[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] e34f86: target/sh4: Mask restore of env->flag
|
From: |
Alex Bennée |
|
Subject: |
[Qemu-commits] [qemu/qemu] e34f86: target/sh4: Mask restore of env->flags from tb->flags |
|
Date: |
Mon, 24 Apr 2023 03:27:22 -0700 |
Branch: refs/heads/stable-7.2
Home: https://github.com/qemu/qemu
Commit: e34f86a2f91c39d610d58baa6f4c9ed9a5a5d791
https://github.com/qemu/qemu/commit/e34f86a2f91c39d610d58baa6f4c9ed9a5a5d791
Author: Guenter Roeck <linux@roeck-us.net>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/sh4/cpu.c
Log Message:
-----------
target/sh4: Mask restore of env->flags from tb->flags
The values in env->flags are a subset of tb->flags.
Restore only the bits that belong.
Cc: qemu-stable@nongnu.org
Fixes: ab419fd8a035 ("target/sh4: Fix TB_FLAG_UNALIGN")
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-ID: <20221212011345.GA2235238@roeck-us.net>
[rth: Reduce to only the the superh_cpu_synchronize_from_tb change]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit bc2331635ce18ff068d2bb1e493bc546e1f786e1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f16011abc161e0fa6ac2bea78aa7ebacfb173e59
https://github.com/qemu/qemu/commit/f16011abc161e0fa6ac2bea78aa7ebacfb173e59
Author: Jason Wang <jasowang@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/virtio/vhost.c
Log Message:
-----------
vhost: fix vq dirty bitmap syncing when vIOMMU is enabled
When vIOMMU is enabled, the vq->used_phys is actually the IOVA not
GPA. So we need to translate it to GPA before the syncing otherwise we
may hit the following crash since IOVA could be out of the scope of
the GPA log size. This could be noted when using virtio-IOMMU with
vhost using 1G memory.
Fixes: c471ad0e9bd46 ("vhost_net: device IOTLB support")
Cc: qemu-stable@nongnu.org
Tested-by: Lei Yang <leiyang@redhat.com>
Reported-by: Yalan Zhang <yalzhang@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20221216033552.77087-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 345cc1cbcbce2bab00abc2b88338d7d89c702d6b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5f43c7786eaec3689aff3f2ea6101c54828a7f3e
https://github.com/qemu/qemu/commit/5f43c7786eaec3689aff3f2ea6101c54828a7f3e
Author: Chenyi Qiang <chenyi.qiang@intel.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/virtio/virtio-mem.c
Log Message:
-----------
virtio-mem: Fix the bitmap index of the section offset
vmem->bitmap indexes the memory region of the virtio-mem backend at a
granularity of block_size. To calculate the index of target section offset,
the block_size should be divided instead of the bitmap_size.
Fixes: 2044969f0b ("virtio-mem: Implement RamDiscardManager interface")
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20221216062231.11181-1-chenyi.qiang@intel.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: David Hildenbrand <david@redhat.com>
(cherry picked from commit b11cf32e07a2f7ff0d171b89497381a04c9d07e0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a2093dd6fecec34079b4b0d3a7be218cfcd5b69b
https://github.com/qemu/qemu/commit/a2093dd6fecec34079b4b0d3a7be218cfcd5b69b
Author: Chenyi Qiang <chenyi.qiang@intel.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/virtio/virtio-mem.c
Log Message:
-----------
virtio-mem: Fix the iterator variable in a vmem->rdl_list loop
It should be the variable rdl2 to revert the already-notified listeners.
Fixes: 2044969f0b ("virtio-mem: Implement RamDiscardManager interface")
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20221228090312.17276-1-chenyi.qiang@intel.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: David Hildenbrand <david@redhat.com>
(cherry picked from commit 29f1b328e3b767cba2661920a8470738469b9e36)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 305c0f8c54071fd50364c01438f9979af5110c97
https://github.com/qemu/qemu/commit/305c0f8c54071fd50364c01438f9979af5110c97
Author: Alex Bennée <alex.bennee@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/arm/translate.c
Log Message:
-----------
target/arm: fix handling of HLT semihosting in system mode
The check semihosting_enabled() wants to know if the guest is
currently in user mode. Unlike the other cases the test was inverted
causing us to block semihosting calls in non-EL0 modes.
Cc: qemu-stable@nongnu.org
Fixes: 19b26317e9 (target/arm: Honour -semihosting-config userspace=on)
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 9788d4c007cbde7cda1b7a577b8b836335eb2b73)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6647b6edeaf65495bea867fc5b16c0eccde6f153
https://github.com/qemu/qemu/commit/6647b6edeaf65495bea867fc5b16c0eccde6f153
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M scripts/symlink-install-tree.py
Log Message:
-----------
meson: accept relative symlinks in "meson introspect --installed" data
When installing shared libraries, as is the case for libvfio-user.so,
Meson will include relative symbolic links in the output of
"meson introspect --installed":
{
"libvfio-user.so": "/usr/local/lib64/libvfio-user.so",
...
}
In the case of scripts/symlink-install-tree.py, this will
be a symbolic link to a symbolic link but, in any case, there is
no issue in creating it.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit f32eb0021a85efaca97f69b0e9201737562a8e4f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e05827b632679ec632896cf354d7e8d5b8b50cdc
https://github.com/qemu/qemu/commit/e05827b632679ec632896cf354d7e8d5b8b50cdc
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/riscv/translate.c
M tests/tcg/Makefile.target
M tests/tcg/riscv64/Makefile.target
A tests/tcg/riscv64/test-noc.S
Log Message:
-----------
target/riscv: Set pc_succ_insn for !rvc illegal insn
Failure to set pc_succ_insn may result in a TB covering zero bytes,
which triggers an assert within the code generator.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1224
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20221203175744.151365-1-richard.henderson@linaro.org>
[ Changes by AF:
- Add missing run-plugin-test-noc-% line
]
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit ec2918b467228e7634f1dd5f35033ad3021b6ef7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6a3aa014c54535d0ac67516b10ea17778bbafffd
https://github.com/qemu/qemu/commit/6a3aa014c54535d0ac67516b10ea17778bbafffd
Author: Laszlo Ersek <lersek@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/acpi/cpu_hotplug.c
Log Message:
-----------
acpi: cpuhp: fix guest-visible maximum access size to the legacy reg block
The modern ACPI CPU hotplug interface was introduced in the following
series (aa1dd39ca307..679dd1a957df), released in v2.7.0:
1 abd49bc2ed2f docs: update ACPI CPU hotplug spec with new protocol
2 16bcab97eb9f pc: piix4/ich9: add 'cpu-hotplug-legacy' property
3 5e1b5d93887b acpi: cpuhp: add CPU devices AML with _STA method
4 ac35f13ba8f8 pc: acpi: introduce AcpiDeviceIfClass.madt_cpu hook
5 d2238cb6781d acpi: cpuhp: implement hot-add parts of CPU hotplug
interface
6 8872c25a26cc acpi: cpuhp: implement hot-remove parts of CPU hotplug
interface
7 76623d00ae57 acpi: cpuhp: add cpu._OST handling
8 679dd1a957df pc: use new CPU hotplug interface since 2.7 machine type
Before patch#1, "docs/specs/acpi_cpu_hotplug.txt" only specified 1-byte
accesses for the hotplug register block. Patch#1 preserved the same
restriction for the legacy register block, but:
- it specified DWORD accesses for some of the modern registers,
- in particular, the switch from the legacy block to the modern block
would require a DWORD write to the *legacy* block.
The latter functionality was then implemented in cpu_status_write()
[hw/acpi/cpu_hotplug.c], in patch#8.
Unfortunately, all DWORD accesses depended on a dormant bug: the one
introduced in earlier commit a014ed07bd5a ("memory: accept mismatching
sizes in memory_region_access_valid", 2013-05-29); first released in
v1.6.0. Due to commit a014ed07bd5a, the DWORD accesses to the *legacy*
CPU hotplug register block would work in spite of the above series *not*
relaxing "valid.max_access_size = 1" in "hw/acpi/cpu_hotplug.c":
> static const MemoryRegionOps AcpiCpuHotplug_ops = {
> .read = cpu_status_read,
> .write = cpu_status_write,
> .endianness = DEVICE_LITTLE_ENDIAN,
> .valid = {
> .min_access_size = 1,
> .max_access_size = 1,
> },
> };
Later, in commits e6d0c3ce6895 ("acpi: cpuhp: introduce 'Command data 2'
field", 2020-01-22) and ae340aa3d256 ("acpi: cpuhp: spec: add typical
usecases", 2020-01-22), first released in v5.0.0, the modern CPU hotplug
interface (including the documentation) was extended with another DWORD
*read* access, namely to the "Command data 2" register, which would be
important for the guest to confirm whether it managed to switch the
register block from legacy to modern.
This functionality too silently depended on the bug from commit
a014ed07bd5a.
In commit 5d971f9e6725 ('memory: Revert "memory: accept mismatching sizes
in memory_region_access_valid"', 2020-06-26), first released in v5.1.0,
the bug from commit a014ed07bd5a was fixed (the commit was reverted).
That swiftly exposed the bug in "AcpiCpuHotplug_ops", still present from
the v2.7.0 series quoted at the top -- namely the fact that
"valid.max_access_size = 1" didn't match what the guest was supposed to
do, according to the spec ("docs/specs/acpi_cpu_hotplug.txt").
The symptom is that the "modern interface negotiation protocol"
described in commit ae340aa3d256:
> + Use following steps to detect and enable modern CPU hotplug interface:
> + 1. Store 0x0 to the 'CPU selector' register,
> + attempting to switch to modern mode
> + 2. Store 0x0 to the 'CPU selector' register,
> + to ensure valid selector value
> + 3. Store 0x0 to the 'Command field' register,
> + 4. Read the 'Command data 2' register.
> + If read value is 0x0, the modern interface is enabled.
> + Otherwise legacy or no CPU hotplug interface available
falls apart for the guest: steps 1 and 2 are lost, because they are DWORD
writes; so no switching happens. Step 3 (a single-byte write) is not
lost, but it has no effect; see the condition in cpu_status_write() in
patch#8. And step 4 *misleads* the guest into thinking that the switch
worked: the DWORD read is lost again -- it returns zero to the guest
without ever reaching the device model, so the guest never learns the
switch didn't work.
This means that guest behavior centered on the "Command data 2" register
worked *only* in the v5.0.0 release; it got effectively regressed in
v5.1.0.
To make things *even more* complicated, the breakage was (and remains, as
of today) visible with TCG acceleration only. Commit 5d971f9e6725 makes
no difference with KVM acceleration -- the DWORD accesses still work,
despite "valid.max_access_size = 1".
As commit 5d971f9e6725 suggests, fix the problem by raising
"valid.max_access_size" to 4 -- the spec now clearly instructs the guest
to perform DWORD accesses to the legacy register block too, for enabling
(and verifying!) the modern block. In order to keep compatibility for the
device model implementation though, set "impl.max_access_size = 1", so
that wide accesses be split before they reach the legacy read/write
handlers, like they always have been on KVM, and like they were on TCG
before 5d971f9e6725 (v5.1.0).
Tested with:
- OVMF IA32 + qemu-system-i386, CPU hotplug/hot-unplug with SMM,
intermixed with ACPI S3 suspend/resume, using KVM accel
(regression-test);
- OVMF IA32X64 + qemu-system-x86_64, CPU hotplug/hot-unplug with SMM,
intermixed with ACPI S3 suspend/resume, using KVM accel
(regression-test);
- OVMF IA32 + qemu-system-i386, SMM enabled, using TCG accel; verified the
register block switch and the present/possible CPU counting through the
modern hotplug interface, during OVMF boot (bugfix test);
- I do not have any testcase (guest payload) for regression-testing CPU
hotplug through the *legacy* CPU hotplug register block.
Cc: "Michael S. Tsirkin" <mst@redhat.com>
Cc: Ani Sinha <ani@anisinha.ca>
Cc: Ard Biesheuvel <ardb@kernel.org>
Cc: Igor Mammedov <imammedo@redhat.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <philmd@linaro.org>
Cc: qemu-stable@nongnu.org
Ref: "IO port write width clamping differs between TCG and KVM"
Link:
http://mid.mail-archive.com/aaedee84-d3ed-a4f9-21e7-d221a28d1683@redhat.com
Link: https://lists.gnu.org/archive/html/qemu-devel/2023-01/msg00199.html
Reported-by: Ard Biesheuvel <ardb@kernel.org>
Signed-off-by: Laszlo Ersek <lersek@redhat.com>
Tested-by: Ard Biesheuvel <ardb@kernel.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230105161804.82486-1-lersek@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit dab30fbef3896bb652a09d46c37d3f55657cbcbb)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9d86da9e07d02362bca4d21cca3ebf8af4f32522
https://github.com/qemu/qemu/commit/9d86da9e07d02362bca4d21cca3ebf8af4f32522
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: fix missing endian conversions for doorbell buffers
The eventidx and doorbell value are not handling endianness correctly.
Fix this.
Fixes: 3f7fe8de3d49 ("hw/nvme: Implement shadow doorbell buffer support")
Cc: qemu-stable@nongnu.org
Reported-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit 2fda0726e5149e032acfa5fe442db56cd6433c4c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Conflicts: hw/nvme/ctrl.c
Commit: 4e98327e1480399beeb57fab618f2495b8ba2d2c
https://github.com/qemu/qemu/commit/4e98327e1480399beeb57fab618f2495b8ba2d2c
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: fix missing cq eventidx update
Prior to reading the shadow doorbell cq head, we have to update the
eventidx. Otherwise, we risk that the driver will skip an mmio doorbell
write. This happens on riscv64, as reported by Guenter.
Adding the missing update to the cq eventidx fixes the issue.
Fixes: 3f7fe8de3d49 ("hw/nvme: Implement shadow doorbell buffer support")
Cc: qemu-stable@nongnu.org
Cc: qemu-riscv@nongnu.org
Reported-by: Guenter Roeck <linux@roeck-us.net>
Reviewed-by: Keith Busch <kbusch@kernel.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit fa5db2aa168bdc0f15c269b6212ef47632fab8ba)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f549ee8c258cc599024cd38126da206352d18c7b
https://github.com/qemu/qemu/commit/f549ee8c258cc599024cd38126da206352d18c7b
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M configure
Log Message:
-----------
configure: fix GLIB_VERSION for cross-compilation
configure uses "pkg-config" directly so that GLIB_VERSION is always based
on host glib version. To correctly handle cross-compilation it should use
"$pkg_config" and take GLIB_VERSION from the cross-compiled glib.
Reported-by: Валентин <val15032008@mail.ru>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1414
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit acedc9a660f83b362a1dec4b699e85d5dd82a067)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: de605876ebda47fc56298576b13acbdfc55732fc
https://github.com/qemu/qemu/commit/de605876ebda47fc56298576b13acbdfc55732fc
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/arm/sve_helper.c
Log Message:
-----------
target/arm: Fix sve_probe_page
Don't dereference CPUTLBEntryFull until we verify that
the page is valid. Move the other user-only info field
updates after the valid check to match.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1412
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230104190056.305143-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit ce848378b999214777fa984a8a0a3e3deb1cf687)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c3ea5ef558f34cc0bf9f1e4208d43970acabfbef
https://github.com/qemu/qemu/commit/c3ea5ef558f34cc0bf9f1e4208d43970acabfbef
Author: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: allow writes to SCR_EL3.HXEn bit when FEAT_HCX is enabled
ARM trusted firmware, when built with FEAT_HCX support, sets SCR_EL3.HXEn bit
to allow EL2 to modify HCRX_EL2 register without trapping it in EL3. Qemu
uses a valid mask to clear unsupported SCR_EL3 bits when emulating SCR_EL3
write, and that mask doesn't include SCR_EL3.HXEn bit even if FEAT_HCX is
enabled and exposed to the guest. As a result EL3 writes of that bit are
ignored.
Cc: qemu-stable@nongnu.org
Signed-off-by: Evgeny Iakovlev <eiakovlev@linux.microsoft.com>
Message-id: 20230105221251.17896-4-eiakovlev@linux.microsoft.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 08899b5c68a55a3780d707e2464073c8f2670d31)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 75ecd0872ff264ebc84d64510e2eab6f951227ab
https://github.com/qemu/qemu/commit/75ecd0872ff264ebc84d64510e2eab6f951227ab
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/arm/ptw.c
Log Message:
-----------
target/arm: Fix in_debug path in S1_ptw_translate
During the conversion, the test against get_phys_addr_lpae got inverted,
meaning that successful translations went to the 'failed' label.
Cc: qemu-stable@nongnu.org
Fixes: f3639a64f60 ("target/arm: Use softmmu tlbs for page table walking")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1417
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230114054605.2977022-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4a1103afb16efa64600ef0c2b03afe60f689fdc9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f759e330002777e9a4a7a3a600aad322733125fc
https://github.com/qemu/qemu/commit/f759e330002777e9a4a7a3a600aad322733125fc
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/arm/ptw.c
Log Message:
-----------
target/arm: Fix physical address resolution for Stage2
Conversion to probe_access_full missed applying the page offset.
Cc: qemu-stable@nongnu.org
Reported-by: Sid Manning <sidneym@quicinc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20230126233134.103193-1-richard.henderson@linaro.org
Fixes: f3639a64f602 ("target/arm: Use softmmu tlbs for page table walking")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 9d2617ac7d3139d870ba14204aedd74395990192)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ee2ec0ac52a315c8b4e9991b4523abd0c62d24d7
https://github.com/qemu/qemu/commit/ee2ec0ac52a315c8b4e9991b4523abd0c62d24d7
Author: David Hildenbrand <david@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M migration/ram.c
Log Message:
-----------
migration/ram: Fix error handling in ram_write_tracking_start()
If something goes wrong during uffd_change_protection(), we would miss
to unregister uffd-wp and not release our reference. Fix it by
performing the uffd_change_protection(true) last.
Note that a uffd_change_protection(false) on the recovery path without a
prior uffd_change_protection(false) is fine.
Fixes: 278e2f551a09 ("migration: support UFFD write fault processing in
ram_save_iterate()")
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 72ef3a370836aa07261ad7aaeea27ed5cbcee342)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: eca533b60a44796143133eeb30fe61a8c9d429e9
https://github.com/qemu/qemu/commit/eca533b60a44796143133eeb30fe61a8c9d429e9
Author: David Hildenbrand <david@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M migration/ram.c
Log Message:
-----------
migration/ram: Fix populate_read_range()
Unfortunately, commit f7b9dcfbcf44 broke populate_read_range(): the loop
end condition is very wrong, resulting in that function not populating the
full range. Lets' fix that.
Fixes: f7b9dcfbcf44 ("migration/ram: Factor out populating pages readable in
ram_block_populate_pages()")
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 5f19a4491941fdc5c5b50ce4ade6ffffe0f591b4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6e0c9109046d4cec3d1c277f4bf54602c3fc1ba6
https://github.com/qemu/qemu/commit/6e0c9109046d4cec3d1c277f4bf54602c3fc1ba6
Author: Kevin Wolf <kwolf@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M block/qcow2-bitmap.c
Log Message:
-----------
qcow2: Fix theoretical corruption in store_bitmap() error path
In order to write the bitmap table to the image file, it is converted to
big endian. If the write fails, it is passed to clear_bitmap_table() to
free all of the clusters it had allocated before. However, if we don't
convert it back to native endianness first, we'll free things at a wrong
offset.
In practical terms, the offsets will be so high that we won't actually
free any allocated clusters, but just run into an error, but in theory
this can cause image corruption.
Cc: qemu-stable@nongnu.org
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20230112191454.169353-2-kwolf@redhat.com>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit b03dd9613bcf8fe948581b2b3585510cb525c382)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2c0fdb4ed3a122b29462880f4f4c28335d6935ff
https://github.com/qemu/qemu/commit/2c0fdb4ed3a122b29462880f4f4c28335d6935ff
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M block/io.c
Log Message:
-----------
block: fix detect-zeroes= with BDRV_REQ_REGISTERED_BUF
When a write request is converted into a write zeroes request by the
detect-zeroes= feature, it is no longer associated with an I/O buffer.
The BDRV_REQ_REGISTERED_BUF flag doesn't make sense without an I/O
buffer and must be cleared because bdrv_co_do_pwrite_zeroes() fails with
-EINVAL when it's set.
Fiona Ebner <f.ebner@proxmox.com> bisected and diagnosed this QEMU 7.2
regression where writes containing zeroes to a blockdev with
discard=unmap,detect-zeroes=unmap fail.
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/1404
Fixes: e8b6535533be ("block: add BDRV_REQ_REGISTERED_BUF request flag")
Tested-by: Fiona Ebner <f.ebner@proxmox.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230207203719.242926-2-stefanha@redhat.com>
(cherry picked from commit 3c5867156eb81c7c71611d078b2c5c2c863f884a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 93ff84d4c0b78ece4dba688cf2d2db6e1a3945f4
https://github.com/qemu/qemu/commit/93ff84d4c0b78ece4dba688cf2d2db6e1a3945f4
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M tests/tcg/i386/test-i386-bmi2.c
Log Message:
-----------
tests/tcg/i386: Introduce and use reg_t consistently
Define reg_t based on the actual register width.
Define the inlines using that type. This will allow
input registers to 32-bit insns to be set to 64-bit
values on x86-64, which allows testing various edge cases.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230114230542.3116013-2-richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 5d62d6649cd367b5b4a3676e7514d2f9ca86cb03)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8d3c9fc4392cebe8cf19487d88ce1c68372b6a07
https://github.com/qemu/qemu/commit/8d3c9fc4392cebe8cf19487d88ce1c68372b6a07
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/i386/tcg/emit.c.inc
M tests/tcg/i386/test-i386-bmi2.c
Log Message:
-----------
target/i386: Fix BEXTR instruction
There were two problems here: not limiting the input to operand bits,
and not correctly handling large extraction length.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1372
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230114230542.3116013-3-richard.henderson@linaro.org>
Cc: qemu-stable@nongnu.org
Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to
new decoder", 2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b14c0098975264ed03144f145bca0179a6763a07)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6809dbc5c52f66d2d2ff9030a3d739e50ef3d9c8
https://github.com/qemu/qemu/commit/6809dbc5c52f66d2d2ff9030a3d739e50ef3d9c8
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/i386/tcg/emit.c.inc
Log Message:
-----------
target/i386: Fix C flag for BLSI, BLSMSK, BLSR
We forgot to set cc_src, which is used for computing C.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1370
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230114180601.2993644-1-richard.henderson@linaro.org>
Cc: qemu-stable@nongnu.org
Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to
new decoder", 2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 99282098dc74c2055bde5652bde6cf0067d0c370)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c45d10f6557b4fdae3e97f1326429bb85f5a8717
https://github.com/qemu/qemu/commit/c45d10f6557b4fdae3e97f1326429bb85f5a8717
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/i386/tcg/emit.c.inc
M tests/tcg/i386/Makefile.target
A tests/tcg/i386/test-i386-adcox.c
Log Message:
-----------
target/i386: fix ADOX followed by ADCX
When ADCX is followed by ADOX or vice versa, the second instruction's
carry comes from EFLAGS and the condition codes use the CC_OP_ADCOX
operation. Retrieving the carry from EFLAGS is handled by this bit
of gen_ADCOX:
tcg_gen_extract_tl(carry_in, cpu_cc_src,
ctz32(cc_op == CC_OP_ADCX ? CC_C : CC_O), 1);
Unfortunately, in this case cc_op has been overwritten by the previous
"if" statement to CC_OP_ADCOX. This works by chance when the first
instruction is ADCX; however, if the first instruction is ADOX,
ADCX will incorrectly take its carry from OF instead of CF.
Fix by moving the computation of the new cc_op at the end of the function.
The included exhaustive test case fails without this patch and passes
afterwards.
Because ADCX/ADOX need not be invoked through the VEX prefix, this
regression bisects to commit 16fc5726a6e2 ("target/i386: reimplement
0x0f 0x38, add AVX", 2022-10-18). However, the mistake happened a
little earlier, when BMI instructions were rewritten using the new
decoder framework.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1471
Reported-by: Paul Jolly <https://gitlab.com/myitcv>
Fixes: 1d0b926150e5 ("target/i386: move scalar 0F 38 and 0F 3A instruction to
new decoder", 2022-10-18)
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 60c7dd22e1383754d5f150bc9f7c2785c662a7b6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f163cf6be4b7b51f7327d264ea2572f8b495d287
https://github.com/qemu/qemu/commit/f163cf6be4b7b51f7327d264ea2572f8b495d287
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M target/i386/tcg/emit.c.inc
M tests/tcg/i386/test-i386-bmi2.c
Log Message:
-----------
target/i386: Fix BZHI instruction
We did not correctly handle N >= operand size.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1374
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230114233206.3118472-1-richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 9ad2ba6e8e7fc195d0dd0b76ab38bd2fceb1bdd4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 856a67cadea901221c69fb4251c038389a5d4571
https://github.com/qemu/qemu/commit/856a67cadea901221c69fb4251c038389a5d4571
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M block/iscsi.c
Log Message:
-----------
block/iscsi: fix double-free on BUSY or similar statuses
Commit 8c460269aa77 ("iscsi: base all handling of check condition on
scsi_sense_to_errno", 2019-07-15) removed a "goto out" so that the
same coroutine is re-entered twice; once from iscsi_co_generic_cb,
once from the timer callback iscsi_retry_timer_expired. This can
cause a crash.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1378
Reported-by: Grzegorz Zdanowski <https://gitlab.com/kiler129>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 5080152e2ef6cde7aa692e29880c62bd54acb750)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1ca37b7ef63bbc929d7b10a4c62d65b2268c7548
https://github.com/qemu/qemu/commit/1ca37b7ef63bbc929d7b10a4c62d65b2268c7548
Author: Julia Suvorova <jusual@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/smbios/smbios.c
Log Message:
-----------
hw/smbios: fix field corruption in type 4 table
Since table type 4 of SMBIOS version 2.6 is shorter than 3.0, the
strings which follow immediately after the struct fields have been
overwritten by unconditional filling of later fields such as core_count2.
Make these fields dependent on the SMBIOS version.
Fixes: 05e27d74c7 ("hw/smbios: add core_count2 to smbios table type 4")
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2169904
Signed-off-by: Julia Suvorova <jusual@redhat.com>
Message-Id: <20230223125747.254914-1-jusual@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 60d09b8dc7dd4256d664ad680795cb1327805b2b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 538c8180c31bd18692bc7aae970e3c646d327477
https://github.com/qemu/qemu/commit/538c8180c31bd18692bc7aae970e3c646d327477
Author: Michael S. Tsirkin <mst@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/i386/x86.c
Log Message:
-----------
Revert "x86: do not re-randomize RNG seed on snapshot load"
This reverts commit 14b29fea742034186403914b4d013d0e83f19e78.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: 14b29fea74 ("x86: do not re-randomize RNG seed on snapshot load")
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit ef82d893de6d5bc0023026e636eae0f9a3e319dd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 851de2751fa9b60a57d16367b9f20178bb32cc79
https://github.com/qemu/qemu/commit/851de2751fa9b60a57d16367b9f20178bb32cc79
Author: Michael S. Tsirkin <mst@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/i386/x86.c
Log Message:
-----------
Revert "x86: re-initialize RNG seed when selecting kernel"
This reverts commit cc63374a5a7c240b7d3be734ef589dabbefc7527.
Fixes: cc63374a5a ("x86: re-initialize RNG seed when selecting kernel")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit b4bfa0a31d86caf89223e10e701c5b00df369b37)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8faaaf1bcdd1864ee2000135217ea8fc1e293347
https://github.com/qemu/qemu/commit/8faaaf1bcdd1864ee2000135217ea8fc1e293347
Author: Michael S. Tsirkin <mst@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/i386/x86.c
Log Message:
-----------
Revert "x86: reinitialize RNG seed on system reboot"
This reverts commit 763a2828bf313ed55878b09759dc435355035f2e.
Fixes: 763a2828bf ("x86: reinitialize RNG seed on system reboot")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit fdc27ced04160904af1f290b561eded73abb8f1d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 814c0b185dbc55fe73d1887aac791b25f4e499d4
https://github.com/qemu/qemu/commit/814c0b185dbc55fe73d1887aac791b25f4e499d4
Author: Michael S. Tsirkin <mst@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/i386/x86.c
Log Message:
-----------
Revert "x86: use typedef for SetupData struct"
This reverts commit eebb38a5633a77f5fa79d6486d5b2fcf8fbe3c07.
Fixes: eebb38a563 ("x86: use typedef for SetupData struct")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit ea96a784773259d469f3f2465f09e04eabb80a66)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 99fb11df6f69a10b8b1be0b3bc2bb08e6bbd84b6
https://github.com/qemu/qemu/commit/99fb11df6f69a10b8b1be0b3bc2bb08e6bbd84b6
Author: Michael S. Tsirkin <mst@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/i386/x86.c
M hw/nvram/fw_cfg.c
M include/hw/nvram/fw_cfg.h
Log Message:
-----------
Revert "x86: return modified setup_data only if read as memory, not as file"
This reverts commit e935b735085dfa61d8e6d276b6f9e7687796a3c7.
Fixes: e935b73508 ("x86: return modified setup_data only if read as memory, not
as file")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit ae80d81cfa865cbe443543679e013e7fa5fcd12c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b3f36e52ac1d0fa47007c0b33dfd63c809afc7fd
https://github.com/qemu/qemu/commit/b3f36e52ac1d0fa47007c0b33dfd63c809afc7fd
Author: Michael S. Tsirkin <mst@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/i386/microvm.c
M hw/i386/pc.c
M hw/i386/pc_piix.c
M hw/i386/pc_q35.c
M hw/i386/x86.c
M include/hw/i386/pc.h
M include/hw/i386/x86.h
Log Message:
-----------
Revert "hw/i386: pass RNG seed via setup_data entry"
This reverts commit 67f7e426e53833a5db75b0d813e8d537b8a75bd2.
Additionally to the automatic revert, I went over the code
and dropped all mentions of legacy_no_rng_seed manually,
effectively reverting a combination of 2 additional commits:
commit ffe2d2382e5f1aae1abc4081af407905ef380311
Author: Jason A. Donenfeld <Jason@zx2c4.com>
Date: Wed Sep 21 11:31:34 2022 +0200
x86: re-enable rng seeding via SetupData
commit 3824e25db1a84fadc50b88dfbe27047aa2f7f85d
Author: Gerd Hoffmann <kraxel@redhat.com>
Date: Wed Aug 17 10:39:40 2022 +0200
x86: disable rng seeding via setup_data
Fixes: 67f7e426e5 ("hw/i386: pass RNG seed via setup_data entry")
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Nathan Chancellor <nathan@kernel.org>
Tested-by: Dov Murik <dovmurik@linux.ibm.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 167f4873580d3729565044cda73c3e20997950f2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Mjt: this required manual edit for stable-7.2
Commit: fd4bf2632c8cab171949dfe07c91fbb59bf8f416
https://github.com/qemu/qemu/commit/fd4bf2632c8cab171949dfe07c91fbb59bf8f416
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/virtio/vhost-user-gpio.c
M include/hw/virtio/vhost-user-gpio.h
Log Message:
-----------
vhost-user-gpio: Configure vhost_dev when connecting
vhost_dev_cleanup(), called from vu_gpio_disconnect(), clears vhost_dev
so vhost-user-gpio must set the members of vhost_dev each time
connecting.
do_vhost_user_cleanup() should also acquire the pointer to vqs directly
from VHostUserGPIO instead of referring to vhost_dev as it can be called
after vhost_dev_cleanup().
Fixes: 27ba7b027f ("hw/virtio: add boilerplate for vhost-user-gpio device")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20230130140320.77999-1-akihiko.odaki@daynix.com>
Reviewed-by: Viresh Kumar <viresh.kumar@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit daae36c13abc73cf1055abc2d33cb71cc5d34310)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b5be595c62ea6cfe36d73a29e274b78bca704c81
https://github.com/qemu/qemu/commit/b5be595c62ea6cfe36d73a29e274b78bca704c81
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/virtio/vhost-user-i2c.c
Log Message:
-----------
vhost-user-i2c: Back up vqs before cleaning up vhost_dev
vhost_dev_cleanup() clears vhost_dev so back up its vqs member to free
the memory pointed by the member.
Fixes: 7221d3b634 ("hw/virtio: add boilerplate for vhost-user-i2c device")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20230130140435.78049-1-akihiko.odaki@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 0126793bee853e7c134627f51d2de5428a612e99)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b8db116da19f39285347adc1438df200b2db61e5
https://github.com/qemu/qemu/commit/b8db116da19f39285347adc1438df200b2db61e5
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/virtio/vhost-user-rng.c
Log Message:
-----------
vhost-user-rng: Back up vqs before cleaning up vhost_dev
vhost_dev_cleanup() clears vhost_dev so back up its vqs member to free
the memory pointed by the member.
Fixes: 821d28b88f ("vhost-user-rng: Add vhost-user-rng implementation")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20230130140516.78078-1-akihiko.odaki@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit f0dac71596d4b87a1a77d1f4efb6a6adb4730d7b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5a1c74097e858ce67cbdf58c885de7bf1fe84abd
https://github.com/qemu/qemu/commit/5a1c74097e858ce67cbdf58c885de7bf1fe84abd
Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/core/machine.c
Log Message:
-----------
virtio-rng-pci: fix migration compat for vectors
Fixup the migration compatibility for existing machine types
so that they do not enable msi-x.
Symptom:
(qemu) qemu: get_pci_config_device: Bad config data: i=0x34 read: 84 device: 98
cmask: ff wmask: 0 w1cmask:0
qemu: Failed to load PCIDevice:config
qemu: Failed to load virtio-rng:virtio
qemu: error while loading state for instance 0x0 of device
'0000:00:03.0/virtio-rng'
qemu: load of migration failed: Invalid argument
Note: This fix will break migration from 7.2->7.2-fixed with this patch
bz: https://bugzilla.redhat.com/show_bug.cgi?id=2155749
Fixes: 9ea02e8f1 ("virtio-rng-pci: Allow setting nvectors, so we can use MSI-X")
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20230109105809.163975-1-dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Acked-by: David Daney <david.daney@fungible.com>
Fixes: 9ea02e8f1 ("virtio-rng-pci: Allow setting nvectors, so we can use
MSI-X")<br>
Signed-off-by: Dr. David Alan Gilbert <<a href="mailto:dgilbert@redhat.com";
target="_blank">dgilbert@redhat.com</a>><br>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit bad9c5a5166fd5e3a892b7b0477cf2f4bd3a959a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0546b42bce213c12e41b3af40738c08a8bbef23a
https://github.com/qemu/qemu/commit/0546b42bce213c12e41b3af40738c08a8bbef23a
Author: Dr. David Alan Gilbert <dgilbert@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/core/machine.c
Log Message:
-----------
virtio-rng-pci: fix transitional migration compat for vectors
In bad9c5a516 ("virtio-rng-pci: fix migration compat for vectors") I
fixed the virtio-rng-pci migration compatibility, but it was discovered
that we also need to fix the other aliases of the device for the
transitional cases.
Fixes: 9ea02e8f1 ('virtio-rng-pci: Allow setting nvectors, so we can use MSI-X')
bz: https://bugzilla.redhat.com/show_bug.cgi?id=2162569
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20230207174944.138255-1-dgilbert@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 62bdb8871512076841f4464f7e26efdc7783f78d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c21a2456b6d35813dfb196d9079094cc4801b2c0
https://github.com/qemu/qemu/commit/c21a2456b6d35813dfb196d9079094cc4801b2c0
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/timer/hpet.c
Log Message:
-----------
hw/timer/hpet: Fix expiration time overflow
The expiration time provided for timer_mod() can overflow if a
ridiculously large value is set to the comparator register. The
resulting value can represent a past time after rounded, forcing the
timer to fire immediately. If the timer is configured as periodic, it
will rearm the timer again, and form an endless loop.
Check if the expiration value will overflow, and if it will, stop the
timer instead of rearming the timer with the overflowed time.
This bug was found by Alexander Bulekov when fuzzing igb, a new
network device emulation:
https://patchew.org/QEMU/20230129053316.1071513-1-alxndr@bu.edu/
The fixed test case is:
fuzz/crash_2d7036941dcda1ad4380bb8a9174ed0c949bcefd
Fixes: 16b29ae180 ("Add HPET emulation to qemu (Beth Kon)")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20230131030037.18856-1-akihiko.odaki@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 37d2bcbc2a4e9c2e9061bec72a32c7e49b9f81ec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e2672ec498f07957f527484ab4c4d20c8cfde7d9
https://github.com/qemu/qemu/commit/e2672ec498f07957f527484ab4c4d20c8cfde7d9
Author: Eugenio Pérez <eperezma@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/virtio/vhost-vdpa.c
Log Message:
-----------
vdpa: stop all svq on device deletion
Not stopping them leave the device in a bad state when virtio-net
fronted device is unplugged with device_del monitor command.
This is not triggable in regular poweroff or qemu forces shutdown
because cleanup is called right after vhost_vdpa_dev_start(false). But
devices hot unplug does not call vdpa device cleanups. This lead to all
the vhost_vdpa devices without stop the SVQ but the last.
Fix it and clean the code, making it symmetric with
vhost_vdpa_svqs_start.
Fixes: dff4426fa656 ("vhost: Add Shadow VirtQueue kick forwarding capabilities")
Reported-by: Lei Yang <leiyang@redhat.com>
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230209170004.899472-1-eperezma@redhat.com>
Tested-by: Laurent Vivier <lvivier@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 2e1a9de96b487cf818a22d681cad8d3f5d18dcca)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Mjt: this required manual edit for stable-7.2
Commit: a7485cdca768b195dd062b326aa4791c3fefeffd
https://github.com/qemu/qemu/commit/a7485cdca768b195dd062b326aa4791c3fefeffd
Author: Carlos López <clopez@suse.de>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/virtio/vhost-shadow-virtqueue.c
Log Message:
-----------
vhost: avoid a potential use of an uninitialized variable in vhost_svq_poll()
In vhost_svq_poll(), if vhost_svq_get_buf() fails due to a device
providing invalid descriptors, len is left uninitialized and returned
to the caller, potentally leaking stack data or causing undefined
behavior.
Fix this by initializing len to 0.
Found with GCC 13 and -fanalyzer (abridged):
../hw/virtio/vhost-shadow-virtqueue.c: In function ‘vhost_svq_poll’:
../hw/virtio/vhost-shadow-virtqueue.c:538:12: warning: use of uninitialized
value ‘len’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value]
538 | return len;
| ^~~
‘vhost_svq_poll’: events 1-4
|
| 522 | size_t vhost_svq_poll(VhostShadowVirtqueue *svq)
| | ^~~~~~~~~~~~~~
| | |
| | (1) entry to ‘vhost_svq_poll’
|......
| 525 | uint32_t len;
| | ~~~
| | |
| | (2) region created on stack here
| | (3) capacity: 4 bytes
|......
| 528 | if (vhost_svq_more_used(svq)) {
| | ~
| | |
| | (4) inlined call to ‘vhost_svq_more_used’ from
‘vhost_svq_poll’
(...)
| 528 | if (vhost_svq_more_used(svq)) {
| | ^~~~~~~~~~~~~~~~~~~~~~~~~
| | ||
| | |(8) ...to here
| | (7) following ‘true’ branch...
|......
| 537 | vhost_svq_get_buf(svq, &len);
| | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (9) calling ‘vhost_svq_get_buf’ from ‘vhost_svq_poll’
|
+--> ‘vhost_svq_get_buf’: events 10-11
|
| 416 | static VirtQueueElement
*vhost_svq_get_buf(VhostShadowVirtqueue *svq,
| | ^~~~~~~~~~~~~~~~~
| | |
| | (10) entry to ‘vhost_svq_get_buf’
|......
| 423 | if (!vhost_svq_more_used(svq)) {
| | ~
| | |
| | (11) inlined call to ‘vhost_svq_more_used’ from
‘vhost_svq_get_buf’
|
(...)
|
‘vhost_svq_get_buf’: event 14
|
| 423 | if (!vhost_svq_more_used(svq)) {
| | ^
| | |
| | (14) following ‘false’ branch...
|
‘vhost_svq_get_buf’: event 15
|
|cc1:
| (15): ...to here
|
<------+
|
‘vhost_svq_poll’: events 16-17
|
| 537 | vhost_svq_get_buf(svq, &len);
| | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (16) returning to ‘vhost_svq_poll’ from ‘vhost_svq_get_buf’
| 538 | return len;
| | ~~~
| | |
| | (17) use of uninitialized value ‘len’ here
Note by Laurent Vivier <lvivier@redhat.com>:
The return value is only used to detect an error:
vhost_svq_poll
vhost_vdpa_net_cvq_add
vhost_vdpa_net_load_cmd
vhost_vdpa_net_load_mac
-> a negative return is only used to detect error
vhost_vdpa_net_load_mq
-> a negative return is only used to detect error
vhost_vdpa_net_handle_ctrl_avail
-> a negative return is only used to detect error
Fixes: d368c0b052ad ("vhost: Do not depend on !NULL VirtQueueElement on
vhost_svq_flush")
Signed-off-by: Carlos López <clopez@suse.de>
Message-Id: <20230213085747.19956-1-clopez@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit e4dd39c699b7d63a06f686ec06ded8adbee989c1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6cf13d9d0135ed7183cd43b48193afd179f395e2
https://github.com/qemu/qemu/commit/6cf13d9d0135ed7183cd43b48193afd179f395e2
Author: Carlos López <clopez@suse.de>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M subprojects/libvhost-user/libvhost-user.c
Log Message:
-----------
libvhost-user: check for NULL when allocating a virtqueue element
Check the return value for malloc(), avoiding a NULL pointer
dereference, and propagate error in function callers.
Found with GCC 13 and -fanalyzer:
../subprojects/libvhost-user/libvhost-user.c: In function
‘virtqueue_alloc_element’:
../subprojects/libvhost-user/libvhost-user.c:2556:19: error: dereference of
possibly-NULL ‘elem’ [CWE-690] [-Werror=analyzer-possible-null-dereference]
2556 | elem->out_num = out_num;
| ~~~~~~~~~~~~~~^~~~~~~~~
‘virtqueue_alloc_element’: event 1
|
| 2554 | assert(sz >= sizeof(VuVirtqElement));
| | ^~~~~~
| | |
| | (1) following ‘true’ branch (when ‘sz > 31’)...
|
‘virtqueue_alloc_element’: events 2-4
|
| 2555 | elem = malloc(out_sg_end);
| | ^~~~ ~~~~~~~~~~~~~~~~~~
| | | |
| | | (3) this call could return NULL
| | (2) ...to here
| 2556 | elem->out_num = out_num;
| | ~~~~~~~~~~~~~~~~~~~~~~~
| | |
| | (4) ‘elem’ could be NULL: unchecked value from
(3)
|
Signed-off-by: Carlos López <clopez@suse.de>
Message-Id: <20230210112514.16858-1-clopez@suse.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 9c1916057a8b14411116106e5a5c0c33d551cfeb)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2529bbf4a70d591c02e7a94a15d1e3dd4dbcfae1
https://github.com/qemu/qemu/commit/2529bbf4a70d591c02e7a94a15d1e3dd4dbcfae1
Author: Yajun Wu <yajunw@nvidia.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M chardev/char-socket.c
Log Message:
-----------
chardev/char-socket: set s->listener = NULL in char_socket_finalize
After live migration with virtio block device, qemu crash at:
#0 0x000055914f46f795 in object_dynamic_cast_assert
(obj=0x559151b7b090, typename=0x55914f80fbc4 "qio-channel", file=0x55914f80fb90
"/images/testvfe/sw/qemu.gerrit/include/io/channel.h", line=30,
func=0x55914f80fcb8 <__func__.17257> "QIO_CHANNEL") at ../qom/object.c:872
#1 0x000055914f480d68 in QIO_CHANNEL (obj=0x559151b7b090) at
/images/testvfe/sw/qemu.gerrit/include/io/channel.h:29
#2 0x000055914f4812f8 in qio_net_listener_set_client_func_full
(listener=0x559151b7a720, func=0x55914f580b97 <tcp_chr_accept>,
data=0x5591519f4ea0, notify=0x0, context=0x0) at ../io/net-listener.c:166
#3 0x000055914f580059 in tcp_chr_update_read_handler
(chr=0x5591519f4ea0) at ../chardev/char-socket.c:637
#4 0x000055914f583dca in qemu_chr_be_update_read_handlers
(s=0x5591519f4ea0, context=0x0) at ../chardev/char.c:226
#5 0x000055914f57b7c9 in qemu_chr_fe_set_handlers_full
(b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0,
opaque=0x0, context=0x0, set_open=false, sync_state=true) at
../chardev/char-fe.c:279
#6 0x000055914f57b86d in qemu_chr_fe_set_handlers (b=0x559152bf23a0,
fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0,
context=0x0, set_open=false) at ../chardev/char-fe.c:304
#7 0x000055914f378caf in vhost_user_async_close (d=0x559152bf21a0,
chardev=0x559152bf23a0, vhost=0x559152bf2420, cb=0x55914f2fb8c1
<vhost_user_blk_disconnect>) at ../hw/virtio/vhost-user.c:2725
#8 0x000055914f2fba40 in vhost_user_blk_event (opaque=0x559152bf21a0,
event=CHR_EVENT_CLOSED) at ../hw/block/vhost-user-blk.c:395
#9 0x000055914f58388c in chr_be_event (s=0x5591519f4ea0,
event=CHR_EVENT_CLOSED) at ../chardev/char.c:61
#10 0x000055914f583905 in qemu_chr_be_event (s=0x5591519f4ea0,
event=CHR_EVENT_CLOSED) at ../chardev/char.c:81
#11 0x000055914f581275 in char_socket_finalize (obj=0x5591519f4ea0) at
../chardev/char-socket.c:1083
#12 0x000055914f46f073 in object_deinit (obj=0x5591519f4ea0,
type=0x5591519055c0) at ../qom/object.c:680
#13 0x000055914f46f0e5 in object_finalize (data=0x5591519f4ea0) at
../qom/object.c:694
#14 0x000055914f46ff06 in object_unref (objptr=0x5591519f4ea0) at
../qom/object.c:1202
#15 0x000055914f4715a4 in object_finalize_child_property
(obj=0x559151b76c50, name=0x559151b7b250 "char3", opaque=0x5591519f4ea0) at
../qom/object.c:1747
#16 0x000055914f46ee86 in object_property_del_all (obj=0x559151b76c50)
at ../qom/object.c:632
#17 0x000055914f46f0d2 in object_finalize (data=0x559151b76c50) at
../qom/object.c:693
#18 0x000055914f46ff06 in object_unref (objptr=0x559151b76c50) at
../qom/object.c:1202
#19 0x000055914f4715a4 in object_finalize_child_property
(obj=0x559151b6b560, name=0x559151b76630 "chardevs", opaque=0x559151b76c50) at
../qom/object.c:1747
#20 0x000055914f46ef67 in object_property_del_child
(obj=0x559151b6b560, child=0x559151b76c50) at ../qom/object.c:654
#21 0x000055914f46f042 in object_unparent (obj=0x559151b76c50) at
../qom/object.c:673
#22 0x000055914f58632a in qemu_chr_cleanup () at ../chardev/char.c:1189
#23 0x000055914f16c66c in qemu_cleanup () at ../softmmu/runstate.c:830
#24 0x000055914eee7b9e in qemu_default_main () at ../softmmu/main.c:38
#25 0x000055914eee7bcc in main (argc=86, argv=0x7ffc97cb8d88) at
../softmmu/main.c:48
In char_socket_finalize after s->listener freed, event callback function
vhost_user_blk_event will be called to handle CHR_EVENT_CLOSED.
vhost_user_blk_event is calling qio_net_listener_set_client_func_full which
is still using s->listener.
Setting s->listener = NULL after object_unref(OBJECT(s->listener)) can
solve this issue.
Signed-off-by: Yajun Wu <yajunw@nvidia.com>
Acked-by: Jiri Pirko <jiri@nvidia.com>
Message-Id: <20230214021430.3638579-1-yajunw@nvidia.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit b8a7f51f59e28d5a8e0c07ed3919cc9695560ed2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f6d602d078e3e680ec713bb28045fb8fa3d17fac
https://github.com/qemu/qemu/commit/f6d602d078e3e680ec713bb28045fb8fa3d17fac
Author: Jason Wang <jasowang@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/i386/intel_iommu.c
Log Message:
-----------
intel-iommu: fail MAP notifier without caching mode
Without caching mode, MAP notifier won't work correctly since guest
won't send IOTLB update event when it establishes new mappings in the
I/O page tables. Let's fail the IOMMU notifiers early instead of
misbehaving silently.
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Viktor Prutyanov <viktor@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20230223065924.42503-2-jasowang@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit b8d78277c091f26fdd64f239bc8bb7e55d74cecf)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b05232a25659ea14eb0b477c17aca9a7ce50bb64
https://github.com/qemu/qemu/commit/b05232a25659ea14eb0b477c17aca9a7ce50bb64
Author: Jason Wang <jasowang@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M hw/i386/intel_iommu.c
Log Message:
-----------
intel-iommu: fail DEVIOTLB_UNMAP without dt mode
Without dt mode, device IOTLB notifier won't work since guest won't
send device IOTLB invalidation descriptor in this case. Let's fail
early instead of misbehaving silently.
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Tested-by: Laurent Vivier <lvivier@redhat.com>
Tested-by: Viktor Prutyanov <viktor@daynix.com>
Buglink: https://bugzilla.redhat.com/2156876
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20230223065924.42503-3-jasowang@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 09adb0e021207b60a0c51a68939b4539d98d3ef3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7c8a67ed462a1089e7c3837cb94579031c6ecc6b
https://github.com/qemu/qemu/commit/7c8a67ed462a1089e7c3837cb94579031c6ecc6b
Author: Anton Johansson <anjo@rev.ng>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M block/curl.c
Log Message:
-----------
block: Handle curl 7.55.0, 7.85.0 version changes
* 7.55.0 deprecates CURLINFO_CONTENT_LENGTH_DOWNLOAD in favour of a *_T
version, which returns curl_off_t instead of a double.
* 7.85.0 deprecates CURLOPT_PROTOCOLS and CURLOPT_REDIR_PROTOCOLS in
favour of *_STR variants, specifying the desired protocols via a
string.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1440
Signed-off-by: Anton Johansson <anjo@rev.ng>
Message-Id: <20230123201431.23118-1-anjo@rev.ng>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit e7b8d9d038f313c2b9e601609e7d7c3ca6ad0234)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9d46d348f649f640b2ba0b0b160b562c8f720fc9
https://github.com/qemu/qemu/commit/9d46d348f649f640b2ba0b0b160b562c8f720fc9
Author: Alex Bennée <alex.bennee@linaro.org>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M tests/tcg/multiarch/linux/linux-test.c
Log Message:
-----------
tests/tcg: fix unused variable in linux-test
The latest hexagon compiler picks up that we never consume wcount.
Given the name of the #define that rcount checks against is WCOUNT_MAX
I figured the check just got missed.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20221221090411.1995037-5-alex.bennee@linaro.org>
(cherry picked from commit 2bc6c79417b89c3306b724577e775f03fe61fb2e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e807a1c29f90d50ba5a26a787048451092ec0d4c
https://github.com/qemu/qemu/commit/e807a1c29f90d50ba5a26a787048451092ec0d4c
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-03-29 (Wed, 29 Mar 2023)
Changed paths:
M meson.build
R scripts/shaderinclude.pl
A scripts/shaderinclude.py
Log Message:
-----------
build-sys: fix crlf-ending C code
On msys2, the shader-to-C script produces bad C:
./ui/shader/texture-blit-vert.h:2:5: error: missing terminating " character
[-Werror]
Fix it by changing the line ending from crlf to lf, and convert the
script to Python (qemu build seems perl-free after that).
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230110132700.833690-2-marcandre.lureau@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230124180127.1881110-6-alex.bennee@linaro.org>
(cherry picked from commit e2c4012bc35894d60e54bd077ceaaae565d43c15)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 32b8913f725aaad6cf6aa7462a9b15e350a40b1d
https://github.com/qemu/qemu/commit/32b8913f725aaad6cf6aa7462a9b15e350a40b1d
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 7.2.1 release
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 099e8cd9eac7924c9439d51786eda0988bd8f0b7
https://github.com/qemu/qemu/commit/099e8cd9eac7924c9439d51786eda0988bd8f0b7
Author: Markus Armbruster <armbru@redhat.com>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M qga/commands.c
Log Message:
-----------
qga: Drop dangling reference to QERR_QGA_LOGGING_DISABLED
slog()'s function comment advises to use QERR_QGA_LOGGING_DISABLED.
This macro never existed. The reference got added in commit
e3d4d25206a "guest agent: add guest agent RPCs/commands" along with
QERR_QGA_LOGGING_FAILED, so maybe that one was meant. However,
QERR_QGA_LOGGING_FAILED was never actually used, and was removed in
commit d73f0beadb5 "qerror.h: Remove unused error classes".
Drop the dangling reference.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230207075115.1525-9-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
(cherry picked from commit c40233593ed5732de1676412527e42431e33e62c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5bfbcc3faa43e59e09e9f96ac7eebd98e05ea8e3
https://github.com/qemu/qemu/commit/5bfbcc3faa43e59e09e9f96ac7eebd98e05ea8e3
Author: Konstantin Kostiuk <kkostiuk@redhat.com>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M qga/installer/qemu-ga.wxs
Log Message:
-----------
qga/win32: Remove change action from MSI installer
Remove the 'change' button from "Programs and Features" because it does
not checks if a user is an admin or not. The installer has no components
to choose from and always installs everything. So the 'change' button is
not obviously needed but can create a security issue.
resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2167423
fixes: CVE-2023-0664 (part 1 of 2)
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Reviewed-by: Yan Vugenfirer <yvugenfi@redhat.com>
Reported-by: Brian Wiltse <brian.wiltse@live.com>
(cherry picked from commit 88288c2a51faa7c795f053fc8b31b1c16ff804c5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b209cc4556d56938fa8a933670b8fb98c036af37
https://github.com/qemu/qemu/commit/b209cc4556d56938fa8a933670b8fb98c036af37
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M hw/net/vmxnet3.c
Log Message:
-----------
hw/net/vmxnet3: allow VMXNET3_MAX_MTU itself as a value
Currently, VMXNET3_MAX_MTU itself (being 9000) is not considered a
valid value for the MTU, but a guest running ESXi 7.0 might try to
set it and fail the assert [0].
In the Linux kernel, dev->max_mtu itself is a valid value for the MTU
and for the vmxnet3 driver it's 9000, so a guest running Linux will
also fail the assert when trying to set an MTU of 9000.
VMXNET3_MAX_MTU and s->mtu don't seem to be used in relation to buffer
allocations/accesses, so allowing the upper limit itself as a value
should be fine.
[0]: https://forum.proxmox.com/threads/114011/
Fixes: d05dcd94ae ("net: vmxnet3: validate configuration values during activate
(CVE-2021-20203)")
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 099a63828130843741d317cb28e936f468b2b53b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a2efa1fac49b7d7d10564ef0007b2ed02e69fdf5
https://github.com/qemu/qemu/commit/a2efa1fac49b7d7d10564ef0007b2ed02e69fdf5
Author: Yuval Shaia <yuval.shaia.ml@gmail.com>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M hw/rdma/vmw/pvrdma_cmd.c
Log Message:
-----------
hw/pvrdma: Protect against buggy or malicious guest driver
Guest driver might execute HW commands when shared buffers are not yet
allocated.
This could happen on purpose (malicious guest) or because of some other
guest/host address mapping error.
We need to protect againts such case.
Fixes: CVE-2022-1050
Reported-by: Raven <wxhusst@gmail.com>
Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Message-Id: <20220403095234.2210-1-yuval.shaia.ml@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
(cherry picked from commit 31c4b6fb0293e359f9ef8a61892667e76eea4c99)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a3c6cd83e32d7729889b3eab2a9b6b4650c56ea9
https://github.com/qemu/qemu/commit/a3c6cd83e32d7729889b3eab2a9b6b4650c56ea9
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M target/s390x/arch_dump.c
Log Message:
-----------
target/s390x/arch_dump: Fix memory corruption in s390x_write_elf64_notes()
"note_size" can be smaller than sizeof(note), so unconditionally calling
memset(notep, 0, sizeof(note)) could cause a memory corruption here in
case notep has been allocated dynamically, thus let's use note_size as
length argument for memset() instead.
Reported-by: Sebastian Mitterle <smitterl@redhat.com>
Fixes: 113d8f4e95 ("s390x: pv: Add dump support")
Message-Id: <20230214141056.680969-1-thuth@redhat.com>
Reviewed-by: Janosch Frank <frankja@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit eb60026120081430d554c9cabaa36c4ac271fce0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 17b032c6598ea756889f25e8d3e4cd9f2036669b
https://github.com/qemu/qemu/commit/17b032c6598ea756889f25e8d3e4cd9f2036669b
Author: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M target/s390x/tcg/insn-data.h.inc
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix emulation of C(G)HRL
The second operand of COMPARE HALFWORD RELATIVE LONG is a signed
halfword, it does not have the same size as the first operand.
Fixes: a7e836d5eb ("target-s390: Convert COMPARE, COMPARE LOGICAL")
Signed-off-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20230310114157.3024170-2-nsg@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 54fce97cfcaf5463ee5f325bc1f1d4adc2772f38)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ad2f459ce03bb9cb1f3c577f5503c8861f777ba1
https://github.com/qemu/qemu/commit/ad2f459ce03bb9cb1f3c577f5503c8861f777ba1
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Split out gen_ri2
Use tcg_constant_i64. Adjust in2_mri2_* to allocate a new
temporary for the output, using gen_ri2 for the address.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit bdbc87e323ee417735141ed2b11dab0091b57593)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5d42bf6c574dcb174689fb837552c6f228db9cf3
https://github.com/qemu/qemu/commit/5d42bf6c574dcb174689fb837552c6f228db9cf3
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-03-30 (Thu, 30 Mar 2023)
Changed paths:
M target/s390x/cpu.h
M target/s390x/tcg/mem_helper.c
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix EXECUTE of relative long instructions
The code uses the wrong base for relative addressing: it should use the
target instruction address and not the EXECUTE's address.
Fix by storing the target instruction address in the new CPUS390XState
member and loading it from the code generated by gen_ri2().
Reported-by: Nina Schoetterl-Glausch <nsg@linux.ibm.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-Id: <20230316210751.302423-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 703d03a4aaf38f285555ef5422ba5ce075416fc4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d8592b05becfeea4da2c71b79ea3d9a7ef8cfe50
https://github.com/qemu/qemu/commit/d8592b05becfeea4da2c71b79ea3d9a7ef8cfe50
Author: Markus Armbruster <armbru@redhat.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M hw/arm/boot.c
Log Message:
-----------
hw/arm: do not free machine->fdt in arm_load_dtb()
At this moment, arm_load_dtb() can free machine->fdt when
binfo->dtb_filename is NULL. If there's no 'dtb_filename', 'fdt' will be
retrieved by binfo->get_dtb(). If get_dtb() returns machine->fdt, as is
the case of machvirt_dtb() from hw/arm/virt.c, fdt now has a pointer to
machine->fdt. And, in that case, the existing g_free(fdt) at the end of
arm_load_dtb() will make machine->fdt point to an invalid memory region.
Since monitor command 'dumpdtb' was introduced a couple of releases
ago, running it with any ARM machine that uses arm_load_dtb() will
crash QEMU.
Let's enable all arm_load_dtb() callers to use dumpdtb properly. Instead
of freeing 'fdt', assign it back to ms->fdt.
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-arm@nongnu.org
Fixes: bf353ad55590f ("qmp/hmp, device_tree.c: introduce dumpdtb")
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-id: 20230328165935.1512846-1-armbru@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 12148d442ec3f4386c8624ffcf44c61a8b344018)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 248aa3deb68a327a9450b536fab8e03a4ed89918
https://github.com/qemu/qemu/commit/248aa3deb68a327a9450b536fab8e03a4ed89918
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M util/fdmon-epoll.c
Log Message:
-----------
aio-posix: fix race between epoll upgrade and aio_set_fd_handler()
If another thread calls aio_set_fd_handler() while the IOThread event
loop is upgrading from ppoll(2) to epoll(7) then we might miss new
AioHandlers. The epollfd will not monitor the new AioHandler's fd,
resulting in hangs.
Take the AioHandler list lock while upgrading to epoll. This prevents
AioHandlers from changing while epoll is being set up. If we cannot lock
because we're in a nested event loop, then don't upgrade to epoll (it
will happen next time we're not in a nested call).
The downside to taking the lock is that the aio_set_fd_handler() thread
has to wait until the epoll upgrade is finished, which involves many
epoll_ctl(2) system calls. However, this scenario is rare and I couldn't
think of another solution that is still simple.
Reported-by: Qing Wang <qinwang@redhat.com>
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2090998
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Fam Zheng <fam@euphon.net>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230323144859.1338495-1-stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit e62da98527fa35fe5f532cded01a33edf9fbe7b2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5d4218f0b22812b37662f29a5c33619823f948e0
https://github.com/qemu/qemu/commit/5d4218f0b22812b37662f29a5c33619823f948e0
Author: Cédric Le Goater <clg@redhat.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M target/s390x/s390x-internal.h
Log Message:
-----------
target/s390x: Fix float_comp_to_cc() prototype
GCC13 reports an error :
../target/s390x/tcg/fpu_helper.c:123:5: error: conflicting types for
‘float_comp_to_cc’ due to enum/integer mismatch; have ‘int(CPUS390XState *,
FloatRelation)’ {aka ‘int(struct CPUArchState *, FloatRelation)’}
[-Werror=enum-int-mismatch]
123 | int float_comp_to_cc(CPUS390XState *env, FloatRelation float_compare)
| ^~~~~~~~~~~~~~~~
In file included from ../target/s390x/tcg/fpu_helper.c:23:
../target/s390x/s390x-internal.h:302:5: note: previous declaration of
‘float_comp_to_cc’ with type ‘int(CPUS390XState *, int)’ {aka ‘int(struct
CPUArchState *, int)’}
302 | int float_comp_to_cc(CPUS390XState *env, int float_compare);
| ^~~~~~~~~~~~~~~~
Fixes: 71bfd65c5f ("softfloat: Name compare relation enum")
Signed-off-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230321161609.716474-3-clg@kaod.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit f79283fdb8efca0cd6e818bebad12f367e83f6e6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a3f531cee66b12041098f7a809c2a7d6ecb6ad7d
https://github.com/qemu/qemu/commit/a3f531cee66b12041098f7a809c2a7d6ecb6ad7d
Author: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M qga/vss-win32/install.cpp
Log Message:
-----------
qga/vss-win32: fix warning for clang++-15
Reported when compiling with clang-windows-arm64.
../qga/vss-win32/install.cpp:537:9: error: variable 'hr' is used uninitialized
whenever 'if' condition is false [-Werror,-Wsometimes-uninitialized]
if (!(ControlService(service, SERVICE_CONTROL_STOP, NULL))) {
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../qga/vss-win32/install.cpp:545:12: note: uninitialized use occurs here
return hr;
^~
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Fixes: 917ebcb170 ("qga-win: Fix QGA VSS Provider service stop failure")
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Kostiantyn Kostiuk <kostyanf14@live.com>
(cherry picked from commit 0fcd574b025fccdf14d5140687cafe2bc30b634f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c74cba83622a306bd9af18adf19edb8c72d8be3c
https://github.com/qemu/qemu/commit/c74cba83622a306bd9af18adf19edb8c72d8be3c
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M ui/gtk.c
Log Message:
-----------
ui: fix crash on serial reset, during init
For ex, when resetting the xlnx-zcu102 machine:
(lldb) bt
* thread #1, queue = 'com.apple.main-thread', stop reason =
EXC_BAD_ACCESS (code=1, address=0x50)
* frame #0: 0x10020a740 gd_vc_send_chars(vc=0x000000000) at
gtk.c:1759:41 [opt]
frame #1: 0x100636264 qemu_chr_fe_accept_input(be=<unavailable>) at
char-fe.c:159:9 [opt]
frame #2: 0x1000608e0 cadence_uart_reset_hold [inlined]
uart_rx_reset(s=0x10810a960) at cadence_uart.c:158:5 [opt]
frame #3: 0x1000608d4 cadence_uart_reset_hold(obj=0x10810a960) at
cadence_uart.c:530:5 [opt]
frame #4: 0x100580ab4 resettable_phase_hold(obj=0x10810a960,
opaque=0x000000000, type=<unavailable>) at resettable.c:0 [opt]
frame #5: 0x10057d1b0 bus_reset_child_foreach(obj=<unavailable>,
cb=(resettable_phase_hold at resettable.c:162), opaque=0x000000000,
type=RESET_TYPE_COLD) at bus.c:97:13 [opt]
frame #6: 0x1005809f8 resettable_phase_hold [inlined]
resettable_child_foreach(rc=0x000060000332d2c0, obj=0x0000600002c1c180,
cb=<unavailable>, opaque=0x000000000, type=RESET_TYPE_COLD) at
resettable.c:96:9 [opt]
frame #7: 0x1005809d8 resettable_phase_hold(obj=0x0000600002c1c180,
opaque=0x000000000, type=RESET_TYPE_COLD) at resettable.c:173:5 [opt]
frame #8: 0x1005803a0
resettable_assert_reset(obj=0x0000600002c1c180, type=<unavailable>) at
resettable.c:60:5 [opt]
frame #9: 0x10058027c resettable_reset(obj=0x0000600002c1c180,
type=RESET_TYPE_COLD) at resettable.c:45:5 [opt]
While the chardev is created early, the VirtualConsole is associated
after, during qemu_init_displays().
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230220072251.3385878-1-marcandre.lureau@redhat.com>
(cherry picked from commit 49152ac47003ca21fc6f2a5c3e517f79649e1541)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d9bb73d8e3a02135a34b2b7d7ba8f8e1e660a1e5
https://github.com/qemu/qemu/commit/d9bb73d8e3a02135a34b2b7d7ba8f8e1e660a1e5
Author: Bernhard Beschow <shentey@gmail.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M include/qemu/osdep.h
Log Message:
-----------
qemu/osdep: Switch position of "extern" and "G_NORETURN"
Fixes the Windows build under msys2 using GCC 12 which fails with the following
error:
[184/579] Compiling C++ object qga/vss-win32/qga-vss.dll.p/install.cpp.obj
FAILED: qga/vss-win32/qga-vss.dll.p/install.cpp.obj
"c++" "-m64" "-mcx16" "-Iqga/vss-win32/qga-vss.dll.p" "-Iqga/vss-win32"
"-I../src/qga/vss-win32" "-I." "-Iqapi" "-Itrace" "-Iui" "-Iui/shader"
"-IC:/msys64/mingw64/include/glib-2.0"
"-IC:/msys64/mingw64/lib/glib-2.0/include" "-fdiagnostics-color=auto" "-Wall"
"-Winvalid-pch" "-Wnon-virtual-dtor" "-Werror" "-std=gnu++11" "-g" "-iquote"
"." "-iquote" "C:/msys64/home/shentey/Projects/qemu/src" "-iquote"
"C:/msys64/home/shentey/Projects/qemu/src/include" "-iquote"
"C:/msys64/home/shentey/Projects/qemu/src/tcg/i386" "-D__STDC_LIMIT_MACROS"
"-D__STDC_CONSTANT_MACROS" "-D__STDC_FORMAT_MACROS" "-fno-pie" "-no-pie"
"-D_GNU_SOURCE" "-D_FILE_OFFSET_BITS=64" "-D_LARGEFILE_SOURCE"
"-fno-strict-aliasing" "-fno-common" "-fwrapv" "-Wundef" "-Wwrite-strings"
"-Wtype-limits" "-Wformat-security" "-Wformat-y2k" "-Winit-self"
"-Wignored-qualifiers" "-Wempty-body" "-Wendif-labels" "-Wexpansion-to-defined"
"-Wimplicit-fallthrough=2" "-Wmissing-format-attribute"
"-Wno-missing-include-dirs" "-Wno-shift-negative-value" "-Wno-psabi"
"-fstack-protector-strong" "-Wno-unknown-pragmas"
"-Wno-delete-non-virtual-dtor" "-Wno-non-virtual-dtor" -MD -MQ
qga/vss-win32/qga-vss.dll.p/install.cpp.obj -MF
"qga/vss-win32/qga-vss.dll.p/install.cpp.obj.d" -o
qga/vss-win32/qga-vss.dll.p/install.cpp.obj "-c"
../src/qga/vss-win32/install.cpp
In file included from C:/msys64/mingw64/lib/glib-2.0/include/glibconfig.h:9,
from C:/msys64/mingw64/include/glib-2.0/glib/gtypes.h:34,
from C:/msys64/mingw64/include/glib-2.0/glib/galloca.h:34,
from C:/msys64/mingw64/include/glib-2.0/glib.h:32,
from
C:/msys64/home/shentey/Projects/qemu/src/include/glib-compat.h:32,
from
C:/msys64/home/shentey/Projects/qemu/src/include/qemu/osdep.h:144,
from ../src/qga/vss-win32/install.cpp:13:
C:/msys64/mingw64/include/glib-2.0/glib/gmacros.h:1075:21: error: standard
attributes in middle of decl-specifiers
1075 | # define G_NORETURN [[noreturn]]
| ^
C:/msys64/home/shentey/Projects/qemu/src/include/qemu/osdep.h:240:8: note: in
expansion of macro 'G_NORETURN'
240 | extern G_NORETURN
| ^~~~~~~~~~
C:/msys64/mingw64/include/glib-2.0/glib/gmacros.h:1075:21: note: standard
attributes must precede the decl-specifiers to apply to the declaration, or
follow them to apply to the type
1075 | # define G_NORETURN [[noreturn]]
| ^
C:/msys64/home/shentey/Projects/qemu/src/include/qemu/osdep.h:240:8: note: in
expansion of macro 'G_NORETURN'
240 | extern G_NORETURN
| ^~~~~~~~~~
C:/msys64/mingw64/include/glib-2.0/glib/gmacros.h:1075:21: error: attribute
ignored [-Werror=attributes]
1075 | # define G_NORETURN [[noreturn]]
| ^
C:/msys64/home/shentey/Projects/qemu/src/include/qemu/osdep.h:240:8: note: in
expansion of macro 'G_NORETURN'
240 | extern G_NORETURN
| ^~~~~~~~~~
C:/msys64/mingw64/include/glib-2.0/glib/gmacros.h:1075:21: note: an attribute
that appertains to a type-specifier is ignored
1075 | # define G_NORETURN [[noreturn]]
| ^
C:/msys64/home/shentey/Projects/qemu/src/include/qemu/osdep.h:240:8: note: in
expansion of macro 'G_NORETURN'
240 | extern G_NORETURN
| ^~~~~~~~~~
cc1plus.exe: all warnings being treated as errors
Apparently it also fixes the compilation with Clang 15 (see
https://gitlab.com/qemu-project/qemu/-/issues/1541 ).
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1541
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Message-Id: <20230318185931.181659-1-shentey@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 5cb993ff131fca2abef3ce074a20258fd6fce557)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b57641e907acadd7593e0fec4ef52a21c9864aa7
https://github.com/qemu/qemu/commit/b57641e907acadd7593e0fec4ef52a21c9864aa7
Author: Mathis Marion <mathis.marion@silabs.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M linux-user/syscall.c
Log Message:
-----------
linux-user: fix sockaddr_in6 endianness
The sin6_scope_id field uses the host byte order, so there is a
conversion to be made when host and target endianness differ.
Signed-off-by: Mathis Marion <mathis.marion@silabs.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230307154256.101528-2-Mathis.Marion@silabs.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
(cherry picked from commit 44cf6731d6b9a48bcd57392e8cd6f0f712aaa677)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b6abbe6250a140d6f4b779f04c95e79a0f0aeffa
https://github.com/qemu/qemu/commit/b6abbe6250a140d6f4b779f04c95e79a0f0aeffa
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M linux-user/generic/target_resource.h
M linux-user/syscall.c
Log Message:
-----------
linux-user: Fix unaligned memory access in prlimit64 syscall
target_rlimit64 contains uint64_t fields, so it's 8-byte aligned on
some hosts, while some guests may align their respective type on a
4-byte boundary. This may lead to an unaligned access, which is an UB.
Fix by defining the fields as abi_ullong. This makes the host alignment
match that of the guest, and lets the compiler know that it should emit
code that can deal with the guest alignment.
While at it, also use __get_user() and __put_user() instead of
tswap64().
Fixes: 163a05a8398b ("linux-user: Implement prlimit64 syscall")
Reported-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230224003907.263914-2-iii@linux.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
(cherry picked from commit 9c1da8b5ee7f6e80e6b683e7fb73df1029a7cbbe)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 73a11e3723a157df669888fc89c4e776d5fcc8ee
https://github.com/qemu/qemu/commit/73a11e3723a157df669888fc89c4e776d5fcc8ee
Author: Mathis Marion <mathis.marion@silabs.com>
Date: 2023-04-10 (Mon, 10 Apr 2023)
Changed paths:
M linux-user/fd-trans.c
M linux-user/fd-trans.h
M linux-user/syscall.c
Log Message:
-----------
linux-user: fix timerfd read endianness conversion
When reading the expiration count from a timerfd, the endianness of the
64bit value read is the one of the host, just as for eventfds.
Signed-off-by: Mathis Marion <mathis.marion@silabs.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20230220085822.626798-2-Mathis.Marion@silabs.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
(cherry picked from commit d759a62b122dcdf76d6ea10c56c5dff1d04d731d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: dda57509e91d9d329fe11f2a3390ef38e2a86139
https://github.com/qemu/qemu/commit/dda57509e91d9d329fe11f2a3390ef38e2a86139
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-04-12 (Wed, 12 Apr 2023)
Changed paths:
M target/arm/cpu.h
Log Message:
-----------
target/arm: Handle m-profile in arm_is_secure
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1421
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230227225832.816605-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 9094f9551df849f68d40236092d8af3ed869d093)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3218890da457ee17b3b49b8c2451130ed808cb79
https://github.com/qemu/qemu/commit/3218890da457ee17b3b49b8c2451130ed808cb79
Author: Peter Xu <peterx@redhat.com>
Date: 2023-04-13 (Thu, 13 Apr 2023)
Changed paths:
M io/channel-tls.c
Log Message:
-----------
io: tls: Inherit QIO_CHANNEL_FEATURE_SHUTDOWN on server side
TLS iochannel will inherit io_shutdown() from the master ioc, however we
missed to do that on the server side.
This will e.g. allow qemu_file_shutdown() to work on dest QEMU too for
migration.
Acked-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit 86d063fa83901bc8150343ff8b03979fbea392c9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c22120835295f2bbb7d101f1fa60abb70029be85
https://github.com/qemu/qemu/commit/c22120835295f2bbb7d101f1fa60abb70029be85
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2023-04-13 (Thu, 13 Apr 2023)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: fix memory leak in nvme_dsm
The iocb (and the allocated memory to hold LBA ranges) leaks if reading
the LBA ranges fails.
Fix this by adding a free and an unref of the iocb.
Reported-by: Coverity (CID 1508281)
Fixes: d7d1474fd85d ("hw/nvme: reimplement dsm to allow cancellation")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit 4b32319cdacd99be983e1a74128289ef52c5964e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2e0e234272a65930743fe4580a500b6bf6782529
https://github.com/qemu/qemu/commit/2e0e234272a65930743fe4580a500b6bf6782529
Author: Lukas Tschoke <lukts330@gmail.com>
Date: 2023-04-13 (Thu, 13 Apr 2023)
Changed paths:
M block/vhdx-log.c
Log Message:
-----------
block/vhdx: fix dynamic VHDX BAT corruption
The corruption occurs when a BAT entry aligned to 4096 bytes is changed.
Specifically, the corruption occurs during the creation of the LOG Data
Descriptor. The incorrect behavior involves copying 4088 bytes from the
original 4096 bytes aligned offset to `tmp[8..4096]` and then copying
the new value for the first BAT entry to the beginning `tmp[0..8]`.
This results in all existing BAT entries inside the 4K region being
incorrectly moved by 8 bytes and the last entry being lost.
This bug did not cause noticeable corruption when only sequentially
writing once to an empty dynamic VHDX (e.g.
using `qemu-img convert -O vhdx -o subformat=dynamic ...`), but it
still resulted in invalid values for the (unused) Sector Bitmap BAT
entries.
Importantly, this corruption would only become noticeable after the
corrupted BAT is re-read from the file.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/727
Cc: qemu-stable@nongnu.org
Signed-off-by: Lukas Tschoke <lukts330@gmail.com>
Message-Id: <6cfb6d6b-adc5-7772-c8a5-6bae9a0ad668@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8af037fe4cfeb88bbcded3122cec2c5be0b90907)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 161e1f22b8a288f88efa40590faab1bc4c2d86a9
https://github.com/qemu/qemu/commit/161e1f22b8a288f88efa40590faab1bc4c2d86a9
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: 2023-04-23 (Sun, 23 Apr 2023)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 7.2.2 release
Compare: https://github.com/qemu/qemu/compare/e34f86a2f91c%5E...161e1f22b8a2
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] e34f86: target/sh4: Mask restore of env->flags from tb->flags,
Alex Bennée <=