summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* m68k/nios2-semi: fix gettimeofday() result checkMarc-André Lureau2022-03-222-2/+2
| | | | | | | | gettimeofday() returns 0 for success. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
* vl: typo fix in a commentMarc-André Lureau2022-03-221-1/+1
| | | | | Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* qemu-options: define -spice only #ifdef CONFIG_SPICEMarc-André Lureau2022-03-222-0/+4
| | | | | | | | Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1982600 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
* Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingPeter Maydell2022-03-212-9/+15
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bugfixes. # gpg: Signature made Mon 21 Mar 2022 14:57:57 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: hw/i386/amd_iommu: Fix maybe-uninitialized error with GCC 12 target/i386: kvm: do not access uninitialized variable on older kernels Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * hw/i386/amd_iommu: Fix maybe-uninitialized error with GCC 12Paolo Bonzini2022-03-211-5/+2Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Be more explicit that the loop must roll at least once. Avoids the following warning: FAILED: libqemu-x86_64-softmmu.fa.p/hw_i386_amd_iommu.c.o In function 'pte_get_page_mask', inlined from 'amdvi_page_walk' at hw/i386/amd_iommu.c:945:25, inlined from 'amdvi_do_translate' at hw/i386/amd_iommu.c:989:5, inlined from 'amdvi_translate' at hw/i386/amd_iommu.c:1038:5: hw/i386/amd_iommu.c:877:38: error: 'oldlevel' may be used uninitialized [-Werror=maybe-uninitialized] 877 | return ~((1UL << ((oldlevel * 9) + 3)) - 1); | ~~~~~~~~~~~~~~~~^~~~ hw/i386/amd_iommu.c: In function 'amdvi_translate': hw/i386/amd_iommu.c:906:41: note: 'oldlevel' was declared here 906 | unsigned level, present, pte_perms, oldlevel; | ^~~~~~~~ cc1: all warnings being treated as errors Having: $ gcc --version gcc (Debian 12-20220313-1) 12.0.1 20220314 (experimental) Reported-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * target/i386: kvm: do not access uninitialized variable on older kernelsPaolo Bonzini2022-03-201-4/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | KVM support for AMX includes a new system attribute, KVM_X86_XCOMP_GUEST_SUPP. Commit 19db68ca68 ("x86: Grant AMX permission for guest", 2022-03-15) however did not fully consider the behavior on older kernels. First, it warns too aggressively. Second, it invokes the KVM_GET_DEVICE_ATTR ioctl unconditionally and then uses the "bitmask" variable, which remains uninitialized if the ioctl fails. Third, kvm_ioctl returns -errno rather than -1 on errors. While at it, explain why the ioctl is needed and KVM_GET_SUPPORTED_CPUID is not enough. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | Merge tag 'pull-misc-2022-03-21' of git://repo.or.cz/qemu/armbru into stagingPeter Maydell2022-03-21109-214/+284
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Miscellaneous patches patches for 2022-03-21 # gpg: Signature made Mon 21 Mar 2022 14:48:16 GMT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * tag 'pull-misc-2022-03-21' of git://repo.or.cz/qemu/armbru: Use g_new() & friends where that makes obvious sense 9pfs: Use g_new() & friends where that makes obvious sense scripts/coccinelle: New use-g_new-etc.cocci block-qdict: Fix -Werror=maybe-uninitialized build failure Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | Use g_new() & friends where that makes obvious senseMarkus Armbruster2022-03-21102-200/+195Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Patch created mechanically with: $ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \ --macro-file scripts/cocci-macro-file.h FILES... Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Cédric Le Goater <clg@kaod.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20220315144156.1595462-4-armbru@redhat.com> Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
| * | 9pfs: Use g_new() & friends where that makes obvious senseMarkus Armbruster2022-03-215-12/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer, for two reasons. One, it catches multiplication overflowing size_t. Two, it returns T * rather than void *, which lets the compiler catch more type errors. This commit only touches allocations with size arguments of the form sizeof(T). Initial patch created mechanically with: $ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \ --macro-file scripts/cocci-macro-file.h FILES... This uncovers a typing error: ../hw/9pfs/9p.c: In function ‘qid_path_fullmap’: ../hw/9pfs/9p.c:855:13: error: assignment to ‘QpfEntry *’ from incompatible pointer type ‘QppEntry *’ [-Werror=incompatible-pointer-types] 855 | val = g_new0(QppEntry, 1); | ^ Harmless, because QppEntry is larger than QpfEntry. Manually fixed to allocate a QpfEntry instead. Cc: Greg Kurz <groug@kaod.org> Cc: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <20220315144156.1595462-3-armbru@redhat.com>
| * | scripts/coccinelle: New use-g_new-etc.cocciMarkus Armbruster2022-03-211-0/+75
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This is the semantic patch from commit b45c03f585 "arm: Use g_new() & friends where that makes obvious sense". Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220315144156.1595462-2-armbru@redhat.com>
| * | block-qdict: Fix -Werror=maybe-uninitialized build failureMurilo Opsfelder Araujo2022-03-211-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Building QEMU on Fedora 37 (Rawhide Prerelease) ppc64le failed with the following error: $ ../configure --prefix=/usr/local/qemu-disabletcg --target-list=ppc-softmmu,ppc64-softmmu --disable-tcg --disable-linux-user ... $ make -j$(nproc) ... In file included from /root/qemu/include/qapi/qmp/qdict.h:16, from /root/qemu/include/block/qdict.h:13, from ../qobject/block-qdict.c:11: /root/qemu/include/qapi/qmp/qobject.h: In function ‘qdict_array_split’: /root/qemu/include/qapi/qmp/qobject.h:49:17: error: ‘subqdict’ may be used uninitialized [-Werror=maybe-uninitialized] 49 | typeof(obj) _obj = (obj); \ | ^~~~ ../qobject/block-qdict.c:227:16: note: ‘subqdict’ declared here 227 | QDict *subqdict; | ^~~~~~~~ cc1: all warnings being treated as errors Fix build failure by expanding the ternary operation. Tested with `make check-unit` (the check-block-qdict test passed). Signed-off-by: Murilo Opsfelder Araujo <muriloo@linux.ibm.com> Cc: Kevin Wolf <kwolf@redhat.com> Cc: Hanna Reitz <hreitz@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Message-Id: <20220311221634.58288-1-muriloo@linux.ibm.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
* | | Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into stagingPeter Maydell2022-03-213-14/+23
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Pull request Bug fixes for 7.0. # gpg: Signature made Thu 17 Mar 2022 16:42:22 GMT # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] # Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35 775A 9CA4 ABB3 81AB 73C8 * tag 'block-pull-request' of https://gitlab.com/stefanha/qemu: aio-posix: fix spurious ->poll_ready() callbacks in main loop aio-posix: fix build failure io_uring 2.2 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | aio-posix: fix spurious ->poll_ready() callbacks in main loopStefan Hajnoczi2022-03-172-14/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When ->poll() succeeds the AioHandler is placed on the ready list with revents set to the magic value 0. This magic value causes aio_dispatch_handler() to invoke ->poll_ready() instead of ->io_read() for G_IO_IN or ->io_write() for G_IO_OUT. This magic value 0 hack works for the IOThread where AioHandlers are placed on ->ready_list and processed by aio_dispatch_ready_handlers(). It does not work for the main loop where all AioHandlers are processed by aio_dispatch_handlers(), even those that are not ready and have a revents value of 0. As a result the main loop invokes ->poll_ready() on AioHandlers that are not ready. These spurious ->poll_ready() calls waste CPU cycles and could lead to crashes if the code assumes ->poll() must have succeeded before ->poll_ready() is called (a reasonable asumption but I haven't seen it in practice). Stop using revents to track whether ->poll_ready() will be called on an AioHandler. Introduce a separate AioHandler->poll_ready field instead. This eliminates spurious ->poll_ready() calls in the main loop. Fixes: 826cc32423db2a99d184dbf4f507c737d7e7a4ae ("aio-posix: split poll check from ready handler") Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reported-by: Jason Wang <jasowang@redhat.com> Tested-by: Jason Wang <jasowang@redhat.com> Message-id: 20220223155703.136833-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | | aio-posix: fix build failure io_uring 2.2Haiyue Wang2022-03-171-0/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The io_uring fixed "Don't truncate addr fields to 32-bit on 32-bit": https://git.kernel.dk/cgit/liburing/commit/?id=d84c29b19ed0b130000619cff40141bb1fc3615b This leads to build failure: ../util/fdmon-io_uring.c: In function ‘add_poll_remove_sqe’: ../util/fdmon-io_uring.c:182:36: error: passing argument 2 of ‘io_uring_prep_poll_remove’ makes integer from pointer without a cast [-Werror=int-conversion] 182 | io_uring_prep_poll_remove(sqe, node); | ^~~~ | | | AioHandler * In file included from /root/io/qemu/include/block/aio.h:18, from ../util/aio-posix.h:20, from ../util/fdmon-io_uring.c:49: /usr/include/liburing.h:415:17: note: expected ‘__u64’ {aka ‘long long unsigned int’} but argument is of type ‘AioHandler *’ 415 | __u64 user_data) | ~~~~~~^~~~~~~~~ cc1: all warnings being treated as errors Use LIBURING_HAVE_DATA64 to check whether the io_uring supports 64-bit variants of the get/set userdata, to convert the paramter to the right data type. Signed-off-by: Haiyue Wang <haiyue.wang@intel.com> Message-Id: <20220221162401.45415-1-haiyue.wang@intel.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | | | Merge tag 'pull-ppc-20220321' of https://github.com/legoater/qemu into stagingPeter Maydell2022-03-213-49/+124
|\ \ \ \ | |_|/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ppc-7.0 queue : * ISA v3.1 vector instruction fixes * Compilation fix regarding 'struct pt_regs' definition # gpg: Signature made Mon 21 Mar 2022 06:43:22 GMT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * tag 'pull-ppc-20220321' of https://github.com/legoater/qemu: target/ppc: Replicate Double->Single-Precision result target/ppc: Replicate double->int32 result for some vector insns ppc64: Avoid pt_regs struct definition Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | target/ppc: Replicate Double->Single-Precision resultLucas Coutinho2022-03-201-4/+44
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Power ISA v3.1 formalizes the previously undefined result in words 1 and 3 to be a copy of the result in words 0 and 2. This affects: xvcvsxdsp, xvcvuxdsp, xvcvdpsp. And the previously undefined result in word 1 to be a copy of the result in word 0. This affects: xscvdpsp. Signed-off-by: Lucas Coutinho <lucas.coutinho@eldorado.org.br> Message-Id: <20220316200427.3410437-1-lucas.coutinho@eldorado.org.br> Signed-off-by: Cédric Le Goater <clg@kaod.org>
| * | | target/ppc: Replicate double->int32 result for some vector insnsRichard Henderson2022-03-201-6/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Power ISA v3.1 formalizes the previously undefined result in words 1 and 3 to be a copy of the result in words 0 and 2. This affects: xscvdpsxws, xscvdpuxws, xvcvdpsxws, xvcvdpuxws. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/852 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> [ clg: checkpatch fixes ] Message-Id: <20220315053934.377519-1-richard.henderson@linaro.org> Signed-off-by: Cédric Le Goater <clg@kaod.org>
| * | | ppc64: Avoid pt_regs struct definitionKhem Raj2022-03-202-39/+41
|/ / / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove pt_regs indirection and instead reference gp_regs directly, this makes it portable across musl/glibc Use PT_* constants defined in asm/ptrace.h Move the file to ppc64 subdir and leave ppc empty Fixes ../qemu-6.2.0/linux-user/host/ppc64/../ppc/host-signal.h:16:32: error: incomplete definition of type 'struct pt_regs' return uc->uc_mcontext.regs->nip; ~~~~~~~~~~~~~~~~~~~~^ Signed-off-by: Khem Raj <raj.khem@gmail.com> Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220315015740.847370-1-raj.khem@gmail.com> Signed-off-by: Cédric Le Goater <clg@kaod.org>
* | | Merge tag 'fixes-20220318-pull-request' of git://git.kraxel.org/qemu into ↵Peter Maydell2022-03-1914-53/+101
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging bugfixes for vga, audio, vnc # gpg: Signature made Fri 18 Mar 2022 13:56:22 GMT # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * tag 'fixes-20220318-pull-request' of git://git.kraxel.org/qemu: hw/display/vga: Report a proper error when adding a 2nd ISA VGA hw/display: Allow vga_common_init() to return errors hw/display/cirrus_vga: Clean up indentation in pci_cirrus_vga_realize() audio/mixeng: Do not declare unused variables ui: avoid unnecessary memory operations in vnc_refresh_server_surface() ui/gtk: Ignore 2- and 3-button press events Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | hw/display/vga: Report a proper error when adding a 2nd ISA VGAThomas Huth2022-03-181-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | QEMU currently abort()s if the user tries to add a second ISA VGA device, for example: $ ./qemu-system-x86_64 -device isa-vga -device isa-vga RAMBlock "vga.vram" already registered, abort! Aborted (core dumped) $ ./qemu-system-x86_64 -device isa-cirrus-vga -device isa-cirrus-vga RAMBlock "vga.vram" already registered, abort! Aborted (core dumped) $ ./qemu-system-mips64el -M pica61 -device isa-vga RAMBlock "vga.vram" already registered, abort! Aborted (core dumped) Such a crash should never happen just because of giving bad parameters at the command line. Let's return a proper error message instead. (The idea is based on an original patch by Jose R. Ziviani for the isa-vga device, but this now fixes it for the isa-cirrus-vga device, too) Resolves: https://gitlab.com/qemu-project/qemu/-/issues/44 Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20220317083027.16688-4-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | hw/display: Allow vga_common_init() to return errorsThomas Huth2022-03-1811-13/+42
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The vga_common_init() function currently cannot report errors to its caller. But in the following patch, we'd need this possibility, so let's change it to take an "Error **" as parameter for this. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220317083027.16688-3-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | hw/display/cirrus_vga: Clean up indentation in pci_cirrus_vga_realize()Thomas Huth2022-03-181-28/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Most of the code in this function had been indented with 5 spaces instead of 4. Since 4 is our preferred style, remove one space in the bad lines here. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20220317083027.16688-2-thuth@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | audio/mixeng: Do not declare unused variablesAkihiko Odaki2022-03-181-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The unused variables when FLOAT_MIXENG is defined caused warnings on Apple clang version 13.1.6 (clang-1316.0.21.2). Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220316061053.60587-1-akihiko.odaki@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | ui: avoid unnecessary memory operations in vnc_refresh_server_surface()Wen, Jianxian2022-03-181-9/+17
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Check the dirty bits in advance to avoid unnecessary memory operations. In the case that guest surface has different format than the server, but it does not have dirty bits which means no refresh is actually needed, the memory operations is not necessary. Signed-off-by: Jianxian Wen <jianxian.wen@verisilicon.com> Signed-off-by: Lu Gao <lu.gao@verisilicon.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <4C23C17B8E87E74E906A25A3254A03F4FA22100C@SHASXM06.verisilicon.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | ui/gtk: Ignore 2- and 3-button press eventsK. Lange2022-03-181-0/+4
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | GTK already produces corresponding GDK_BUTTON_PRESS events alongside 2BUTTON and 3BUTTON_PRESS events. The 2BUTTON and 3BUTTON_PRESS events were incorrectly being interpreted and passed to guests as button release events. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/558 Signed-off-by: K. Lange <klange@toaruos.org> Message-Id: <20220305104521.3583703-1-klange@toaruos.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | | Merge tag 'trivial-branch-for-7.0-pull-request' of ↵Peter Maydell2022-03-192-6/+6
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://gitlab.com/laurent_vivier/qemu into staging Trivial branch pull request 20220318 # gpg: Signature made Fri 18 Mar 2022 13:42:58 GMT # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * tag 'trivial-branch-for-7.0-pull-request' of https://gitlab.com/laurent_vivier/qemu: virtio/virtio-balloon: Prefer Object* over void* parameter hw/pci/pci.c: Fix typos of "Firewire", and of "controller" on same line Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | | virtio/virtio-balloon: Prefer Object* over void* parameterBernhard Beschow2022-03-181-5/+5
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | *opaque is an alias to *obj. Using the ladder makes the code consistent with with other devices, e.g. accel/kvm/kvm-all and accel/tcg/tcg-all. It also makes the cast more typesafe. Signed-off-by: Bernhard Beschow <shentey@gmail.com> Reviewed-by: David Hildenbrand <david@redhat.com> Acked-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20220301222301.103821-2-shentey@gmail.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
| * | | hw/pci/pci.c: Fix typos of "Firewire", and of "controller" on same lineRebecca Cran2022-03-181-1/+1
| |/ / | | | | | | | | | | | | | | | | | | Signed-off-by: Rebecca Cran <quic_rcran@quicinc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20220318101124.912-1-quic_rcran@quicinc.com> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
* | | Merge tag 'pull-target-arm-20220318' of ↵Peter Maydell2022-03-1828-46/+1084
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * Fix sve2 ldnt1 and stnt1 * Fix pauth_check_trap vs SEL2 * Fix handling of LPAE block descriptors * hw/dma/xlnx_csu_dma: Set TYPE_XLNX_CSU_DMA class_size * hw/misc/npcm7xx_clk: Don't leak string in npcm7xx_clk_sel_init() * nsis installer: List emulators in alphabetical order * nsis installer: Suppress "ANSI targets are deprecated" warning * nsis installer: Fix mouse-over descriptions for emulators * hw/arm/virt: Fix gic-version=max when CONFIG_ARM_GICV3_TCG is unset * Improve M-profile vector table access logging * Xilinx ZynqMP: model CRF and APU control * Fix compile issues on modern Solaris # gpg: Signature made Fri 18 Mar 2022 13:18:20 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20220318' of https://git.linaro.org/people/pmaydell/qemu-arm: (21 commits) util/osdep: Remove some early cruft hw/i386/acpi-build: Avoid 'sun' identifier util/osdep: Avoid madvise proto on modern Solaris hw/arm/xlnx-zynqmp: Connect the ZynqMP APU Control hw/misc: Add a model of the Xilinx ZynqMP APU Control hw/arm/xlnx-zynqmp: Connect the ZynqMP CRF hw/misc: Add a model of the Xilinx ZynqMP CRF target/arm: Make rvbar settable after realize hw/arm/xlnx-zynqmp: Add an unimplemented SERDES area target/arm: Log fault address for M-profile faults target/arm: Log M-profile vector table accesses hw/arm/virt: Fix gic-version=max when CONFIG_ARM_GICV3_TCG is unset hw/intc: Rename CONFIG_ARM_GIC_TCG into CONFIG_ARM_GICV3_TCG nsis installer: Fix mouse-over descriptions for emulators nsis installer: Suppress "ANSI targets are deprecated" warning nsis installer: List emulators in alphabetical order hw/misc/npcm7xx_clk: Don't leak string in npcm7xx_clk_sel_init() hw/dma/xlnx_csu_dma: Set TYPE_XLNX_CSU_DMA class_size target/arm: Fix handling of LPAE block descriptors target/arm: Fix pauth_check_trap vs SEL2 ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | util/osdep: Remove some early cruftAndrew Deason2022-03-181-7/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The include for statvfs.h has not been needed since all statvfs calls were removed in commit 4a1418e07bdc ("Unbreak large mem support by removing kqemu"). The comment mentioning CONFIG_BSD hasn't made sense since an include for config-host.h was removed in commit aafd75841001 ("util: Clean up includes"). Remove this cruft. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Andrew Deason <adeason@sinenomine.net> Message-id: 20220316035227.3702-4-adeason@sinenomine.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/i386/acpi-build: Avoid 'sun' identifierAndrew Deason2022-03-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On Solaris, 'sun' is #define'd to 1, which causes errors if a variable is named 'sun'. Slightly change the name of the var for the Slot User Number so we can build on Solaris. Reviewed-by: Ani Sinha <ani@anisinha.ca> Signed-off-by: Andrew Deason <adeason@sinenomine.net> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20220316035227.3702-3-adeason@sinenomine.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | util/osdep: Avoid madvise proto on modern SolarisAndrew Deason2022-03-183-5/+29
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | On older Solaris releases (before Solaris 11), we didn't get a prototype for madvise, and so util/osdep.c provides its own prototype. Some time between the public Solaris 11.4 release and Solaris 11.4.42 CBE, we started getting an madvise prototype that looks like this: extern int madvise(void *, size_t, int); which conflicts with the prototype in util/osdeps.c. Instead of always declaring this prototype, check if we're missing the madvise() prototype, and only declare it ourselves if the prototype is missing. Move the prototype to include/qemu/osdep.h, the normal place to handle platform-specific header quirks. The 'missing_madvise_proto' meson check contains an obviously wrong prototype for madvise. So if that code compiles and links, we must be missing the actual prototype for madvise. Signed-off-by: Andrew Deason <adeason@sinenomine.net> Message-id: 20220316035227.3702-2-adeason@sinenomine.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/arm/xlnx-zynqmp: Connect the ZynqMP APU ControlEdgar E. Iglesias2022-03-182-3/+26
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Connect the ZynqMP APU Control device. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20220316164645.2303510-7-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/misc: Add a model of the Xilinx ZynqMP APU ControlEdgar E. Iglesias2022-03-183-0/+347
| | | | | | | | | | | | | | | | | | | | | | | | | | | Add a model of the Xilinx ZynqMP APU Control. Reviewed-by: Luc Michel <luc@lmichel.fr> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20220316164645.2303510-6-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/arm/xlnx-zynqmp: Connect the ZynqMP CRFEdgar E. Iglesias2022-03-182-0/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Connect the ZynqMP CRF - Clock Reset FPD device. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Luc Michel <luc@lmichel.fr> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20220316164645.2303510-5-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/misc: Add a model of the Xilinx ZynqMP CRFEdgar E. Iglesias2022-03-183-0/+478
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add a model of the Xilinx ZynqMP CRF. At the moment this is mostly a stub model. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20220316164645.2303510-4-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | target/arm: Make rvbar settable after realizeEdgar E. Iglesias2022-03-183-9/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make the rvbar property settable after realize. This is done in preparation to model the ZynqMP's runtime configurable rvbar. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20220316164645.2303510-3-edgar.iglesias@gmail.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/arm/xlnx-zynqmp: Add an unimplemented SERDES areaEdgar E. Iglesias2022-03-182-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add an unimplemented SERDES (Serializer/Deserializer) area. Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-id: 20220316164645.2303510-2-edgar.iglesias@gmail.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | target/arm: Log fault address for M-profile faultsPeter Maydell2022-03-181-0/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For M-profile, the fault address is not always exposed to the guest in a fault register (for instance the BFAR bus fault address register is only updated for bus faults on data accesses, not instruction accesses). Currently we log the address only if we're putting it into a particular guest-visible register. Since we always have it, log it generically, to make logs of i-side faults a bit clearer. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20220315204306.2797684-3-peter.maydell@linaro.org
| * | target/arm: Log M-profile vector table accessesPeter Maydell2022-03-182-0/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the CPU_LOG_INT logging misses some useful information about loads from the vector table. Add logging where we load vector table entries. This is particularly helpful for cases where the user has accidentally not put a vector table in their image at all, which can result in confusing guest crashes at startup. Here's an example of the new logging for a case where the vector table contains garbage: Loaded reset SP 0x0 PC 0x0 from vector table Loaded reset SP 0xd008f8df PC 0xf000bf00 from vector table Taking exception 3 [Prefetch Abort] on CPU 0 ...with CFSR.IACCVIOL ...BusFault with BFSR.STKERR ...taking pending nonsecure exception 3 ...loading from element 3 of non-secure vector table at 0xc ...loaded new PC 0x20000558 ---------------- IN: 0x20000558: 08000079 stmdaeq r0, {r0, r3, r4, r5, r6} (The double reset logging is the result of our long-standing "CPUs all get reset twice" weirdness; it looks a bit ugly but it'll go away if we ever fix that :-)) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Message-id: 20220315204306.2797684-2-peter.maydell@linaro.org
| * | hw/arm/virt: Fix gic-version=max when CONFIG_ARM_GICV3_TCG is unsetEric Auger2022-03-181-1/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In TCG mode, if gic-version=max we always select GICv3 even if CONFIG_ARM_GICV3_TCG is unset. We shall rather select GICv2. This also brings the benefit of fixing qos tests errors for tests using gic-version=max with CONFIG_ARM_GICV3_TCG unset. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 20220308182452.223473-3-eric.auger@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | hw/intc: Rename CONFIG_ARM_GIC_TCG into CONFIG_ARM_GICV3_TCGEric Auger2022-03-182-3/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | CONFIG_ARM_GIC_TCG actually guards the compilation of TCG GICv3 specific files. So let's rename it into CONFIG_ARM_GICV3_TCG Signed-off-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Andrew Jones <drjones@redhat.com> Message-id: 20220308182452.223473-2-eric.auger@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | nsis installer: Fix mouse-over descriptions for emulatorsPeter Maydell2022-03-182-5/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We use the nsis.py script to write out an installer script Section for each emulator executable, so the exact set of Sections depends on which executables were built. However the part of qemu.nsi which specifies mouse-over descriptions for each Section still has a hard-coded and very outdated list (with just i386 and alpha). This causes two problems. Firstly, if you build the installer for a configuration where you didn't build the i386 binaries you get warnings like this: warning 6000: unknown variable/constant "{Section_i386}" detected, ignoring (macro:_==:1) warning 6000: unknown variable/constant "{Section_i386w}" detected, ignoring (macro:_==:1) (this happens in our gitlab CI jobs, for instance). Secondly, most of the emulators in the generated installer don't have any mouseover text. Make nsis.py generate a second output file which has the necessary MUI_DESCRIPTION_TEXT lines for each Section it creates, so we can include that at the right point in qemu.nsi to set the mouse-over text. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 20220305105743.2384766-4-peter.maydell@linaro.org
| * | nsis installer: Suppress "ANSI targets are deprecated" warningPeter Maydell2022-03-181-0/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When we build our Windows installer, it emits the warning: warning 7998: ANSI targets are deprecated Fix this by making our installer a Unicode installer instead. These won't work on Win95/98/ME, but we already do not support those. See https://nsis.sourceforge.io/Docs/Chapter4.html#aunicodetarget for the documentation of the Unicode directive. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Weil <sw@weilnetz.de> Message-id: 20220305105743.2384766-3-peter.maydell@linaro.org
| * | nsis installer: List emulators in alphabetical orderPeter Maydell2022-03-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We currently list the emulators in the Windows installer's dialog in an essentially random order (it's whatever glob.glob() returns them to, which is filesystem-implementation-dependent). Add a call to sorted() so they appear in alphabetical order. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 20220305105743.2384766-2-peter.maydell@linaro.org
| * | hw/misc/npcm7xx_clk: Don't leak string in npcm7xx_clk_sel_init()Peter Maydell2022-03-181-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In npcm7xx_clk_sel_init() we allocate a string with g_strdup_printf(). Use g_autofree so we free it rather than leaking it. (Detected with the clang leak sanitizer.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220308170302.2582820-1-peter.maydell@linaro.org
| * | hw/dma/xlnx_csu_dma: Set TYPE_XLNX_CSU_DMA class_sizePeter Maydell2022-03-181-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In commit 00f05c02f9e7342f we gave the TYPE_XLNX_CSU_DMA object its own class struct, but forgot to update the TypeInfo::class_size accordingly. This meant that not enough memory was allocated for the class struct, and the initialization of xcdc->read in the class init function wrote off the end of the memory. Add the missing line. Found by running 'check-qtest-aarch64' with a clang address-sanitizer build, which complains: ==2542634==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61000000ab00 at pc 0x559a20aebc29 bp 0x7fff97df74d0 sp 0x7fff97df74c8 WRITE of size 8 at 0x61000000ab00 thread T0 #0 0x559a20aebc28 in xlnx_csu_dma_class_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../hw/dma/xlnx_csu_dma.c:722:16 #1 0x559a21bf297c in type_initialize /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:365:9 #2 0x559a21bf3442 in object_class_foreach_tramp /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1070:5 #3 0x7f09bcb641b7 in g_hash_table_foreach (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x401b7) #4 0x559a21bf3c27 in object_class_foreach /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1092:5 #5 0x559a21bf3c27 in object_class_get_list /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1149:5 #6 0x559a2081a2fd in select_machine /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:1661:24 #7 0x559a2081a2fd in qemu_create_machine /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:2146:35 #8 0x559a2081a2fd in qemu_init /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/vl.c:3706:5 #9 0x559a20720ed5 in main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../softmmu/main.c:49:5 #10 0x7f09baec00b2 in __libc_start_main /build/glibc-sMfBJT/glibc-2.31/csu/../csu/libc-start.c:308:16 #11 0x559a2067673d in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/qemu-system-aarch64+0xf4b73d) 0x61000000ab00 is located 0 bytes to the right of 192-byte region [0x61000000aa40,0x61000000ab00) allocated by thread T0 here: #0 0x559a206eeff2 in calloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/qemu-system-aarch64+0xfc3ff2) #1 0x7f09bcb7bef0 in g_malloc0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x57ef0) #2 0x559a21bf3442 in object_class_foreach_tramp /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/san/../../qom/object.c:1070:5 Fixes: 00f05c02f9e7342f ("hw/dma/xlnx_csu_dma: Support starting a read transfer through a class method") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Francisco Iglesias <francisco.iglesias@xilinx.com> Reviewed-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 20220308150207.2546272-1-peter.maydell@linaro.org
| * | target/arm: Fix handling of LPAE block descriptorsPeter Maydell2022-03-181-2/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | LPAE descriptors come in three forms: * table descriptors, giving the address of the next level page table * page descriptors, which occur only at level 3 and describe the mapping of one page (which might be 4K, 16K or 64K) * block descriptors, which occur at higher page table levels, and describe the mapping of huge pages QEMU's page-table-walk code treats block and page entries identically, simply ORing in a number of bits from the input virtual address that depends on the level of the page table that we stopped at; we depend on the previous masking of descaddr with descaddrmask to have already cleared out the low bits of the descriptor word. This is not quite right: the address field in a block descriptor is smaller, and so there are bits which are valid address bits in a page descriptor or a table descriptor but which are not supposed to be part of the address in a block descriptor, and descaddrmask does not clear them. We previously mostly got away with this because those descriptor bits are RES0; however with FEAT_BBM (part of Armv8.4) block descriptor bit 16 is defined to be the nT bit. No emulated QEMU CPU has FEAT_BBM yet, but if the host CPU has it then we might see it when using KVM or hvf. Explicitly zero out all the descaddr bits we're about to OR vaddr bits into. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/790 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220304165628.2345765-1-peter.maydell@linaro.org
| * | target/arm: Fix pauth_check_trap vs SEL2Richard Henderson2022-03-181-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When arm_is_el2_enabled was introduced, we missed updating pauth_check_trap. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/788 Fixes: e6ef0169264b ("target/arm: use arm_is_el2_enabled() where applicable") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20220315021205.342768-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | target/arm: Fix sve2 ldnt1 and stnt1Richard Henderson2022-03-185-5/+109
|/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | For both ldnt1 and stnt1, the meaning of the Rn and Rm are different from ld1 and st1: the vector and integer registers are reversed, and the integer register 31 refers to XZR instead of SP. Secondly, the 64-bit version of ldnt1 was being interpreted as 32-bit unpacked unscaled offset instead of 64-bit unscaled offset, which discarded the upper 32 bits of the address coming from the vector argument. Thirdly, validate that the memory element size is in range for the vector element size for ldnt1. For ld1, we do this via independent decode patterns, but for ldnt1 we need to do it manually. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/826 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20220308031655.240710-1-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>