summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Merge tag 'nvme-next-pull-request' of git://git.infradead.org/qemu-nvme into ↵Stefan Hajnoczi2022-12-041-131/+51Star
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging hw/nvme fixes * fixes for aio cancellation in commands that may issue several aios # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmOI2uQACgkQTeGvMW1P # Dem6nQgAi8Dm0vhRLoEHqT6FG+VBy0Evpw2QThGE8PxsfzJ1nlwXt6s/NwEc10Uc # d5exp6AR9p37dGJfH82y8EYdEgMeJfsKQRDVMUR4n7eEOW+/Sp4WicO7iamEIWhr # CgRBw1aqU7Im0CHn+3nXu0LKXEtT+tOQrfnr255ELzCxKPZuP3Iw/+nzLQij1G4N # 9D9FPPyec+blz+0HuRg12m1ri6TAb2k9CuODuZrqLDCW8Hnl1MVmmYGZrYBy9sPr # Q2zohAjad6R5/+4BCAlusbQ0deoXYKOJdb8J2A9EN73maSqjsHQAagfs+kKxAQK4 # ttiy/M/l5EGJG496rZfUJZCnVlOllQ== # =Blzi # -----END PGP SIGNATURE----- # gpg: Signature made Thu 01 Dec 2022 11:48:36 EST # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown] # gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-next-pull-request' of git://git.infradead.org/qemu-nvme: hw/nvme: remove copy bh scheduling hw/nvme: fix aio cancel in dsm hw/nvme: fix aio cancel in zone reset hw/nvme: fix aio cancel in flush hw/nvme: fix aio cancel in format Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * hw/nvme: remove copy bh schedulingKlaus Jensen2022-12-011-49/+14Star
| | | | | | | | | | | | | | | | | | Fix a potential use-after-free by removing the bottom half and enqueuing the completion directly. Fixes: 796d20681d9b ("hw/nvme: reimplement the copy command to allow aio cancellation") Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
| * hw/nvme: fix aio cancel in dsmKlaus Jensen2022-12-011-26/+8Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When the DSM operation is cancelled asynchronously, we set iocb->ret to -ECANCELED. However, the callback function only checks the return value of the completed aio, which may have completed succesfully prior to the cancellation and thus the callback ends up continuing the dsm operation instead of bailing out. Fix this. Secondly, fix a potential use-after-free by removing the bottom half and enqueuing the completion directly. Fixes: d7d1474fd85d ("hw/nvme: reimplement dsm to allow cancellation") Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
| * hw/nvme: fix aio cancel in zone resetKlaus Jensen2022-12-011-25/+11Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If the zone reset operation is cancelled but the block unmap operation completes normally, the callback will continue resetting the next zone since it neglects to check iocb->ret which will have been set to -ECANCELED. Make sure that this is checked and bail out if an error is present. Secondly, fix a potential use-after-free by removing the bottom half and enqueuing the completion directly. Fixes: 63d96e4ffd71 ("hw/nvme: reimplement zone reset to allow cancellation") Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
| * hw/nvme: fix aio cancel in flushKlaus Jensen2022-12-011-15/+6Star
| | | | | | | | | | | | | | | | | | | | | | Make sure that iocb->aiocb is NULL'ed when cancelling. Fix a potential use-after-free by removing the bottom half and enqueuing the completion directly. Fixes: 38f4ac65ac88 ("hw/nvme: reimplement flush to allow cancellation") Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
| * hw/nvme: fix aio cancel in formatKlaus Jensen2022-12-011-16/+12Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are several bugs in the async cancel code for the Format command. Firstly, cancelling a format operation neglects to set iocb->ret as well as clearing the iocb->aiocb after cancelling the underlying aiocb which causes the aio callback to ignore the cancellation. Trivial fix. Secondly, and worse, because the request is queued up for posting to the CQ in a bottom half, if the cancellation is due to the submission queue being deleted (which calls blk_aio_cancel), the req structure is deallocated in nvme_del_sq prior to the bottom half being schedulued. Fix this by simply removing the bottom half, there is no reason to defer it anyway. Fixes: 3bcf26d3d619 ("hw/nvme: reimplement format nvm to allow cancellation") Reported-by: Jonathan Derrick <jonathan.derrick@linux.dev> Reviewed-by: Keith Busch <kbusch@kernel.org> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
* | Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingStefan Hajnoczi2022-12-042-16/+21
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Fix MMX instructions for system emulators * Fix uninitialized TranslateFault after canonical address checks # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmOIa40UHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroON/wf6AuomXEtqw6OxPCKwYwnXwAA64mO0 # rN9tFw1YcrlynFkzwaGkGThQOuQen2FXBVx1NL64781oZFYU9Zq04rxH3CpZCVVq # J/POjnrHzaNeWoipiyj4kBi662FF8a6vS+l3pvwfI38jxi4oqRrPowGuqnqus5LS # Y88Q5y9u+e5MKSO+MpiH0C8/CxlKaKTIUURAr2YKYvwV5vGGVsCQ0BYAxUsfBq5S # IijzilFBgj5N1vbNnGp/Ltr1vS4xdSmfugxf+myGO45kyr9MkwYUpSqE0nKuVlHX # OdbhtOfVgifKPf5vahshILu0dZSeFKAOUuGg3gS1THydTtStjonRQA9TBA== # =ops5 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 01 Dec 2022 03:53:33 EST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: target/i386: Always completely initialize TranslateFault target/i386: allow MMX instructions with CR4.OSFXSR=0 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | target/i386: Always completely initialize TranslateFaultRichard Henderson2022-12-011-15/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In get_physical_address, the canonical address check failed to set TranslateFault.stage2, which resulted in an uninitialized read from the struct when reporting the fault in x86_cpu_tlb_fill. Adjust all error paths to use structure assignment so that the entire struct is always initialized. Reported-by: Daniel Hoffman <dhoff749@gmail.com> Fixes: 9bbcf372193a ("target/i386: Reorg GET_HPHYS") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20221201074522.178498-1-richard.henderson@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1324 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
| * | target/i386: allow MMX instructions with CR4.OSFXSR=0Paolo Bonzini2022-12-011-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | MMX state is saved/restored by FSAVE/FRSTOR so the instructions are not illegal opcodes even if CR4.OSFXSR=0. Make sure that validate_vex takes into account the prefix and only checks HF_OSFXSR_MASK in the presence of an SSE instruction. Fixes: 20581aadec5e ("target/i386: validate VEX prefixes via the instructions' exception classes", 2022-10-18) Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1350 Reported-by: Helge Konetzka (@hejko on gitlab.com) Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* | | Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu ↵Stefan Hajnoczi2022-12-0418-81/+205
|\ \ \ | |_|/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging virtio: regression fix Fixes regression with migration and vsock, as fixing that exposes some known issues in vhost user cleanup, this attempts to fix those as well. More work on vhost user is needed :) Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmOIWaEPHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRp+RQH/2PVAjD/GA3zF5F3Z07vH51c55T6tluZ85c3 # 4u66SSkF5JR1hATCujYCtrt9V0mnqhmhhm4gJH5xcsynFjjyIXd2dDrTFRpCtRgn # icXOmYCc9pCu8XsluJnWvY/5r/KEDxqmGVE8Kyhz551QjvsBkezhI9x9vhJZJLCn # Xn1XQ/3jpUcQLwasu8AxZb0IDW8WdCtonbke6xIyMzOYGR2bnRdXlDXVVG1zJ/SZ # eS3HUad71VekhfzWq0fx8yEJnfvbes9vo007y8rOGdHOcMneWGAie52W1dOBhclh # Zt56zID55t1USEwlPxkZSj7UXNbVl7Uz/XU5ElN0yTesttP4Iq0= # =ZkaX # -----END PGP SIGNATURE----- # gpg: Signature made Thu 01 Dec 2022 02:37:05 EST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: include/hw: VM state takes precedence in virtio_device_should_start hw/virtio: generalise CHR_EVENT_CLOSED handling hw/virtio: add started_vu status field to vhost-user-gpio vhost: enable vrings in vhost_dev_start() for vhost-user devices tests/qtests: override "force-legacy" for gpio virtio-mmio tests Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | include/hw: VM state takes precedence in virtio_device_should_startAlex Bennée2022-12-011-5/+18
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The VM status should always preempt the device status for these checks. This ensures the device is in the correct state when we suspend the VM prior to migrations. This restores the checks to the order they where in before the refactoring moved things around. While we are at it lets improve our documentation of the various fields involved and document the two functions. Fixes: 9f6bcfd99f (hw/virtio: move vm_running check to virtio_device_started) Fixes: 259d69c00b (hw/virtio: introduce virtio_device_should_start) Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Christian Borntraeger <borntraeger@linux.ibm.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20221130112439.2527228-6-alex.bennee@linaro.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| * | hw/virtio: generalise CHR_EVENT_CLOSED handlingAlex Bennée2022-12-014-37/+104
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ..and use for both virtio-user-blk and virtio-user-gpio. This avoids the circular close by deferring shutdown due to disconnection until a later point. virtio-user-blk already had this mechanism in place so generalise it as a vhost-user helper function and use for both blk and gpio devices. While we are at it we also fix up vhost-user-gpio to re-establish the event handler after close down so we can reconnect later. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com> Message-Id: <20221130112439.2527228-5-alex.bennee@linaro.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| * | hw/virtio: add started_vu status field to vhost-user-gpioAlex Bennée2022-12-012-7/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | As per the fix to vhost-user-blk in f5b22d06fb (vhost: recheck dev state in the vhost_migration_log routine) we really should track the connection and starting separately. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20221130112439.2527228-4-alex.bennee@linaro.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| * | vhost: enable vrings in vhost_dev_start() for vhost-user devicesStefano Garzarella2022-12-0113-31/+67
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Commit 02b61f38d3 ("hw/virtio: incorporate backend features in features") properly negotiates VHOST_USER_F_PROTOCOL_FEATURES with the vhost-user backend, but we forgot to enable vrings as specified in docs/interop/vhost-user.rst: If ``VHOST_USER_F_PROTOCOL_FEATURES`` has not been negotiated, the ring starts directly in the enabled state. If ``VHOST_USER_F_PROTOCOL_FEATURES`` has been negotiated, the ring is initialized in a disabled state and is enabled by ``VHOST_USER_SET_VRING_ENABLE`` with parameter 1. Some vhost-user front-ends already did this by calling vhost_ops.vhost_set_vring_enable() directly: - backends/cryptodev-vhost.c - hw/net/virtio-net.c - hw/virtio/vhost-user-gpio.c But most didn't do that, so we would leave the vrings disabled and some backends would not work. We observed this issue with the rust version of virtiofsd [1], which uses the event loop [2] provided by the vhost-user-backend crate where requests are not processed if vring is not enabled. Let's fix this issue by enabling the vrings in vhost_dev_start() for vhost-user front-ends that don't already do this directly. Same thing also in vhost_dev_stop() where we disable vrings. [1] https://gitlab.com/virtio-fs/virtiofsd [2] https://github.com/rust-vmm/vhost/blob/240fc2966/crates/vhost-user-backend/src/event_loop.rs#L217 Fixes: 02b61f38d3 ("hw/virtio: incorporate backend features in features") Reported-by: German Maglione <gmaglione@redhat.com> Tested-by: German Maglione <gmaglione@redhat.com> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Acked-by: Raphael Norwitz <raphael.norwitz@nutanix.com> Message-Id: <20221123131630.52020-1-sgarzare@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Message-Id: <20221130112439.2527228-3-alex.bennee@linaro.org> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
| * | tests/qtests: override "force-legacy" for gpio virtio-mmio testsAlex Bennée2022-12-011-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The GPIO device is a VIRTIO_F_VERSION_1 devices but running with a legacy MMIO interface we miss out that feature bit causing confusion. For the GPIO test force the mmio bus to support non-legacy so we can properly test it. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1333 Message-Id: <20221130112439.2527228-2-alex.bennee@linaro.org> Acked-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* | | Update VERSION for v7.2.0-rc3Stefan Hajnoczi2022-11-301-1/+1
| | | | | | | | | | | | Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | | target/arm: Set TCGCPUOps.restore_state_to_opc for v7mEvgeny Ermakov2022-11-303-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This setting got missed, breaking v7m. Fixes: 56c6c98df85c ("target/arm: Convert to tcg_ops restore_state_to_opc") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1347 Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Evgeny Ermakov <evgeny.v.ermakov@gmail.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221129204146.550394-1-richard.henderson@linaro.org>
* | | block-backend: avoid bdrv_unregister_buf() NULL pointer derefStefan Hajnoczi2022-11-301-2/+13
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | bdrv_*() APIs expect a valid BlockDriverState. Calling them with bs=NULL leads to undefined behavior. Jonathan Cameron reported this following NULL pointer dereference when a VM with a virtio-blk device and a memory-backend-file object is terminated: 1. qemu_cleanup() closes all drives, setting blk->root to NULL 2. qemu_cleanup() calls user_creatable_cleanup(), which results in a RAM block notifier callback because the memory-backend-file is destroyed. 3. blk_unregister_buf() is called by virtio-blk's BlockRamRegistrar notifier callback and undefined behavior occurs. Fixes: baf422684d73 ("virtio-blk: use BDRV_REQ_REGISTERED_BUF optimization hint") Co-authored-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Reviewed-by: Kevin Wolf <kwolf@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221121211923.1993171-1-stefanha@redhat.com>
* | | hw/display/qxl: Assert memory slot fits in preallocated MemoryRegionPhilippe Mathieu-Daudé2022-11-301-0/+1
| | | | | | | | | | | | | | | | | | Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-6-philmd@linaro.org>
* | | hw/display/qxl: Avoid buffer overrun in qxl_phys2virt (CVE-2022-4144)Philippe Mathieu-Daudé2022-11-302-5/+24
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Have qxl_get_check_slot_offset() return false if the requested buffer size does not fit within the slot memory region. Similarly qxl_phys2virt() now returns NULL in such case, and qxl_dirty_one_surface() aborts. This avoids buffer overrun in the host pointer returned by memory_region_get_ram_ptr(). Fixes: CVE-2022-4144 (out-of-bounds read) Reported-by: Wenxu Yin (@awxylitol) Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1336 Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-5-philmd@linaro.org>
* | | hw/display/qxl: Pass requested buffer size to qxl_phys2virt()Philippe Mathieu-Daudé2022-11-304-13/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently qxl_phys2virt() doesn't check for buffer overrun. In order to do so in the next commit, pass the buffer size as argument. For QXLCursor in qxl_render_cursor() -> qxl_cursor() we verify the size of the chunked data ahead, checking we can access 'sizeof(QXLCursor) + chunk->data_size' bytes. Since in the SPICE_CURSOR_TYPE_MONO case the cursor is assumed to fit in one chunk, no change are required. In SPICE_CURSOR_TYPE_ALPHA the ahead read is handled in qxl_unpack_chunks(). Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-4-philmd@linaro.org>
* | | hw/display/qxl: Document qxl_phys2virt()Philippe Mathieu-Daudé2022-11-301-0/+19
| | | | | | | | | | | | | | | | | | | | | Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-3-philmd@linaro.org>
* | | hw/display/qxl: Have qxl_log_command Return early if no log_cmd handlerPhilippe Mathieu-Daudé2022-11-301-0/+11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Only 3 command types are logged: no need to call qxl_phys2virt() for the other types. Using different cases will help to pass different structure sizes to qxl_phys2virt() in a pair of commits. Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221128202741.4945-2-philmd@linaro.org>
* | | Merge tag 'seabios-1.16.1-20221128-pull-request' of ↵Stefan Hajnoczi2022-11-2913-0/+0
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://gitlab.com/kraxel/qemu into staging [for-7.2] update seabios to bugfix release 1.16.1 # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmOEiL4ACgkQTLbY7tPo # cThzkg//Rf5haFm6D156LOn7T0jcYLtDPSGrEKyZebPGKdwRLn/Jwal8beU6DL6r # hsWCuX7wlSMeaGLYU1YepeAFBAnhwzdGgVt2knQdmR1QNfxn0lnnE5iNkJqyqafM # aMAD+UTt/DBptBh3AcFxMWwy65EKpKb0TsA8PSsudlXLHwWvUmYPSSr/jwu6C9Ei # B2MUBQH6Pi8InXi2VX1jpQKdnryuP/zBQaVFWYiOEXF1t02dMfR2Z3dSLeuCQvcd # qaljTXux3p1z0IBgHmvPFfJnc/6F+CngC+teXZkH9dio1m9kB9YMzf4HXtP/qNno # PDz9M0f2XfSpLscrJFlhHSu4X8ZgpUsHlODsOhS1YcfBVZmE+PeAZ3UFMg11aE4Q # hru1ulukSPYbeGWGe68ExgEtlH5OeLP0Won1ayXt+iCkPkWgBXmOpcI06fb5qels # iJBAERcQGF3hMl246uY3b8WhApPVysiMudjERzpWjjZ5WY+nc67YKbxk+HYqzvpU # LgH5nQyBizolz8cA/IyL8zPVYpAU8fsGnXbtFJJ3RfXi+CXnMOoPnLe+HRFCgHfQ # 3DkTT3iwvTP4THNXALbUA673PtsAJPLmXokxmKEwEbfX3AJ/ybWxWCoJ2izGLhJR # Wsa7/Z2y8Lj/QusfZ4TQYhia+nbpAbvn9x5n3JSf3Cea6jkWQlk= # =P2Xy # -----END PGP SIGNATURE----- # gpg: Signature made Mon 28 Nov 2022 05:09:02 EST # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * tag 'seabios-1.16.1-20221128-pull-request' of https://gitlab.com/kraxel/qemu: update seabios binaries to 1.16.1 update seabios source from 1.16.0 to 1.16.1 Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | | update seabios binaries to 1.16.1Gerd Hoffmann2022-11-2812-0/+0
| | | | | | | | | | | | | | | | Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | update seabios source from 1.16.0 to 1.16.1Gerd Hoffmann2022-11-281-0/+0
| | |/ | |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | git shortlog rel-1.16.0..rel-1.16.1 =================================== Gerd Hoffmann (3): malloc: use variable for ZoneHigh size malloc: use large ZoneHigh when there is enough memory virtio-blk: use larger default request size Igor Mammedov (1): acpi: parse Alias object Volker Rümelin (2): pci: refactor the pci_config_*() functions reset: force standard PCI configuration access Xiaofei Lee (1): virtio-blk: Fix incorrect type conversion in virtio_blk_op() Xuan Zhuo (2): virtio-mmio: read/write the hi 32 features for mmio virtio: finalize features before using device Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | | replay: Fix declaration of replay_read_next_clockRichard Henderson2022-11-291-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes the build with gcc 13: replay/replay-time.c:34:6: error: conflicting types for \ 'replay_read_next_clock' due to enum/integer mismatch; \ have 'void(ReplayClockKind)' [-Werror=enum-int-mismatch] 34 | void replay_read_next_clock(ReplayClockKind kind) | ^~~~~~~~~~~~~~~~~~~~~~ In file included from ../qemu/replay/replay-time.c:14: replay/replay-internal.h:139:6: note: previous declaration of \ 'replay_read_next_clock' with type 'void(unsigned int)' 139 | void replay_read_next_clock(unsigned int kind); | ^~~~~~~~~~~~~~~~~~~~~~ Fixes: 8eda206e090 ("replay: recording and replaying clock ticks") Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Wilfred Mallawa <wilfred.mallawa@wdc.com> Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221129010547.284051-1-richard.henderson@linaro.org>
* | | Add G_GNUC_PRINTF to function qemu_set_info_str and fix related issuesStefan Weil via2022-11-273-5/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | With the G_GNUC_PRINTF function attribute the compiler detects two potential insecure format strings: ../../../net/stream.c:248:31: warning: format string is not a string literal (potentially insecure) [-Wformat-security] qemu_set_info_str(&s->nc, uri); ^~~ ../../../net/stream.c:322:31: warning: format string is not a string literal (potentially insecure) [-Wformat-security] qemu_set_info_str(&s->nc, uri); ^~~ There are also two other warnings: ../../../net/socket.c:182:35: warning: zero-length gnu_printf format string [-Wformat-zero-length] 182 | qemu_set_info_str(&s->nc, ""); | ^~ ../../../net/stream.c:170:35: warning: zero-length gnu_printf format string [-Wformat-zero-length] 170 | qemu_set_info_str(&s->nc, ""); Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221126152507.283271-7-sw@weilnetz.de>
* | | MAINTAINERS: Add subprojects/libvhost-user to section "vhost"Stefan Weil via2022-11-271-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Stefan Weil <sw@weilnetz.de> [Michael agreed to act as maintainer for libvhost-user via email in https://lore.kernel.org/qemu-devel/20221123015218-mutt-send-email-mst@kernel.org/. --Stefan] Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221126152507.283271-6-sw@weilnetz.de>
* | | libvhost-user: Add format attribute to local function vu_panicStefan Weil via2022-11-271-1/+12
| | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220422070144.1043697-4-sw@weilnetz.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221126152507.283271-5-sw@weilnetz.de>
* | | libvhost-user: Fix two more format stringsStefan Weil via2022-11-271-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This fix is required for 32 bit hosts. The bug was detected by CI for arm-linux, but is also relevant for i386-linux. Reported-by: Stefan Hajnoczi <stefanha@gmail.com> Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221126152507.283271-4-sw@weilnetz.de>
* | | libvhost-user: Fix format stringsStefan Weil via2022-11-271-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | Signed-off-by: Stefan Weil <sw@weilnetz.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220422070144.1043697-3-sw@weilnetz.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221126152507.283271-3-sw@weilnetz.de>
* | | libvhost-user: Fix wrong type of argument to formatting function (reported ↵Stefan Weil via2022-11-271-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | by LGTM) Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Stefan Weil <sw@weilnetz.de> Message-Id: <20220422070144.1043697-2-sw@weilnetz.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221126152507.283271-2-sw@weilnetz.de>
* | | virtiofsd: Add `sigreturn` to the seccomp whitelistMarc Hartmayer2022-11-251-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The virtiofsd currently crashes on s390x. This is because of a `sigreturn` system call. See audit log below: type=SECCOMP msg=audit(1669382477.611:459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=system_u:system_r:virtd_t:s0-s0:c0.c1023 pid=6649 comm="virtiofsd" exe="/usr/libexec/virtiofsd" sig=31 arch=80000016 syscall=119 compat=0 ip=0x3fff15f748a code=0x80000000AUID="unset" UID="root" GID="root" ARCH=s390x SYSCALL=sigreturn Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com> Reviewed-by: German Maglione <gmaglione@redhat.com> Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20221125143946.27717-1-mhartmay@linux.ibm.com>
* | | Merge tag 'fixes-20221123-pull-request' of https://gitlab.com/kraxel/qemu ↵Stefan Hajnoczi2022-11-2312-13/+28
|\ \ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | into staging ui+usb+audio: bugfixes for 7.2 # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmN+MaYACgkQTLbY7tPo # cTiJ7A//dN/US7zHSHcgAscyjSClZRU4gHyJcnN0BoNtrOXW9lIGEnMzQBfOn2nb # 5vaL2u2+Ooz/92pEi6P2qKUxHo63P7RfXXEOhPdi+kENK3UYOzlyJmlUUUrXyu78 # W8BM/styxb1s84KmPauRFGmgCoXCZZ4IklZUaVLqLYwJUv6/BGlbxorEdeuCGev0 # LgeyZTWaWcI5jOdIaL+Hl9PKzQCyKigT3HWA8lPvs31+hvdK5RvL5mai6SD+4Mtj # JaLGqZ3N7oSo7a/LT+f0jebwg/QUV9EGkJmnF6tlGg3IM34/Mqbl+BMJjGAh3xqx # z3qks/z2baHtz59CHGVS8sxWPC+5Wh3hgkpzOJ83fCUqueS7cMXBF6fcf0y0MJqP # ne6ePE/4ZWcHnoycpZqNRDqao+Lh62PSdteAjf2yq8ZLhhm9HgP4bl/4je8tbi/I # Z6WrP4yv8l7ea5jZUbtURbe0pYKAmzMr2rwv34jJbXAn+BU5vV1/5j7jyz2UlETK # G7fiLJEUutFhYaCWhgNCE8HTgYt9V0PEjGfIJXkKHRHLd/229VSjlvdQyP/vtSLt # EzaP1JdtGZ++QEzMBY8lzrozNHaJglGBjonG9fUnJ4VSB4+J8b3KqBEXlmWL16Fx # UvV8MtOuQ6Y377ErbQJYjui6BOArV6iI5NBlbvWuc+CgA09orYs= # =m/Hx # -----END PGP SIGNATURE----- # gpg: Signature made Wed 23 Nov 2022 09:43:50 EST # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * tag 'fixes-20221123-pull-request' of https://gitlab.com/kraxel/qemu: hw/audio/intel-hda: Drop unnecessary prototype hw/audio/intel-hda: don't reset codecs twice hw/usb/hcd-xhci: Reset the XHCIState with device_cold_reset() ui/gtk: prevent ui lock up when dpy_gl_update called again before current draw event occurs hw/usb/hcd-xhci.c: spelling: tranfer gtk: disable GTK Clipboard with a new meson option Revert "usbredir: avoid queuing hello packet on snapshot restore" Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | | hw/audio/intel-hda: Drop unnecessary prototypePeter Maydell2022-11-231-2/+0Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The only use of intel_hda_reset() is after its definition, so we don't need to separately declare its prototype at the top of the file; drop the unnecessary line. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221014142632.2092404-3-peter.maydell@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | hw/audio/intel-hda: don't reset codecs twicePeter Maydell2022-11-231-3/+1Star
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the intel-hda device has a reset method which manually resets all the codecs by calling device_legacy_reset() on them. This means they get reset twice, once because child devices on a qbus get reset before the parent device's reset method is called, and then again because we're manually resetting them. Drop the manual reset call, and ensure that codecs are still reset when the guest does a reset via ICH6_GCTL_RESET by using device_cold_reset() (which resets all the devices on the qbus as well as the device itself) instead of a direct call to the reset function. This is a slight ordering change because the (only) codec reset now happens before the controller registers etc are reset, rather than once before and then once after, but the codec reset function hda_audio_reset() doesn't care. This lets us drop a use of device_legacy_reset(), which is deprecated. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20221014142632.2092404-2-peter.maydell@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | hw/usb/hcd-xhci: Reset the XHCIState with device_cold_reset()Peter Maydell2022-11-232-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Currently the hcd-xhci-pci and hcd-xhci-sysbus devices, which are mostly wrappers around the TYPE_XHCI device, which is a direct subclass of TYPE_DEVICE. Since TYPE_DEVICE devices are not on any qbus and do not get automatically reset, the wrapper devices both reset the TYPE_XHCI device in their own reset functions. However, they do this using device_legacy_reset(), which will reset the device itself but not any bus it has. Switch to device_cold_reset(), which avoids using a deprecated function and also propagates reset along any child buses. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20221014145423.2102706-1-peter.maydell@linaro.org> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | ui/gtk: prevent ui lock up when dpy_gl_update called again before current ↵Dongwon Kim2022-11-232-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | draw event occurs A warning, "qemu: warning: console: no gl-unblock within" followed by guest scanout lockup can happen if dpy_gl_update is called in a row and the second call is made before gd_draw_event scheduled by the first call is taking place. This is because draw call returns without decrementing gl_block ref count if the dmabuf was already submitted as shown below. (gd_gl_area_draw/gd_egl_draw) if (dmabuf) { if (!dmabuf->draw_submitted) { return; } else { dmabuf->draw_submitted = false; } } So it should not schedule any redundant draw event in case draw_submitted is already set in gd_egl_fluch/gd_gl_area_scanout_flush. Cc: Gerd Hoffmann <kraxel@redhat.com> Cc: Vivek Kasireddy <vivek.kasireddy@intel.com> Signed-off-by: Dongwon Kim <dongwon.kim@intel.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20221021192315.9110-1-dongwon.kim@intel.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | hw/usb/hcd-xhci.c: spelling: tranferMichael Tokarev2022-11-231-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes: effaf5a240e03020f4ae953e10b764622c3e87cc Signed-off-by: Michael Tokarev <mjt@tls.msk.ru> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Stefan Weil <sw@weilnetz.de> Message-Id: <20221105114851.306206-1-mjt@msgid.tls.msk.ru> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | gtk: disable GTK Clipboard with a new meson optionClaudio Fontana2022-11-235-1/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The GTK Clipboard implementation may cause guest hangs. Therefore implement new configure switch: --enable-gtk-clipboard, as a meson option disabled by default, which warns in the help text about the experimental nature of the feature. Regenerate the meson build options to include it. The initialization of the clipboard is gtk.c, as well as the compilation of gtk-clipboard.c are now conditional on this new option to be set. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1150 Signed-off-by: Claudio Fontana <cfontana@suse.de> Acked-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com> Message-Id: <20221121135538.14625-1-cfontana@suse.de> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
| * | | Revert "usbredir: avoid queuing hello packet on snapshot restore"Joelle van Dyne2022-11-231-2/+1Star
| |/ / | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Run state is also in RUN_STATE_PRELAUNCH while "-S" is used. This reverts commit 0631d4b448454ae8a1ab091c447e3f71ab6e088a Signed-off-by: Joelle van Dyne <j@getutm.app> Reviewed-by: Ján Tomko <jtomko@redhat.com> The original commit broke the usage of usbredir with libvirt, which starts every domain with "-S". This workaround is no longer needed because the usbredir behavior has been fixed in the meantime: https://gitlab.freedesktop.org/spice/usbredir/-/merge_requests/61 Signed-off-by: Ján Tomko <jtomko@redhat.com> Message-Id: <1689cec3eadcea87255e390cb236033aca72e168.1669193161.git.jtomko@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
* | | Merge tag 'pull-request-2022-11-23' of https://gitlab.com/thuth/qemu into ↵Stefan Hajnoczi2022-11-238-39/+55
|\ \ \ | |/ / |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | staging * Shorten the amount of text from the qos-test to avoid hitting output size limits in the gitlab CI * Update URLs of avocado tests # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmN+F6sRHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbWy8A/+PMpIwpSRnTgmvbfSBcyixdXGSXndu1ey # 0P3Q1p8XAY+5iU3EeOYqn6+4KRG5JhrJZu4UL77/TkPyJCYONH4BvmQhlIqKq44X # uoGPoNiwQkwQ0ww1nKqSi3DP7Pf4FGTMo4K7TYr9qTijWmRwDcNVVBqbNvWKmjh5 # eH1eTm9PpudnYis5snovyki4JyY3TQOuBL/Mu7IfVbpUanvkqj/wYMzkwfgNZSIs # hFIgbM2+ASXPdZ9OI/FgTEULPtc67hdDT9Gzq9wbmKoo5TrhAcNnnOAwN9eDR5Cw # AmTpp73ykjZmjlI6aPW6L8TEsiTMNk2+n7jIn7p0DLrlCkoLLT6wTwPNUF7+9NM4 # ykA3MDJ2QEnIT652TE4pZuCciDboN4zfEvD7/rgB8f09iZgSwtJJXB5aLq8zBkye # 5Tc+c/SdacTcVyKhqixSCnkVoH4XTmS+P0LuFtsbvWMRU+h451CUF1NiaK6zQq1I # vOcTCUIyfeFA6yBvPwiwN2swtGpI0Wm5GzH0DeZ86cL9pyTMFoUZcKQ5kFe956AL # BZ2/yUh6Qe/lno+qhxWzhWVLFY4n3DQbhmsA4V9LCkr93zx+AwRuSryzBrz6yXHx # eCW5/8zSaNDcYTiJCrMDpahrF/GYDou3XHp7jw+LUzKQh4II7Lj0zrgb9t+FF4Yn # StmgxYebxz4= # =mhqc # -----END PGP SIGNATURE----- # gpg: Signature made Wed 23 Nov 2022 07:52:59 EST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2022-11-23' of https://gitlab.com/thuth/qemu: tests/avocado: use new rootfs for orangepi test tests/qtest: Decrease the amount of output from the qom-test tests/avocado: Update the URLs of the advent calendar images Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | tests/avocado: use new rootfs for orangepi testAlex Bennée2022-11-231-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The old URL wasn't stable. I suspect the current URL will only be stable for a few months so maybe we need another strategy for hosting rootfs snapshots? Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20221118113309.1057790-1-alex.bennee@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | tests/qtest: Decrease the amount of output from the qom-testThomas Huth2022-11-231-3/+19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The logs in the gitlab-CI have a size constraint, and sometimes we already hit this limit. The biggest part of the log then seems to be filled by the qom-test, so we should decrease the size of the output - which can be done easily by not printing the path for each property, since the path has already been logged at the beginning of each node that we handle here. However, if we omit the path, we should make sure to not recurse into child nodes in between, so that it is clear to which node each property belongs. Thus store the children and links in a temporary list and recurse only at the end of each node, when all properties have already been printed. Message-Id: <20221121194240.149268-1-thuth@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
| * | tests/avocado: Update the URLs of the advent calendar imagesThomas Huth2022-11-237-34/+34
|/ / | | | | | | | | | | | | | | | | | | | | The qemu-advent-calendar.org server will be decommissioned soon. I've mirrored the images that we use for the QEMU CI to gitlab, so update their URLs to point to the new location. Message-Id: <20221121102436.78635-1-thuth@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
* | Update VERSION for v7.2.0-rc2Stefan Hajnoczi2022-11-231-1/+1
| | | | | | | | Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* | Merge tag 'pull-target-arm-20221122' of ↵Stefan Hajnoczi2022-11-221-5/+6
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm: * Fix broken 5-level pagetable handling * Fix debug accesses when EL2 is present # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmN8+tgZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3t+mD/sGzXb5BjKl0JeREHAh6swI # niodZz0hf67UYITIQJMBu8KiFjAowk726qkwSOJyjQ7ot1N/zy6z3X8SbHLBF8qe # xHJwVIvDADRKQ4j9y9chVof0Bg8+6274kFwcl/FR/gTFxQex+jzNmk6RzV1D5n3D # gSKYVT1DJmr/qiWdoNxfuOPsbF44+ADskyeSLKmhN7SgK3JRDSfOTYb0AwIzm4Ue # CL3rfNBkAsF6j9ygWHH0uff7ztWLZiCY1l+zXtOzzwZbrxMdSK6TCHgliNJ/9F/i # D1vLr0A+J82ubADOHsTq5dE4tyYUkz/JQLCaoQWul7q08nz4i5XLFxBFUzll+H55 # yHCIzgbt2DOVICW2bzJR9fqI11cyeXY+ftRHVcA17mBKKXLEMg2ziIQ2yw0cugdD # eaCcOLXgpLpMgCfFLDFOhZb9j0Q0TNEiKu9ZOVJrMDj5uT4HwctJ0PnPlHxaz6pC # d9CdT1+J/omN8HYvZmBF1t9y3Y1dVKO9cOEFwcT2nTOqfLXirlKH7BeP9rdH96xi # jSvixFrliUTjFGyW6AK8VoqXIx7rYK5OlWWdTnZhhERdjbVGkbPgc3O9ZYH9dJKO # lUGmXZAguMbruXjDjGijNOSY1Vf/aTfbjCoOi3NoDbDQqAh8UjXUvUWbdjKo9uF+ # CtY6fnorIekqT2mYWNfkfQ== # =Oh+/ # -----END PGP SIGNATURE----- # gpg: Signature made Tue 22 Nov 2022 11:37:44 EST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] # gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20221122' of https://git.linaro.org/people/pmaydell/qemu-arm: target/arm: Use signed quantity to represent VMSAv8-64 translation level target/arm: Don't do two-stage lookup if stage 2 is disabled Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
| * | target/arm: Use signed quantity to represent VMSAv8-64 translation levelArd Biesheuvel2022-11-221-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The LPA2 extension implements 52-bit virtual addressing for 4k and 16k translation granules, and for the former, this means an additional level of translation is needed. This means we start counting at -1 instead of 0 when doing a walk, and so 'level' is now a signed quantity, and should be typed as such. So turn it from uint32_t into int32_t. This avoids a level of -1 getting misinterpreted as being >= 3, and terminating a page table walk prematurely with a bogus output address. Cc: Peter Maydell <peter.maydell@linaro.org> Cc: Philippe Mathieu-Daudé <f4bug@amsat.org> Cc: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ard Biesheuvel <ardb@kernel.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| * | target/arm: Don't do two-stage lookup if stage 2 is disabledPeter Maydell2022-11-221-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | In get_phys_addr_with_struct(), we call get_phys_addr_twostage() if the CPU supports EL2. However, we don't check here that stage 2 is actually enabled. Instead we only check that inside get_phys_addr_twostage() to skip stage 2 translation. This means that even if stage 2 is disabled we still tell the stage 1 lookup to do its page table walks via stage 2. This works by luck for normal CPU accesses, but it breaks for debug accesses, which are used by the disassembler and also by semihosting file reads and writes, because the debug case takes a different code path inside S1_ptw_translate(). This means that setups that use semihosting for file loads are broken (a regression since 7.1, introduced in recent ptw refactoring), and that sometimes disassembly in debug logs reports "unable to read memory" rather than showing the guest insns. Fix the bug by hoisting the "is stage 2 enabled?" check up to get_phys_addr_with_struct(), so that we handle S2 disabled the same way we do the "no EL2" case, with a simple single stage lookup. Reported-by: Jens Wiklander <jens.wiklander@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20221121212404.1450382-1-peter.maydell@linaro.org