintainerRaphael Norwitz2020-04-131-0/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As suggested by Michael, let's add me as a maintainer of vhost-user-blk and vhost-user-scsi. CC: Michael S. Tsirkin <mst@redhat.com> CC Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Raphael Norwitz <raphael.norwitz@nutanix.com> Message-Id: <1585213047-20089-1-git-send-email-raphael.norwitz@nutanix.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* | | Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell2020-04-1312-447/+547
|\ \ \ | | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bugfixes, and reworking of the atomics documentation. # gpg: Signature made Mon 13 Apr 2020 07:56:22 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: module: increase dirs array size by one memory: Do not allow direct write access to rom_device regions vl.c: error out if -mem-path is used together with -M memory-backend rcu: do not mention atomic_mb_read/set in documentation atomics: update documentation atomics: convert to reStructuredText oslib-posix: take lock before qemu_cond_broadcast piix: fix xenfv regression, add compat machine xenfv-4.2 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | module: increase dirs array size by oneBruce Rogers2020-04-131-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the module upgrades code change, the statically sized dirs array can now overflow. Increase it's size by one, according to the new maximum possible usage. Fixes: bd83c861c0 ("modules: load modules from versioned /var/run dir") Signed-off-by: Bruce Rogers <brogers@suse.com> Message-Id: <20200411010746.472295-1-brogers@suse.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | memory: Do not allow direct write access to rom_device regionsAlexander Duyck2020-04-131-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | According to the documentation in memory.h a ROM memory region will be backed by RAM for reads, but is supposed to go through a callback for writes. Currently we were not checking for the existence of the rom_device flag when determining if we could perform a direct write or not. To correct that add a check to memory_region_is_direct so that if the memory region has the rom_device flag set we will return false for all checks where is_write is set. Signed-off-by: Alexander Duyck <alexander.h.duyck@linux.intel.com> Message-Id: <20200410034150.24738.98143.stgit@localhost.localdomain> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | vl.c: error out if -mem-path is used together with -M memory-backendIgor Mammedov2020-04-131-0/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | the former is not actually used by explicit backend, so instead of silently ignoring the option in non valid context, exit with error. Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20200409134133.11339-1-imammedo@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | rcu: do not mention atomic_mb_read/set in documentationPaolo Bonzini2020-04-131-2/+2
| | | | | | | | | | | | Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>