[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] eca6eb: gitlab-ci: Avoid to re-run "configure
|
From: |
Alex Bennée |
|
Subject: |
[Qemu-commits] [qemu/qemu] eca6eb: gitlab-ci: Avoid to re-run "configure" in the devi... |
|
Date: |
Sat, 08 Jul 2023 15:05:47 -0700 |
Branch: refs/heads/stable-8.0
Home: https://github.com/qemu/qemu
Commit: eca6ebee52b22f758f5995ff600d00d576715632
https://github.com/qemu/qemu/commit/eca6ebee52b22f758f5995ff600d00d576715632
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M .gitlab-ci.d/buildtest.yml
Log Message:
-----------
gitlab-ci: Avoid to re-run "configure" in the device-crash-test jobs
After "make check-venv" had been added to these jobs, they started
to re-run "configure" each time since our logic in the makefile
thinks that some files are out of date here. Avoid it with the same
trick that we are using in buildtest-template.yml already by disabling
the up-to-date check via NINJA=":".
Fixes: 1d8cf47e5b ("tests: run 'device-crash-test' from tests/venv")
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230414145845.456145-2-thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230424092249.58552-5-alex.bennee@linaro.org>
(cherry picked from commit 4d3bd91b26a69b39a178744d3d6e5f23050afb23)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 25b846c85e4c9fb911673e31d474208b28dfd01a
https://github.com/qemu/qemu/commit/25b846c85e4c9fb911673e31d474208b28dfd01a
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M .gitlab-ci.d/buildtest.yml
M scripts/device-crash-test
Log Message:
-----------
scripts/device-crash-test: Add a parameter to run with TCG only
We're currently facing the problem that the device-crash-test script
runs twice as long in the CI when a runner supports KVM - which sometimes
results in a timeout of the CI job. To get a more deterministic runtime
here, add an option to the script that allows to run it with TCG only.
Reported-by: Eldon Stegall <eldon-qemu@eldondev.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230414145845.456145-3-thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230424092249.58552-6-alex.bennee@linaro.org>
(cherry picked from commit 8b869aa59109d238fd684e1ade204b6942202120)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 864ce70c1c747898063cc2df854920d354b1b78f
https://github.com/qemu/qemu/commit/864ce70c1c747898063cc2df854920d354b1b78f
Author: Richard Purdie <richard.purdie@linuxfoundation.org>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M target/ppc/insn32.decode
M target/ppc/translate/fp-impl.c.inc
Log Message:
-----------
target/ppc: Fix fallback to MFSS for MFFS* instructions on pre 3.0 ISAs
The following commits changed the code such that the fallback to MFSS for
MFFSCRN,
MFFSCRNI, MFFSCE and MFFSL on pre 3.0 ISAs was removed and became an illegal
instruction:
bf8adfd88b547680aa857c46098f3a1e94373160 - target/ppc: Move mffscrn[i] to
decodetree
394c2e2fda70da722f20fb60412d6c0ca4bfaa03 - target/ppc: Move mffsce to
decodetree
3e5bce70efe6bd1f684efbb21fd2a316cbf0657e - target/ppc: Move mffsl to
decodetree
The hardware will handle them as a MFFS instruction as the code did previously.
This means applications that were segfaulting under qemu when encountering these
instructions which is used in glibc libm functions for example.
The fallback for MFFSCDRN and MFFSCDRNI added in a later patch was also missing.
This patch restores the fallback to MFSS for these instructions on pre 3.0s ISAs
as the hardware decoder would, fixing the segfaulting libm code. It doesn't have
the fallback for 3.0 onwards to match hardware behaviour.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Reviewed-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230510111913.1718734-1-richard.purdie@linuxfoundation.org>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
(cherry picked from commit 5260ecffd24e36c029849f379c8b9cc3d099c879)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 880f7d12bedfc8c5c76d72088cf3e088c32c96b0
https://github.com/qemu/qemu/commit/880f7d12bedfc8c5c76d72088cf3e088c32c96b0
Author: Bernhard Beschow <shentey@gmail.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M hw/ppc/prep.c
Log Message:
-----------
hw/ppc/prep: Fix wiring of PIC -> CPU interrupt
Commit cef2e7148e32 ("hw/isa/i82378: Remove intermediate IRQ forwarder")
passes s->cpu_intr to i8259_init() in i82378_realize() directly. However, s-
>cpu_intr isn't initialized yet since that happens after the south bridge's
pci_realize_and_unref() in board code. Fix this by initializing s->cpu_intr
before realizing the south bridge.
Fixes: cef2e7148e32 ("hw/isa/i82378: Remove intermediate IRQ forwarder")
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20230304114043.121024-4-shentey@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
(cherry picked from commit 2237af5e60ada06d90bf714e85523deafd936b9b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 76b7002ec724b5f8dc2cf3fbb6ffb458baadd836
https://github.com/qemu/qemu/commit/76b7002ec724b5f8dc2cf3fbb6ffb458baadd836
Author: Erico Nunes <ernunes@redhat.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M ui/gtk-egl.c
M ui/gtk-gl-area.c
Log Message:
-----------
ui/gtk: fix passing y0_top parameter to scanout
The dmabuf->y0_top flag is passed to .dpy_gl_scanout_dmabuf(), however
in the gtk ui both implementations dropped it when doing the next
scanout_texture call.
Fixes flipped linux console using vhost-user-gpu with the gtk ui
display.
Signed-off-by: Erico Nunes <ernunes@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230220175605.43759-1-ernunes@redhat.com>
(cherry picked from commit 94400fa53f81c9f58ad88cf3f3e7ea89ec423d39)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7fd387715b501d2a0c1b6032ea526c20bde0fdb5
https://github.com/qemu/qemu/commit/7fd387715b501d2a0c1b6032ea526c20bde0fdb5
Author: Erico Nunes <ernunes@redhat.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M ui/gtk.c
Log Message:
-----------
ui/gtk: use widget size for cursor motion event
The gd_motion_event size has some calculations for the cursor position,
which also take into account things like different size of the
framebuffer compared to the window size.
The use of window size makes things more difficult though, as at least
in the case of Wayland includes the size of ui elements like a menu bar
at the top of the window. This leads to a wrong position calculation by
a few pixels.
Fix it by using the size of the widget, which already returns the size
of the actual space to render the framebuffer.
Signed-off-by: Erico Nunes <ernunes@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Message-Id: <20230320160856.364319-1-ernunes@redhat.com>
(cherry picked from commit 2f31663ed4b5631b5e1c79f5cdd6463e55410eb8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: eef92fac912f5494e4b2c048d02fbd105b471666
https://github.com/qemu/qemu/commit/eef92fac912f5494e4b2c048d02fbd105b471666
Author: Erico Nunes <ernunes@redhat.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M ui/gtk-egl.c
Log Message:
-----------
ui/gtk-egl: fix scaling for cursor position in scanout mode
vc->gfx.w and vc->gfx.h are not updated appropriately in this code path,
which leads to a different scaling factor for rendering the cursor on
some edge cases (e.g. the focus has left and re-entered the gtk window).
This can be reproduced using vhost-user-gpu with the gtk ui on the x11
backend.
Use the surface dimensions which are already updated accordingly.
Signed-off-by: Erico Nunes <ernunes@redhat.com>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230320160856.364319-2-ernunes@redhat.com>
(cherry picked from commit f8a951bb951140a585341c700ebeec58d83f7bbc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e0baf24b4aa87f70b6bf08a1d578a31ad94ee0cb
https://github.com/qemu/qemu/commit/e0baf24b4aa87f70b6bf08a1d578a31ad94ee0cb
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M ui/sdl2-gl.c
Log Message:
-----------
ui/sdl2: fix surface_gl_update_texture: Assertion 'gls' failed
Before sdl2_gl_update() is called, sdl2_gl_switch() may decide to
destroy the console window and its associated shaders.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1644
Fixes: c84ab0a500a8 ("ui/console: optionally update after gfx switch")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <20230511074217.4171842-1-marcandre.lureau@redhat.com>
(cherry picked from commit b3a654d82ecf276b59a67b2fd688e11a0d8a0064)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9e36edcf03f8fe236a92ca20e44048d6cc8f8cba
https://github.com/qemu/qemu/commit/9e36edcf03f8fe236a92ca20e44048d6cc8f8cba
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M ui/dbus-listener.c
Log Message:
-----------
ui/dbus: fix compilation when GBM && !OPENGL
commit 4814d3cbf ("ui/dbus: restrict opengl to gbm-enabled config")
assumes that whenever GBM is available, OpenGL is. This is not always
the case, let's further restrict opengl-related paths and fix some
compilation issues.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20230515132348.1024663-1-marcandre.lureau@redhat.com>
(cherry picked from commit 0b31e48d62c8f3a282d1bffbcc0e90200df9f9f0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 772a83c6db2b48297398b64fbab66c275fd613b7
https://github.com/qemu/qemu/commit/772a83c6db2b48297398b64fbab66c275fd613b7
Author: Bernhard Beschow <shentey@gmail.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M ui/sdl2.c
Log Message:
-----------
ui/sdl2: Grab Alt+Tab also in fullscreen mode
By default, SDL grabs Alt+Tab only in non-fullscreen mode. This causes Alt+Tab
to switch tasks on the host rather than in the VM in fullscreen mode while it
switches tasks in non-fullscreen mode in the VM. Fix this confusing behavior
by grabbing Alt+Tab in fullscreen mode, always causing tasks to be switched in
the VM.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20230417192139.43263-2-shentey@gmail.com>
(cherry picked from commit efc00a37090eced53bff8b42d26991252aaacc44)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e0968d21e27ef9c406f709180a39a076e786efbe
https://github.com/qemu/qemu/commit/e0968d21e27ef9c406f709180a39a076e786efbe
Author: Bernhard Beschow <shentey@gmail.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M ui/sdl2.c
Log Message:
-----------
ui/sdl2: Grab Alt+F4 also under Windows
SDL doesn't grab Alt+F4 under Windows by default. Pressing Alt+F4 thus closes
the VM immediately without confirmation, possibly leading to data loss. Fix
this by always grabbing Alt+F4 on Windows hosts, too.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20230417192139.43263-3-shentey@gmail.com>
(cherry picked from commit 083db9db44c89d7ea7f81844302194d708bcff2b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: bc8e883065f36581e4f2352c31a1dfa5f65a82f2
https://github.com/qemu/qemu/commit/bc8e883065f36581e4f2352c31a1dfa5f65a82f2
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M ui/sdl2.c
Log Message:
-----------
ui/sdl2: disable SDL_HINT_GRAB_KEYBOARD on Windows
Windows sends an extra left control key up/down input event for
every right alt key up/down input event for keyboards with
international layout. Since commit 830473455f ("ui/sdl2: fix
handling of AltGr key on Windows") QEMU uses a Windows low level
keyboard hook procedure to reliably filter out the special left
control key and to grab the keyboard on Windows.
The SDL2 version 2.0.16 introduced its own Windows low level
keyboard hook procedure to grab the keyboard. Windows calls this
callback before the QEMU keyboard hook procedure. This disables
the special left control key filter when the keyboard is grabbed.
To fix the problem, disable the SDL2 Windows low level keyboard
hook procedure.
Reported-by: Bernhard Beschow <shentey@gmail.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Bernhard Beschow <shentey@gmail.com>
Message-Id: <20230418062823.5683-1-vr_qemu@t-online.de>
(cherry picked from commit 1dfea3f212e43bfd59d1e1f40b9776db440b211f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: cdda1ce15847045972c3ec7d84b7f51fb84ecc5f
https://github.com/qemu/qemu/commit/cdda1ce15847045972c3ec7d84b7f51fb84ecc5f
Author: Tommy Wu <tommy.wu@sifive.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M hw/dma/xilinx_axidma.c
Log Message:
-----------
hw/dma/xilinx_axidma: Check DMASR.HALTED to prevent infinite loop.
When we receive a packet from the xilinx_axienet and then try to s2mem
through the xilinx_axidma, if the descriptor ring buffer is full in the
xilinx axidma driver, we’ll assert the DMASR.HALTED in the
function : stream_process_s2mem and return 0. In the end, we’ll be stuck in
an infinite loop in axienet_eth_rx_notify.
This patch checks the DMASR.HALTED state when we try to push data
from xilinx axi-enet to xilinx axi-dma. When the DMASR.HALTED is asserted,
we will not keep pushing the data and then prevent the infinte loop.
Signed-off-by: Tommy Wu <tommy.wu@sifive.com>
Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-id: 20230519062137.1251741-1-tommy.wu@sifive.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 31afe04586efeccb80cc36ffafcd0e32a3245ffb)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 505f0c68c9bd571353ee6ef4679e2192aa3f712f
https://github.com/qemu/qemu/commit/505f0c68c9bd571353ee6ef4679e2192aa3f712f
Author: Clément Chigot <chigot@adacore.com>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M hw/arm/xlnx-zynqmp.c
Log Message:
-----------
hw/arm/xlnx-zynqmp: fix unsigned error when checking the RPUs number
When passing --smp with a number lower than XLNX_ZYNQMP_NUM_APU_CPUS,
the expression (ms->smp.cpus - XLNX_ZYNQMP_NUM_APU_CPUS) will result
in a positive number as ms->smp.cpus is a unsigned int.
This will raise the following error afterwards, as Qemu will try to
instantiate some additional RPUs.
| $ qemu-system-aarch64 --smp 1 -M xlnx-zcu102
| **
| ERROR:../src/tcg/tcg.c:777:tcg_register_thread:
| assertion failed: (n < tcg_max_ctxs)
Signed-off-by: Clément Chigot <chigot@adacore.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Tested-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-id: 20230524143714.565792-1-chigot@adacore.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit c9ba1c9f02cfede5329f504cdda6fd3a256e0434)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f81a5d68636b15cab544e3ad52790d51803bba86
https://github.com/qemu/qemu/commit/f81a5d68636b15cab544e3ad52790d51803bba86
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-05-31 (Wed, 31 May 2023)
Changed paths:
M target/arm/tcg/tlb_helper.c
Log Message:
-----------
target/arm: Explicitly select short-format FSR for M-profile
For M-profile, there is no guest-facing A-profile format FSR, but we
still use the env->exception.fsr field to pass fault information from
the point where a fault is raised to the code in
arm_v7m_cpu_do_interrupt() which interprets it and sets the M-profile
specific fault status registers. So it doesn't matter whether we
fill in env->exception.fsr in the short format or the LPAE format, as
long as both sides agree. As it happens arm_v7m_cpu_do_interrupt()
assumes short-form.
In compute_fsr_fsc() we weren't explicitly choosing short-form for
M-profile, but instead relied on it falling out in the wash because
arm_s1_regime_using_lpae_format() would be false. This was broken in
commit 452c67a4 when we added v8R support, because we said "PMSAv8 is
always LPAE format" (as it is for v8R), forgetting that we were
implicitly using this code path on M-profile. At that point we would
hit a g_assert_not_reached():
ERROR:../../target/arm/internals.h:549:arm_fi_to_lfsc: code should not be
reached
#7 0x0000555555e055f7 in arm_fi_to_lfsc (fi=0x7fffecff9a90) at
../../target/arm/internals.h:549
#8 0x0000555555e05a27 in compute_fsr_fsc (env=0x555557356670,
fi=0x7fffecff9a90, target_el=1, mmu_idx=1, ret_fsc=0x7fffecff9a1c)
at ../../target/arm/tlb_helper.c:95
#9 0x0000555555e05b62 in arm_deliver_fault (cpu=0x555557354800,
addr=268961344, access_type=MMU_INST_FETCH, mmu_idx=1, fi=0x7fffecff9a90)
at ../../target/arm/tlb_helper.c:132
#10 0x0000555555e06095 in arm_cpu_tlb_fill (cs=0x555557354800,
address=268961344, size=1, access_type=MMU_INST_FETCH, mmu_idx=1, probe=false,
retaddr=0)
at ../../target/arm/tlb_helper.c:260
The specific assertion changed when commit fcc7404eff24b4c added
"assert not M-profile" to arm_is_secure_below_el3(), because the
conditions being checked in compute_fsr_fsc() include
arm_el_is_aa64(), which will end up calling arm_is_secure_below_el3()
and asserting before we try to call arm_fi_to_lfsc():
#7 0x0000555555efaf43 in arm_is_secure_below_el3 (env=0x5555574665a0) at
../../target/arm/cpu.h:2396
#8 0x0000555555efb103 in arm_is_el2_enabled (env=0x5555574665a0) at
../../target/arm/cpu.h:2448
#9 0x0000555555efb204 in arm_el_is_aa64 (env=0x5555574665a0, el=1) at
../../target/arm/cpu.h:2509
#10 0x0000555555efbdfd in compute_fsr_fsc (env=0x5555574665a0,
fi=0x7fffecff99e0, target_el=1, mmu_idx=1, ret_fsc=0x7fffecff996c)
Avoid the assertion and the incorrect FSR format selection by
explicitly making M-profile use the short-format in this function.
Fixes: 452c67a42704 ("target/arm: Enable TTBCR_EAE for ARMv8-R AArch32")a
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1658
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230523131726.866635-1-peter.maydell@linaro.org
(cherry picked from commit d7fe699be54b2cbb8e4ee37b63588b3458a49da7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6a9f9e6499e805941bf46e5036dd829ff3326bc2
https://github.com/qemu/qemu/commit/6a9f9e6499e805941bf46e5036dd829ff3326bc2
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/ex-branch.c
Log Message:
-----------
tests/tcg/s390x: Test EXECUTE of relative branches
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230426235813.198183-3-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit bfa72590df14e4c94c03d2464f3abe18bf2e5dac)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: forgotten testcase for commit b858c53ef632b80f3269773a18b17639b1eec62c)
Commit: 76d4eb3a5e24cd7f0e47ae5f0b0d01c3243f1bec
https://github.com/qemu/qemu/commit/76d4eb3a5e24cd7f0e47ae5f0b0d01c3243f1bec
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M target/s390x/tcg/insn-data.h.inc
Log Message:
-----------
target/s390x: Fix LCBB overwriting the top 32 bits
LCBB is supposed to overwrite only the bottom 32 bits, but QEMU
erroneously overwrites the entire register.
Fixes: 6d9303322ed9 ("s390x/tcg: Implement LOAD COUNT TO BLOCK BOUNDARY")
Cc: qemu-stable@nongnu.org
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230526181240.1425579-2-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 079181b9bc60389e106009a1530d3cc42256f567)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8776c6cf6a58841c8e96ba2bf7d11f48861934d4
https://github.com/qemu/qemu/commit/8776c6cf6a58841c8e96ba2bf7d11f48861934d4
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/lcbb.c
Log Message:
-----------
tests/tcg/s390x: Test LCBB
Add a test to prevent regressions.
Cc: qemu-stable@nongnu.org
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230526181240.1425579-3-iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 05d000fb4dcac4bc02ffa08fcf14b51683b878f6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0d4bced3747c6e07d79dca571e18fb2f12f8622c
https://github.com/qemu/qemu/commit/0d4bced3747c6e07d79dca571e18fb2f12f8622c
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M target/s390x/tcg/insn-data.h.inc
Log Message:
-----------
target/s390x: Fix LOCFHR taking the wrong half of R2
LOCFHR should write top-to-top, but QEMU erroneously writes
bottom-to-top.
Fixes: 45aa9aa3b773 ("target/s390x: Implement load-on-condition-2 insns")
Cc: qemu-stable@nongnu.org
Reported-by: Mikhail Mitskevich <mitskevichmn@gmail.com>
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1668
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230526181240.1425579-4-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 3180b173621021c365c256cedf2f5845bd4780d0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0a3a9ae1f22fd0adc3f37cef6ce0207c8233ede6
https://github.com/qemu/qemu/commit/0a3a9ae1f22fd0adc3f37cef6ce0207c8233ede6
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/locfhr.c
Log Message:
-----------
tests/tcg/s390x: Test LOCFHR
Add a small test to prevent regressions.
Cc: qemu-stable@nongnu.org
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230526181240.1425579-5-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 230976232f4fcdc205d6ec53ec9f3804b28dc1e7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9b7c1e431eb7707b4e96a98001d87917dcad26f1
https://github.com/qemu/qemu/commit/9b7c1e431eb7707b4e96a98001d87917dcad26f1
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M linux-user/s390x/cpu_loop.c
Log Message:
-----------
linux-user/s390x: Fix single-stepping SVC
Currently single-stepping SVC executes two instructions. The reason is
that EXCP_DEBUG for the SVC instruction itself is masked by EXCP_SVC.
Fix by re-raising EXCP_DEBUG.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230510230213.330134-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 01b9990a3fb84bb9a14017255ab1a4fa86588215)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 373cc0f3b51a798dffd321e8931c8758d700eb5e
https://github.com/qemu/qemu/commit/373cc0f3b51a798dffd321e8931c8758d700eb5e
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/gdbstub/test-svc.py
A tests/tcg/s390x/hello-s390x-asm.S
Log Message:
-----------
tests/tcg/s390x: Test single-stepping SVC
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20230510230213.330134-3-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit be4a4cb429617a8b6893733b37b6203e4b7bf35b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1b4417178e4023a8f6a512dc44a7b2542eee9d54
https://github.com/qemu/qemu/commit/1b4417178e4023a8f6a512dc44a7b2542eee9d54
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M target/s390x/helper.h
M target/s390x/tcg/fpu_helper.c
M target/s390x/tcg/insn-data.h.inc
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix MXDB and MXDBR
These instructions multiply 64 bits by 64 bits, not 128 bits by 64 bits.
Reported-by: Tulio Magno Quites Machado Filho <tuliom@redhat.com>
Fixes: 2b91240f95fd ("target/s390x: Use Int128 for passing float128")
Cc: qemu-stable@nongnu.org
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2211472
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230601223027.795501-2-iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a7f4add7931ef91285fc3d89e6b3842115e09048)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5cd229064af827e4ac8f178107352efab5715dab
https://github.com/qemu/qemu/commit/5cd229064af827e4ac8f178107352efab5715dab
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/mxdb.c
Log Message:
-----------
tests/tcg/s390x: Test MXDB and MXDBR
Add a small test to prevent regressions.
Cc: qemu-stable@nongnu.org
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230601223027.795501-3-iii@linux.ibm.com>
Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 2b956244a9d1b18b9653bf7453870c2d10df2427)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 454d4e438022161c6488753a7b90e4f42dc7abbc
https://github.com/qemu/qemu/commit/454d4e438022161c6488753a7b90e4f42dc7abbc
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M target/s390x/cpu_models.c
M target/s390x/cpu_models.h
Log Message:
-----------
s390x/tcg: Fix CPU address returned by STIDP
In qemu-user-s390x, /proc/cpuinfo contains:
processor 0: version = 00, identification = 000000, machine = 8561
processor 1: version = 00, identification = 400000, machine = 8561
The highest nibble is supposed to contain the CPU address, but it's off
by 2 bits. Fix the shift value and provide a symbolic constant for it.
With the fix we get:
processor 0: version = 00, identification = 000000, machine = 8561
processor 1: version = 00, identification = 100000, machine = 8561
Fixes: 076d4d39b65f ("s390x/cpumodel: wire up cpu type + id for TCG")
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230605113950.1169228-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 71b11cbe1c34411238703abe24bfaf2e9712c30d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 903c71251bdae24aca55a5191ee438b85f936ce6
https://github.com/qemu/qemu/commit/903c71251bdae24aca55a5191ee438b85f936ce6
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M hw/mips/malta.c
Log Message:
-----------
hw/mips/malta: Fix the malta machine on big endian hosts
Booting a Linux kernel with the malta machine is currently broken
on big endian hosts. The cpu_to_gt32 macro wants to byteswap a value
for little endian targets only, but uses the wrong way to do this:
cpu_to_[lb]e32 works the other way round on big endian hosts! Fix
it by using the same ways on both, big and little endian hosts.
Fixes: 0c8427baf0 ("hw/mips/malta: Use bootloader helper to set BAR registers")
Cc: qemu-stable@nongnu.org
Message-Id: <20230330152613.232082-1-thuth@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit dc96009afd8cf2372fa1bbced0bcbcbb2c5d6f1b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1797de7f825fb42118eaee55b874c2230b89e412
https://github.com/qemu/qemu/commit/1797de7f825fb42118eaee55b874c2230b89e412
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M hw/xen/xen-operations.c
Log Message:
-----------
hw/xen: Fix memory leak in libxenstore_open() for Xen
There was a superfluous allocation of the XS handle, leading to it
being leaked on both the error path and the success path (where it gets
allocated again).
Spotted by Coverity (CID 1508098).
Fixes: ba2a92db1ff6 ("hw/xen: Add xenstore operations to allow redirection to
internal emulation")
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20230412185102.441523-3-dwmw2@infradead.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit 8442232eba1b041b379ca5845df8252c1e905e43)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6a69a58b1cc7caac0e0dd9bfa09f274fb35e8d46
https://github.com/qemu/qemu/commit/6a69a58b1cc7caac0e0dd9bfa09f274fb35e8d46
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M hw/i386/kvm/xen_xenstore.c
Log Message:
-----------
hw/xen: Fix broken check for invalid state in xs_be_open()
Coverity points out that if (!s && !s->impl) isn't really what we intended
to do here. CID 1508131.
Fixes: 032475127225 ("hw/xen: Add emulated implementation of XenStore
operations")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230412185102.441523-6-dwmw2@infradead.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit c9bdfe8d587c1a6a8fc2e0ff97343745a9f5f247)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fe8863544945c71c7ad9eca56d84d7750eafed8a
https://github.com/qemu/qemu/commit/fe8863544945c71c7ad9eca56d84d7750eafed8a
Author: Jagannathan Raman <jag.raman@oracle.com>
Date: 2023-06-07 (Wed, 07 Jun 2023)
Changed paths:
M docs/system/multi-process.rst
Log Message:
-----------
docs: fix multi-process QEMU documentation
Fix a typo in the system documentation for multi-process QEMU.
Signed-off-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 7771e8b86335968ee46538d1afd44246e7a062bc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 828af6b31fb75b95d3e7dd516f3a14fbcb0ecacd
https://github.com/qemu/qemu/commit/828af6b31fb75b95d3e7dd516f3a14fbcb0ecacd
Author: Mark Somerville <mark@qpok.net>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M qga/commands-posix.c
Log Message:
-----------
qga: Fix suspend on Linux guests without systemd
Allow the Linux guest agent to attempt each of the suspend methods
(systemctl, pm-* and writing to /sys) in turn.
Prior to this guests without systemd failed to suspend due to
`guest_suspend` returning early regardless of the return value of
`systemd_supports_mode`.
Signed-off-by: Mark Somerville <mark@qpok.net>
Reviewed-by: Konstantin Kostiuk <kkostiuk@redhat.com>
Signed-off-by: Konstantin Kostiuk <kkostiuk@redhat.com>
(cherry picked from commit 86dcb6ab9b603450eb6d896cdc95286de2c7d561)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b9d2887be4e616cdaeedd0b7456bfaa71ee798af
https://github.com/qemu/qemu/commit/b9d2887be4e616cdaeedd0b7456bfaa71ee798af
Author: Christian Schoenebeck <qemu_oss@crudebyte.com>
Date: 2023-06-08 (Thu, 08 Jun 2023)
Changed paths:
M fsdev/virtfs-proxy-helper.c
M hw/9pfs/9p-util.h
Log Message:
-----------
9pfs: prevent opening special files (CVE-2023-2861)
The 9p protocol does not specifically define how server shall behave when
client tries to open a special file, however from security POV it does
make sense for 9p server to prohibit opening any special file on host side
in general. A sane Linux 9p client for instance would never attempt to
open a special file on host side, it would always handle those exclusively
on its guest side. A malicious client however could potentially escape
from the exported 9p tree by creating and opening a device file on host
side.
With QEMU this could only be exploited in the following unsafe setups:
- Running QEMU binary as root AND 9p 'local' fs driver AND 'passthrough'
security model.
or
- Using 9p 'proxy' fs driver (which is running its helper daemon as
root).
These setups were already discouraged for safety reasons before,
however for obvious reasons we are now tightening behaviour on this.
Fixes: CVE-2023-2861
Reported-by: Yanwu Shen <ywsPlz@gmail.com>
Reported-by: Jietao Xiao <shawtao1125@gmail.com>
Reported-by: Jinku Li <jkli@xidian.edu.cn>
Reported-by: Wenbo Shen <shenwenbo@zju.edu.cn>
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Greg Kurz <groug@kaod.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <E1q6w7r-0000Q0-NM@lizzy.crudebyte.com>
(cherry picked from commit f6b0de53fb87ddefed348a39284c8e2f28dc4eda)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 967e42986f79a10a0b0183ff46614067bb8fbf23
https://github.com/qemu/qemu/commit/967e42986f79a10a0b0183ff46614067bb8fbf23
Author: Mattias Nissler <mnissler@rivosinc.com>
Date: 2023-06-11 (Sun, 11 Jun 2023)
Changed paths:
M hw/remote/trace-events
Log Message:
-----------
hw/remote: Fix vfu_cfg trace offset format
The printed offset value is prefixed with 0x, but was actually printed
in decimal. To spare others the confusion, adjust the format specifier
to hexadecimal.
Signed-off-by: Mattias Nissler <mnissler@rivosinc.com>
Reviewed-by: Jagannathan Raman <jag.raman@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 5fb9e8295531f957cf7ac20e89736c8963a25e04)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d09e35feb57899eccf0359815138fe919c5e0c63
https://github.com/qemu/qemu/commit/d09e35feb57899eccf0359815138fe919c5e0c63
Author: Anastasia Belova <abelova@astralinux.ru>
Date: 2023-06-11 (Sun, 11 Jun 2023)
Changed paths:
M ui/vnc-jobs.c
Log Message:
-----------
vnc: move assert in vnc_worker_thread_loop
job may be NULL if queue->exit is true. Check
it before dereference job.
Fixes: f31f9c1080 ("vnc: add magic cookie to VncState")
Signed-off-by: Anastasia Belova <abelova@astralinux.ru>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit bdfca8a22f41e7ad47fd2dac71e4d1387e2c0d4e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3c6346625b3d0995edc8fc99b035f4999cef53f7
https://github.com/qemu/qemu/commit/3c6346625b3d0995edc8fc99b035f4999cef53f7
Author: Nicholas Piggin <npiggin@gmail.com>
Date: 2023-06-11 (Sun, 11 Jun 2023)
Changed paths:
M target/ppc/translate.c
Log Message:
-----------
target/ppc: Fix lqarx to set cpu_reserve
lqarx does not set cpu_reserve, which causes stqcx. to never succeed.
Cc: qemu-stable@nongnu.org
Fixes: 94bf2658676 ("target/ppc: Use atomic load for LQ and LQARX")
Fixes: 57b38ffd0c6 ("target/ppc: Use tcg_gen_qemu_{ld,st}_i128 for LQARX, LQ,
STQ")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230605025445.161932-1-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
(cherry picked from commit e025e8f5a8a7e32409bb4c7c509d752486113188)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1de8291e29cefd5949dc81bb9083daa389fda696
https://github.com/qemu/qemu/commit/1de8291e29cefd5949dc81bb9083daa389fda696
Author: Nicholas Piggin <npiggin@gmail.com>
Date: 2023-06-11 (Sun, 11 Jun 2023)
Changed paths:
M target/ppc/excp_helper.c
Log Message:
-----------
target/ppc: Fix nested-hv HEAI delivery
ppc hypervisors turn HEAI interrupts into program interrupts injected
into the guest that executed the illegal instruction, if the hypervisor
doesn't handle it some other way.
The nested-hv implementation failed to account for this HEAI->program
conversion. The virtual hypervisor wants to see the HEAI when running
a nested guest, so that interrupt type can be returned to its KVM
caller.
Fixes: 7cebc5db2eba6 ("target/ppc: Introduce a vhyp framework for nested HV
support")
Cc: balaton@eik.bme.hu
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20230530132127.385001-1-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
(cherry picked from commit 6c242e79b876b3570b8fd2f10f2a502467758e56)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e7d265340efb6b0ec7b1a4b8613de858e9deebb3
https://github.com/qemu/qemu/commit/e7d265340efb6b0ec7b1a4b8613de858e9deebb3
Author: Nicholas Piggin <npiggin@gmail.com>
Date: 2023-06-11 (Sun, 11 Jun 2023)
Changed paths:
M target/ppc/cpu_init.c
M target/ppc/helper_regs.c
M target/ppc/helper_regs.h
M target/ppc/machine.c
M target/ppc/power8-pmu.c
M target/ppc/power8-pmu.h
Log Message:
-----------
target/ppc: Fix PMU hflags calculation
Some of the PMU hflags bits can go out of synch, for example a store to
MMCR0 with PMCjCE=1 fails to update hflags correctly and results in
hflags mismatch:
qemu: fatal: TCG hflags mismatch (current:0x2408003d rebuilt:0x240a003d)
This can be reproduced by running perf on a recent machine.
Some of the fragility here is the duplication of PMU hflags calculations.
This change consolidates that in a single place to update pmu-related
hflags, to be called after a well defined state changes.
The post-load PMU update is pulled out of the MSR update because it does
not depend on the MSR value.
Fixes: 8b3d1c49a9f0 ("target/ppc: Add new PMC HFLAGS")
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20230530130447.372617-1-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
(cherry picked from commit 6494d2c1fd4ebc37b575130399a97a1fcfff1afc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4a83e27b21289dd5ae06fddf113e0d1ae19c42ad
https://github.com/qemu/qemu/commit/4a83e27b21289dd5ae06fddf113e0d1ae19c42ad
Author: Yin Wang <yin.wang@intel.com>
Date: 2023-06-14 (Wed, 14 Jun 2023)
Changed paths:
M hw/riscv/numa.c
Log Message:
-----------
hw/riscv: qemu crash when NUMA nodes exceed available CPUs
Command "qemu-system-riscv64 -machine virt
-m 2G -smp 1 -numa node,mem=1G -numa node,mem=1G"
would trigger this problem.Backtrace with:
#0 0x0000555555b5b1a4 in riscv_numa_get_default_cpu_node_id at
../hw/riscv/numa.c:211
#1 0x00005555558ce510 in machine_numa_finish_cpu_init at
../hw/core/machine.c:1230
#2 0x00005555558ce9d3 in machine_run_board_init at ../hw/core/machine.c:1346
#3 0x0000555555aaedc3 in qemu_init_board at ../softmmu/vl.c:2513
#4 0x0000555555aaf064 in qmp_x_exit_preconfig at ../softmmu/vl.c:2609
#5 0x0000555555ab1916 in qemu_init at ../softmmu/vl.c:3617
#6 0x000055555585463b in main at ../softmmu/main.c:47
This commit fixes the issue by adding parameter checks.
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Reviewed-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Yin Wang <yin.wang@intel.com>
Message-Id: <20230519023758.1759434-1-yin.wang@intel.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit b9cedbf19cb4be04908a3a623f0f237875483499)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fb8b14025bf17f982c7b2c46031726ea4b6bc341
https://github.com/qemu/qemu/commit/fb8b14025bf17f982c7b2c46031726ea4b6bc341
Author: Cédric Le Goater <clg@kaod.org>
Date: 2023-06-16 (Fri, 16 Jun 2023)
Changed paths:
M hw/misc/aspeed_hace.c
Log Message:
-----------
aspeed/hace: Initialize g_autofree pointer
As mentioned in docs/devel/style.rst "Automatic memory deallocation":
* Variables declared with g_auto* MUST always be initialized,
otherwise the cleanup function will use uninitialized stack memory
This avoids QEMU to coredump when running the "hash test" command
under Zephyr.
Cc: Steven Lee <steven_lee@aspeedtech.com>
Cc: Joel Stanley <joel@jms.id.au>
Cc: qemu-stable@nongnu.org
Fixes: c5475b3f9a ("hw: Model ASPEED's Hash and Crypto Engine")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Francisco Iglesias <frasse.iglesias@gmail.com>
Message-Id: <20230421131547.2177449-1-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
(cherry picked from commit c8f48b120b31f6bbe33135ef5d478e485c37e3c2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2bdaf891625fe89161ea652442d76e3a6e6ee4d0
https://github.com/qemu/qemu/commit/2bdaf891625fe89161ea652442d76e3a6e6ee4d0
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
M target/arm/tcg/translate-a64.c
Log Message:
-----------
target/arm: Fix return value from LDSMIN/LDSMAX 8/16 bit atomics
The atomic memory operations are supposed to return the old memory
data value in the destination register. This value is not
sign-extended, even if the operation is the signed minimum or
maximum. (In the pseudocode for the instructions the returned data
value is passed to ZeroExtend() to create the value in the register.)
We got this wrong because we were doing a 32-to-64 zero extend on the
result for 8 and 16 bit data values, rather than the correct amount
of zero extension.
Fix the bug by using ext8u and ext16u for the MO_8 and MO_16 data
sizes rather than ext32u.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230602155223.2040685-2-peter.maydell@linaro.org
(cherry picked from commit 243705aa6ea3465b20e9f5a8bfcf36d3153f3c10)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f38ca28c664dacf503822c7445412dd19942824c
https://github.com/qemu/qemu/commit/f38ca28c664dacf503822c7445412dd19942824c
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
M target/arm/tcg/translate-a64.c
Log Message:
-----------
target/arm: Return correct result for LDG when ATA=0
The LDG instruction loads the tag from a memory address (identified
by [Xn + offset]), and then merges that tag into the destination
register Xt. We implemented this correctly for the case when
allocation tags are enabled, but didn't get it right when ATA=0:
instead of merging the tag bits into Xt, we merged them into the
memory address [Xn + offset] and then set Xt to that.
Merge the tag bits into the old Xt value, as they should be.
Cc: qemu-stable@nongnu.org
Fixes: c15294c1e36a7dd9b25 ("target/arm: Implement LDG, STG, ST2G instructions")
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 7e2788471f9e079fff696a694721a7d41a451839)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 22d71f9eb3b39e5861400c6d5daa6fa837a358e3
https://github.com/qemu/qemu/commit/22d71f9eb3b39e5861400c6d5daa6fa837a358e3
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
M hw/intc/allwinner-a10-pic.c
Log Message:
-----------
hw/intc/allwinner-a10-pic: Handle IRQ levels other than 0 or 1
In commit 2c5fa0778c3b430 we fixed an endianness bug in the Allwinner
A10 PIC model; however in the process we introduced a regression.
This is because the old code was robust against the incoming 'level'
argument being something other than 0 or 1, whereas the new code was
not.
In particular, the allwinner-sdhost code treats its IRQ line
as 0-vs-non-0 rather than 0-vs-1, so when the SD controller
set its IRQ line for any reason other than transmit the
interrupt controller would ignore it. The observed effect
was a guest timeout when rebooting the guest kernel.
Handle level values other than 0 or 1, to restore the old
behaviour.
Fixes: 2c5fa0778c3b430 ("hw/intc/allwinner-a10-pic: Don't use
set_bit()/clear_bit()")
(Mjt: af08c70ef5204fe in stable-8.0)
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20230606104609.3692557-2-peter.maydell@linaro.org
(cherry picked from commit f837b468cdaa7e736b5385c7dc4f8c5adcad3bf1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4553eee1566d2d4319184bd5e1c73bed541e4f93
https://github.com/qemu/qemu/commit/4553eee1566d2d4319184bd5e1c73bed541e4f93
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-06-22 (Thu, 22 Jun 2023)
Changed paths:
M hw/timer/nrf51_timer.c
Log Message:
-----------
hw/timer/nrf51_timer: Don't lose time when timer is queried in tight loop
The nrf51_timer has a free-running counter which we implement using
the pattern of using two fields (update_counter_ns, counter) to track
the last point at which we calculated the counter value, and the
counter value at that time. Then we can find the current counter
value by converting the difference in wall-clock time between then
and now to a tick count that we need to add to the counter value.
Unfortunately the nrf51_timer's implementation of this has a bug
which means it loses time every time update_counter() is called.
After updating s->counter it always sets s->update_counter_ns to
'now', even though the actual point when s->counter hit the new value
will be some point in the past (half a tick, say). In the worst case
(guest code in a tight loop reading the counter, icount mode) the
counter is continually queried less than a tick after it was last
read, so s->counter never advances but s->update_counter_ns does, and
the guest never makes forward progress.
The fix for this is to only advance update_counter_ns to the
timestamp of the last tick, not all the way to 'now'. (This is the
pattern used in hw/misc/mps2-fpgaio.c's counter.)
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-id: 20230606134917.3782215-1-peter.maydell@linaro.org
(cherry picked from commit d2f9a79a8cf6ab992e1d0f27ad05b3e582d2b18a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b9e1415e16391c6376a0d42d29dd412cd6046ad3
https://github.com/qemu/qemu/commit/b9e1415e16391c6376a0d42d29dd412cd6046ad3
Author: Siqi Chen <coc.cyqh@gmail.com>
Date: 2023-06-23 (Fri, 23 Jun 2023)
Changed paths:
M target/tricore/translate.c
Log Message:
-----------
target/tricore: Fix out-of-bounds index in imask instruction
When translating "imask" instruction of Tricore architecture, QEMU did not
check whether the register index was out of bounds, resulting in a
global-buffer-overflow.
Reviewed-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1698
Reported-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612065633.149152-1-coc.cyqh@gmail.com>
Message-Id: <20230612113245.56667-2-kbastian@mail.uni-paderborn.de>
(cherry picked from commit d34b092cab606a47a0d76edde45aab7100bb2435)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 72a23f2991d50f790f197ed16f47331684dc091c
https://github.com/qemu/qemu/commit/72a23f2991d50f790f197ed16f47331684dc091c
Author: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Date: 2023-06-23 (Fri, 23 Jun 2023)
Changed paths:
M target/tricore/translate.c
Log Message:
-----------
target/tricore: Add CHECK_REG_PAIR() for insn accessing 64 bit regs
some insns were not checking if an even index was used to access a 64
bit register. In the worst case that could lead to a buffer overflow as
reported in https://gitlab.com/qemu-project/qemu/-/issues/1698.
Reported-by: Siqi Chen <coc.cyqh@gmail.com>
Signed-off-by: Bastian Koppelmann <kbastian@mail.uni-paderborn.de>
Message-Id: <20230612113245.56667-4-kbastian@mail.uni-paderborn.de>
(cherry picked from commit 6991777ec4b2a344d47bddec62744bedd9883d78)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: cf7950282da51f44ecf99462854d53085e014771
https://github.com/qemu/qemu/commit/cf7950282da51f44ecf99462854d53085e014771
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M include/qemu/compiler.h
M include/qemu/host-utils.h
Log Message:
-----------
host-utils: Avoid using __builtin_subcll on buggy versions of Apple Clang
We use __builtin_subcll() to do a 64-bit subtract with borrow-in and
borrow-out when the host compiler supports it. Unfortunately some
versions of Apple Clang have a bug in their implementation of this
intrinsic which means it returns the wrong value. The effect is that
a QEMU built with the affected compiler will hang when emulating x86
or m68k float80 division.
The upstream LLVM issue is:
https://github.com/llvm/llvm-project/issues/55253
The commit that introduced the bug apparently never made it into an
upstream LLVM release without the subsequent fix
https://github.com/llvm/llvm-project/commit/fffb6e6afdbaba563189c1f715058ed401fbc88d
but unfortunately it did make it into Apple Clang 14.0, as shipped
in Xcode 14.3 (14.2 is reported to be OK). The Apple bug number is
FB12210478.
Add ifdefs to avoid use of __builtin_subcll() on Apple Clang version
14 or greater. There is not currently a version of Apple Clang which
has the bug fix -- when one appears we should be able to add an upper
bound to the ifdef condition so we can start using the builtin again.
We make the lower bound a conservative "any Apple clang with major
version 14 or greater" because the consequences of incorrectly
disabling the builtin when it would work are pretty small and the
consequences of not disabling it when we should are pretty bad.
Many thanks to those users who both reported this bug and also
did a lot of work in identifying the root cause; in particular
to Daniel Bertalan and osy.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1631
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1659
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Daniel Bertalan <dani@danielbertalan.dev>
Tested-by: Tested-By: Solra Bizna <solra@bizna.name>
Message-id: 20230622130823.1631719-1-peter.maydell@linaro.org
(cherry picked from commit b0438861efe1dfbdfdd9fa1d9aa05100d37ea8ee)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: deb40cf67ae4ac9750b8ebd289a06a9c056a238c
https://github.com/qemu/qemu/commit/deb40cf67ae4ac9750b8ebd289a06a9c056a238c
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M pc-bios/keymaps/meson.build
Log Message:
-----------
pc-bios/keymaps: Use the official xkb name for Arabic layout, not the legacy
synonym
The xkb official name for the Arabic keyboard layout is 'ara'.
However xkb has for at least the past 15 years also permitted it to
be named via the legacy synonym 'ar'. In xkeyboard-config 2.39 this
synoynm was removed, which breaks compilation of QEMU:
FAILED: pc-bios/keymaps/ar
/home/fred/qemu-git/src/qemu/build-full/qemu-keymap -f pc-bios/keymaps/ar -l ar
xkbcommon: ERROR: Couldn't find file "symbols/ar" in include paths
xkbcommon: ERROR: 1 include paths searched:
xkbcommon: ERROR: /usr/share/X11/xkb
xkbcommon: ERROR: 3 include paths could not be added:
xkbcommon: ERROR: /home/fred/.config/xkb
xkbcommon: ERROR: /home/fred/.xkb
xkbcommon: ERROR: /etc/xkb
xkbcommon: ERROR: Abandoning symbols file "(unnamed)"
xkbcommon: ERROR: Failed to compile xkb_symbols
xkbcommon: ERROR: Failed to compile keymap
The upstream xkeyboard-config change removing the compat
mapping is:
https://gitlab.freedesktop.org/xkeyboard-config/xkeyboard-config/-/commit/470ad2cd8fea84d7210377161d86b31999bb5ea6
Make QEMU always ask for the 'ara' xkb layout, which should work on
both older and newer xkeyboard-config. We leave the QEMU name for
this keyboard layout as 'ar'; it is not the only one where our name
for it deviates from the xkb standard name.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-id: 20230620162024.1132013-1-peter.maydell@linaro.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1709
(cherry picked from commit 497fad38979c16b6412388927401e577eba43d26)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8fa146229292ba420ef16427d766cc727d3e6b15
https://github.com/qemu/qemu/commit/8fa146229292ba420ef16427d766cc727d3e6b15
Author: Helge Deller <deller@gmx.de>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M hw/hppa/machine.c
Log Message:
-----------
target/hppa: Fix OS reboot issues
When the OS triggers a reboot, the reset helper function sends a
qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET) together with an
EXCP_HLT exception to halt the CPUs.
So, at reboot when initializing the CPUs again, make sure to set all
instruction pointers to the firmware entry point, disable any interrupts,
disable data and instruction translations, enable PSW_Q bit and tell qemu
to unhalt (halted=0) the CPUs again.
This fixes the various reboot issues which were seen when rebooting a
Linux VM, including the case where even the monarch CPU has been virtually
halted from the OS (e.g. via "chcpu -d 0" inside the Linux VM).
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 50ba97e928b44ff5bc731c9ffe68d86acbe44639)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 29c753001b4cab6935c3b5d402c3eb672fdfcd35
https://github.com/qemu/qemu/commit/29c753001b4cab6935c3b5d402c3eb672fdfcd35
Author: Helge Deller <deller@gmx.de>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M hw/hppa/machine.c
Log Message:
-----------
target/hppa: Provide qemu version via fw_cfg to firmware
Give current QEMU version string to SeaBIOS-hppa via fw_cfg interface so
that the firmware can show the QEMU version in the boot menu info.
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 069d296669448b9eef72c6332ae84af962d9582c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 06f32b3dcf63e956c05683cc637ed4ccb8b86077
https://github.com/qemu/qemu/commit/06f32b3dcf63e956c05683cc637ed4ccb8b86077
Author: Helge Deller <deller@gmx.de>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M pc-bios/hppa-firmware.img
M roms/seabios-hppa
Log Message:
-----------
target/hppa: New SeaBIOS-hppa version 7
Update SeaBIOS-hppa to version 7 which fixes a boot problem
with Debian-12 install CD images.
The problem with Debian-12 is, that the ramdisc got bigger
than what the firmware could load in one call to the LSI
scsi driver.
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit bb9c998ca9343d445c76b69fa15dea9db692f526)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: pick this one before picking next 34ec3aea54368a92b6 "SeaBIOS-hppa
version 8")
Commit: b62e5d8ac149c84f3d2dc4aa66800a27b51127fb
https://github.com/qemu/qemu/commit/b62e5d8ac149c84f3d2dc4aa66800a27b51127fb
Author: Helge Deller <deller@gmx.de>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M pc-bios/hppa-firmware.img
M roms/seabios-hppa
Log Message:
-----------
target/hppa: Update to SeaBIOS-hppa version 8
Update SeaBIOS-hppa to version 8.
Fixes:
- boot of HP-UX with SMP, and
- reboot of Linux and HP-UX with SMP
Enhancements:
- show qemu version in boot menu
- adds exit menu entry in boot menu to quit emulation
- allow to trace PCD_CHASSIS codes & machine run status
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 34ec3aea54368a92b62a55c656335885ba8c65ef)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c10525874c0531e7dd1855890d0530739cebf5dd
https://github.com/qemu/qemu/commit/c10525874c0531e7dd1855890d0530739cebf5dd
Author: Prasad Pandit <pjp@fedoraproject.org>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M hw/virtio/vhost.c
Log Message:
-----------
vhost: release memory_listener object in error path
vhost_dev_start function does not release memory_listener object
in case of an error. This may crash the guest when vhost is unable
to set memory table:
stack trace of thread 125653:
Program terminated with signal SIGSEGV, Segmentation fault
#0 memory_listener_register (qemu-kvm + 0x6cda0f)
#1 vhost_dev_start (qemu-kvm + 0x699301)
#2 vhost_net_start (qemu-kvm + 0x45b03f)
#3 virtio_net_set_status (qemu-kvm + 0x665672)
#4 qmp_set_link (qemu-kvm + 0x548fd5)
#5 net_vhost_user_event (qemu-kvm + 0x552c45)
#6 tcp_chr_connect (qemu-kvm + 0x88d473)
#7 tcp_chr_new_client (qemu-kvm + 0x88cf83)
#8 tcp_chr_accept (qemu-kvm + 0x88b429)
#9 qio_net_listener_channel_func (qemu-kvm + 0x7ac07c)
#10 g_main_context_dispatch (libglib-2.0.so.0 + 0x54e2f)
Release memory_listener objects in the error path.
Signed-off-by: Prasad Pandit <pjp@fedoraproject.org>
Message-Id: <20230529114333.31686-2-ppandit@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Fixes: c471ad0e9b ("vhost_net: device IOTLB support")
Cc: qemu-stable@nongnu.org
Acked-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 1e3ffb34f764f8ac4c003b2b2e6a775b2b073a16)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 46fe2deaefb0d72036f47029ff8f7a10904e775c
https://github.com/qemu/qemu/commit/46fe2deaefb0d72036f47029ff8f7a10904e775c
Author: Prasad Pandit <pjp@fedoraproject.org>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M hw/virtio/vhost.c
Log Message:
-----------
vhost: release virtqueue objects in error path
vhost_dev_start function does not release virtqueue objects when
event_notifier_init() function fails. Release virtqueue objects
and log a message about function failure.
Signed-off-by: Prasad Pandit <pjp@fedoraproject.org>
Message-Id: <20230529114333.31686-3-ppandit@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: f9a09ca3ea ("vhost: add support for configure interrupt")
Reviewed-by: Peter Xu <peterx@redhat.com>
Cc: qemu-stable@nongnu.org
Acked-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 77ece20ba04582d94c345ac0107ddff2fd18d27a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d33534a4c7e49f11e97c6d098f8aa2fd45903cfa
https://github.com/qemu/qemu/commit/d33534a4c7e49f11e97c6d098f8aa2fd45903cfa
Author: Eugenio Pérez <eperezma@redhat.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M net/vhost-vdpa.c
Log Message:
-----------
vdpa: fix not using CVQ buffer in case of error
Bug introducing when refactoring. Otherway, the guest never received
the used buffer.
Fixes: be4278b65fc1 ("vdpa: extract vhost_vdpa_net_cvq_add from
vhost_vdpa_net_handle_ctrl_avail")
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230602173451.1917999-1-eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Tested-by: Lei Yang <leiyang@redhat.com>
(cherry picked from commit d45243bcfc61a3c34f96a4fc34bffcb9929daba0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: aab37b2002811f112d5c26337473486d7d585881
https://github.com/qemu/qemu/commit/aab37b2002811f112d5c26337473486d7d585881
Author: Ani Sinha <anisinha@redhat.com>
Date: 2023-06-26 (Mon, 26 Jun 2023)
Changed paths:
M net/vhost-vdpa.c
Log Message:
-----------
vhost-vdpa: do not cleanup the vdpa/vhost-net structures if peer nic is
present
When a peer nic is still attached to the vdpa backend, it is too early to free
up the vhost-net and vdpa structures. If these structures are freed here, then
QEMU crashes when the guest is being shut down. The following call chain
would result in an assertion failure since the pointer returned from
vhost_vdpa_get_vhost_net() would be NULL:
do_vm_stop() -> vm_state_notify() -> virtio_set_status() ->
virtio_net_vhost_status() -> get_vhost_net().
Therefore, we defer freeing up the structures until at guest shutdown
time when qemu_cleanup() calls net_cleanup() which then calls
qemu_del_net_client() which would eventually call vhost_vdpa_cleanup()
again to free up the structures. This time, the loop in net_cleanup()
ensures that vhost_vdpa_cleanup() will be called one last time when
all the peer nics are detached and freed.
All unit tests pass with this change.
CC: imammedo@redhat.com
CC: jusual@redhat.com
CC: mst@redhat.com
Fixes: CVE-2023-3301
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=2128929
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Message-Id: <20230619065209.442185-1-anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit a0d7215e339b61c7d7a7b3fcf754954d80d93eb8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context change for stable-8.0)
Commit: dc4c852d4d4bf5412c740b4c67fa20d7beb8f2e3
https://github.com/qemu/qemu/commit/dc4c852d4d4bf5412c740b4c67fa20d7beb8f2e3
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M ui/console.c
Log Message:
-----------
ui: return NULL when getting cursor without a console
VNC may try to get the current cursor even when there are no consoles
and crashes. Simple reproducer is qemu with -nodefaults.
Fixes: (again)
https://gitlab.com/qemu-project/qemu/-/issues/1548
Fixes: commit 385ac97f8 ("ui: keep current cursor with QemuConsole")
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230428154807.2143652-1-marcandre.lureau@redhat.com>
(cherry picked from commit 333e7599a0d723801235f675719008ce43db93e3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8c792a532ee57e5cb709b77e3bc341e54109eabd
https://github.com/qemu/qemu/commit/8c792a532ee57e5cb709b77e3bc341e54109eabd
Author: Vivek Kasireddy <vivek.kasireddy@intel.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: Make non-gl display updates work again when blob=true
In the case where the console does not have gl capability, and
if blob is set to true, make sure that the display updates still
work. Commit e86a93f55463 accidentally broke this by misplacing
the return statement (in resource_flush) causing the updates to
be silently ignored.
Fixes: e86a93f55463 ("virtio-gpu: splitting one extended mode guest fb into
n-scanouts")
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Dongwon Kim <dongwon.kim@intel.com>
Signed-off-by: Vivek Kasireddy <vivek.kasireddy@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230623060454.3749910-1-vivek.kasireddy@intel.com>
(cherry picked from commit 34e29d85a7734802317c4cac9ad52b10d461c1dc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a76c5126ec42370d65795b2255e4fa601ccb989a
https://github.com/qemu/qemu/commit/a76c5126ec42370d65795b2255e4fa601ccb989a
Author: Markus Armbruster <armbru@redhat.com>
Date: 2023-06-28 (Wed, 28 Jun 2023)
Changed paths:
M hw/sparc64/niagara.c
Log Message:
-----------
Revert "hw/sparc64/niagara: Use blk_name() instead of open-coding it"
This reverts commit 1881f336a33a8a99cb17ab1c57ed953682e8e107.
This commit breaks "-drive if=pflash,readonly=on,file=image.iso". It
claims to merely replace an open-coded version of blk_name() by a
call, but that's not the case. Sorry for the inconvenience!
Reported-by: Jakub Jermář <jakub@jermar.eu>
Cc: qemu-stable@nongnu.org
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20230515151104.1350155-1-armbru@redhat.com>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
(cherry picked from commit ac5e8c1dec246950d73e22dceab5cb36e82aac0b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5e8838524a74338670dca8a7d2f4dd6347b17f00
https://github.com/qemu/qemu/commit/5e8838524a74338670dca8a7d2f4dd6347b17f00
Author: Nicholas Piggin <npiggin@gmail.com>
Date: 2023-06-29 (Thu, 29 Jun 2023)
Changed paths:
M softmmu/icount.c
Log Message:
-----------
icount: don't adjust virtual time backwards after warp
The icount-based QEMU_CLOCK_VIRTUAL runs ahead of the RT clock at times.
When warping, it is possible it is still ahead at the end of the warp,
which causes icount adaptive mode to adjust it backward. This can result
in the machine observing time going backwards.
Prevent this by clamping adaptive adjustment to 0 at minimum.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <20230627061406.241847-1-npiggin@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 67f85346ca9305d9fb3254ceff735ceaadeb0911)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 246b0cf1acc1efa9e4171bad72efdf0507cbe73e
https://github.com/qemu/qemu/commit/246b0cf1acc1efa9e4171bad72efdf0507cbe73e
Author: Eugenio Pérez <eperezma@redhat.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M net/vhost-vdpa.c
Log Message:
-----------
vdpa: mask _F_CTRL_GUEST_OFFLOADS for vhost vdpa devices
QEMU does not emulate it so it must be disabled as long as the backend
does not support it.
Signed-off-by: Eugenio Pérez <eperezma@redhat.com>
Message-Id: <20230602173328.1917385-1-eperezma@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Tested-by: Lei Yang <leiyang@redhat.com>
(cherry picked from commit 51e84244a7799172f4239482199e9b4bdcd23172)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ce6331222dd74abb8ca9832e0cf011ecb9af7408
https://github.com/qemu/qemu/commit/ce6331222dd74abb8ca9832e0cf011ecb9af7408
Author: Laurent Vivier <lvivier@redhat.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M hw/virtio/vhost.c
Log Message:
-----------
vhost: fix vhost_dev_enable_notifiers() error case
in vhost_dev_enable_notifiers(), if virtio_bus_set_host_notifier(true)
fails, we call vhost_dev_disable_notifiers() that executes
virtio_bus_set_host_notifier(false) on all queues, even on queues that
have failed to be initialized.
This triggers a core dump in memory_region_del_eventfd():
virtio_bus_set_host_notifier: unable to init event notifier: Too many open
files (-24)
vhost VQ 1 notifier binding failed: 24
.../softmmu/memory.c:2611: memory_region_del_eventfd: Assertion `i !=
mr->ioeventfd_nb' failed.
Fix the problem by providing to vhost_dev_disable_notifiers() the
number of queues to disable.
Fixes: 8771589b6f81 ("vhost: simplify vhost_dev_enable_notifiers")
Cc: longpeng2@huawei.com
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20230602162735.3670785-1-lvivier@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 92099aa4e9a3bb6856c290afaf41c76f9e3dd9fd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 55ee115e7a13c6a923d3f7f7f18fd3f5de6653aa
https://github.com/qemu/qemu/commit/55ee115e7a13c6a923d3f7f7f18fd3f5de6653aa
Author: Nicholas Piggin <npiggin@gmail.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M hw/ppc/ppc.c
Log Message:
-----------
target/ppc: Fix decrementer time underflow and infinite timer loop
It is possible to store a very large value to the decrementer that it
does not raise the decrementer exception so the timer is scheduled, but
the next time value wraps and is treated as in the past.
This can occur if (u64)-1 is stored on a zero-triggered exception, or
(u64)-1 is stored twice on an underflow-triggered exception, for
example.
If such a value is set in DECAR, it gets stored to the decrementer by
the timer function, which then immediately causes another timer, which
hangs QEMU.
Clamp the decrementer to the implemented width, and use that as the
value for the timer calculation, effectively preventing this overflow.
Reported-by: sdicaro@DDCI.com
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20230530131214.373524-1-npiggin@gmail.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
(cherry picked from commit 09d2db9f46e38e2da990df8ad914d735d764251a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 58b3e4ff5f7eb0aa9c6148c5eeea2454a00c1eac
https://github.com/qemu/qemu/commit/58b3e4ff5f7eb0aa9c6148c5eeea2454a00c1eac
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio/pci: Fix a segfault in vfio_realize
The kvm irqchip notifier is only registered if the device supports
INTx, however it's unconditionally removed in vfio realize error
path. If the assigned device does not support INTx, this will cause
QEMU to crash when vfio realize fails. Change it to conditionally
remove the notifier only if the notify hook is setup.
Before fix:
(qemu) device_add vfio-pci,host=81:11.1,id=vfio1,bus=root1,xres=1
Connection closed by foreign host.
After fix:
(qemu) device_add vfio-pci,host=81:11.1,id=vfio1,bus=root1,xres=1
Error: vfio 0000:81:11.1: xres and yres properties require display=on
(qemu)
Fixes: c5478fea27ac ("vfio/pci: Respond to KVM irqchip change notifier")
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit 357bd7932a136613d700ee8bc83e9165f059d1f7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 383fb8c05c4a5db4b7afda11c1752a80b1e74be1
https://github.com/qemu/qemu/commit/383fb8c05c4a5db4b7afda11c1752a80b1e74be1
Author: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Date: 2023-06-30 (Fri, 30 Jun 2023)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio/pci: Call vfio_prepare_kvm_msi_virq_batch() in MSI retry path
When vfio_enable_vectors() returns with less than requested nr_vectors
we retry with what kernel reported back. But the retry path doesn't
call vfio_prepare_kvm_msi_virq_batch() and this results in,
qemu-system-aarch64: vfio: Error: Failed to enable 4 MSI vectors, retry with 1
qemu-system-aarch64: ../hw/vfio/pci.c:602: vfio_commit_kvm_msi_virq_batch:
Assertion `vdev->defer_kvm_irq_routing' failed
Fixes: dc580d51f7dd ("vfio: defer to commit kvm irq routing when enable
msi/msix")
Reviewed-by: Longpeng <longpeng2@huawei.com>
Signed-off-by: Shameer Kolothum <shameerali.kolothum.thodi@huawei.com>
Reviewed-by: Cédric Le Goater <clg@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit c17408892319712c12357e5d1c6b305499c58c2a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: df1e45c9dfc8d5e9f8c19677799e8a77c601ce29
https://github.com/qemu/qemu/commit/df1e45c9dfc8d5e9f8c19677799e8a77c601ce29
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-07-01 (Sat, 01 Jul 2023)
Changed paths:
M linux-user/mmap.c
Log Message:
-----------
linux-user: Avoid mmap of the last byte of the reserved_va
There is an overflow problem in mmap_find_vma_reserved:
when reserved_va == UINT32_MAX, end may overflow to 0.
Rather than a larger rewrite at this time, simply avoid
the final byte of the VA, which avoids searching the
final page, which avoids the overflow.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1741
Fixes: 95059f9c ("include/exec: Change reserved_va semantics to last byte")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <20230629080835.71371-1-richard.henderson@linaro.org>
(cherry picked from commit 605a8b5491a119a2a6efbf61e5a38f9374645990)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 477ab906d18cd9afbddef3d1f2d3945dbf8bc9da
https://github.com/qemu/qemu/commit/477ab906d18cd9afbddef3d1f2d3945dbf8bc9da
Author: Dongwon Kim <dongwon.kim@intel.com>
Date: 2023-07-02 (Sun, 02 Jul 2023)
Changed paths:
M ui/gtk-egl.c
M ui/gtk-gl-area.c
Log Message:
-----------
ui/gtk: set the area of the scanout texture correctly
x and y offsets and width and height of the scanout texture
is not correctly configured in case guest scanout frame is
dmabuf.
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Vivek Kasireddy <vivek.kasireddy@intel.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Message-ID: <20230621213150.29573-1-dongwon.kim@intel.com>
(cherry picked from commit 37802a24eb4e535d96d6fe0273505d2b5c6528c2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 78e8c9c1a12551b6c8e8909310b9250fcc86830d
https://github.com/qemu/qemu/commit/78e8c9c1a12551b6c8e8909310b9250fcc86830d
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2023-07-02 (Sun, 02 Jul 2023)
Changed paths:
M accel/tcg/tb-maint.c
Log Message:
-----------
accel/tcg: Fix start page passed to tb_invalidate_phys_page_range__locked
Due to a copy-paste error in tb_invalidate_phys_range, the wrong
start address was passed to tb_invalidate_phys_page_range__locked.
Correct is to use the start of each page in turn.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: e506ad6a05 ("accel/tcg: Pass last not end to tb_invalidate_phys_range")
Message-Id: <20230629082522.606219-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 3307e08c6f142bb3d2406cfbc0ee19359748b51a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d2402a83a7c9e714f03d954f3074eab504b49b9d
https://github.com/qemu/qemu/commit/d2402a83a7c9e714f03d954f3074eab504b49b9d
Author: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Date: 2023-07-02 (Sun, 02 Jul 2023)
Changed paths:
M accel/tcg/tb-maint.c
Log Message:
-----------
accel/tcg: Assert one page in tb_invalidate_phys_page_range__locked
Ensure that that both the start and last addresses are within
the same guest page.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230629082522.606219-3-mark.cave-ayland@ilande.co.uk>
[rth: Use tcg_debug_assert, simplify the expression]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit e665cf72fe6357945fdbecf747dac58c0c7c7c66)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fb64b62378fe8985a1c2cacca0cf2102e20f1eab
https://github.com/qemu/qemu/commit/fb64b62378fe8985a1c2cacca0cf2102e20f1eab
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-07-08 (Sat, 08 Jul 2023)
Changed paths:
M target/arm/tcg/translate-sme.c
M tests/tcg/aarch64/Makefile.target
A tests/tcg/aarch64/sme-outprod1.c
Log Message:
-----------
target/arm: Fix SME full tile indexing
For the outer product set of insns, which take an entire matrix
tile as output, the argument is not a combined tile+column.
Therefore using get_tile_rowcol was incorrect, as we extracted
the tile number from itself.
The test case relies only on assembler support for SME, since
no release of GCC recognizes -march=armv9-a+sme yet.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1620
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230622151201.1578522-5-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: dropped now-unneeded changes to sysregs CFLAGS]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 1f51573f7925b80e79a29f87c7d9d6ead60960c0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup context in tests/tcg/aarch64/Makefile.target)
Commit: a342ce9dfeed8088c426e5d51d4a7e47f3764b84
https://github.com/qemu/qemu/commit/a342ce9dfeed8088c426e5d51d4a7e47f3764b84
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: 2023-07-09 (Sun, 09 Jul 2023)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 8.0.3 release
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/f7f686b61cf7...a342ce9dfeed
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] eca6eb: gitlab-ci: Avoid to re-run "configure" in the devi...,
Alex Bennée <=