[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 3b8031: qemu-nbd: regression with arguments p
|
From: |
Helge Deller |
|
Subject: |
[Qemu-commits] [qemu/qemu] 3b8031: qemu-nbd: regression with arguments passing into n... |
|
Date: |
Tue, 01 Aug 2023 11:31:09 -0700 |
Branch: refs/heads/staging-7.2
Home: https://github.com/qemu/qemu
Commit: 3b80317c91b66b52b855b380d2d996701becfbde
https://github.com/qemu/qemu/commit/3b80317c91b66b52b855b380d2d996701becfbde
Author: Denis V. Lunev <den@openvz.org>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M qemu-nbd.c
Log Message:
-----------
qemu-nbd: regression with arguments passing into nbd_client_thread()
Unfortunately
commit 03b67621445d601c9cdc7dfe25812e9f19b81488
(7.2: 6e216d21b56a7545a05080a370b5ca7491fecfb3)
Author: Denis V. Lunev <den@openvz.org>
Date: Mon Jul 17 16:55:40 2023 +0200
qemu-nbd: pass structure into nbd_client_thread instead of plain char*
has introduced a regression. struct NbdClientOpts resides on stack inside
'if' block. This specifically means that this stack space could be reused
once the execution will leave that block of the code.
This means that parameters passed into nbd_client_thread could be
overwritten at any moment.
The patch moves the data to the namespace of main() function effectively
preserving it for the whole process lifetime.
Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Eric Blake <eblake@redhat.com>
CC: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
CC: <qemu-stable@nongnu.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230727105828.324314-1-den@openvz.org>
Signed-off-by: Eric Blake <eblake@redhat.com>
(cherry picked from commit e5b815b0defcc3617f473ba70c3e675ef0ee69c2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: add reference to 6e216d21b56a7545a05080a370b5ca7491fecfb3 for 7.2 branch)
Commit: 772caa5f231fc056e7337c185b6a53b7005d759c
https://github.com/qemu/qemu/commit/772caa5f231fc056e7337c185b6a53b7005d759c
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/s390x/tcg/insn-data.h.inc
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Make CKSM raise an exception if R2 is odd
R2 designates an even-odd register pair; the instruction should raise
a specification exception when R2 is not even.
Cc: qemu-stable@nongnu.org
Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-2-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 761b0aa9381e2f755b9b594f7f3033d564561751)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 34009bfd68141d90399aa0a4e9f9081a264d28e3
https://github.com/qemu/qemu/commit/34009bfd68141d90399aa0a4e9f9081a264d28e3
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/s390x/tcg/mem_helper.c
Log Message:
-----------
target/s390x: Fix CLM with M3=0
When the mask is zero, access exceptions should still be recognized for
1 byte at the second-operand address. CC should be set to 0.
Cc: qemu-stable@nongnu.org
Fixes: defb0e3157af ("s390x: Implement opcode helpers")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-3-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 4b6e4c0b8223681ae85462794848db4386de1a8d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7cf33584512a1a77cc410c121d9555685296491c
https://github.com/qemu/qemu/commit/7cf33584512a1a77cc410c121d9555685296491c
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/s390x/tcg/fpu_helper.c
Log Message:
-----------
target/s390x: Fix CONVERT TO LOGICAL/FIXED with out-of-range inputs
CONVERT TO LOGICAL/FIXED deviate from IEEE 754 in that they raise an
inexact exception on out-of-range inputs. float_flag_invalid_cvti
aligns nicely with that behavior, so convert it to
S390_IEEE_MASK_INEXACT.
Cc: qemu-stable@nongnu.org
Fixes: defb0e3157af ("s390x: Implement opcode helpers")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-4-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 53684e344a27da770acc9012740334154ddea24f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0ef0b83104e0264122ea13eb46f1b9fe061d7361
https://github.com/qemu/qemu/commit/0ef0b83104e0264122ea13eb46f1b9fe061d7361
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix ICM with M3=0
When the mask is zero, access exceptions should still be recognized for
1 byte at the second-operand address. CC should be set to 0.
Cc: qemu-stable@nongnu.org
Fixes: e023e832d0ac ("s390x: translate engine for s390x CPU")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-5-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit a2025557ed4d8d5e6a4d0dd681717c390f51f5be)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: cdd6b6a764dc5a17ab03e9f2cba77f45ac200d5b
https://github.com/qemu/qemu/commit/cdd6b6a764dc5a17ab03e9f2cba77f45ac200d5b
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/s390x/tcg/excp_helper.c
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Make MC raise specification exception when class >= 16
MC requires bit positions 8-11 (upper 4 bits of class) to be zeros,
otherwise it must raise a specification exception.
Cc: qemu-stable@nongnu.org
Fixes: 20d143e2cab8 ("s390x/tcg: Implement MONITOR CALL")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-6-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 9c028c057adce49304c6e4a51f6b426bd4f8f6b8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context edit in target/s390x/tcg/translate.c)
Commit: c1bdd3cdc4636adb150b17f490da5dc5c15689b6
https://github.com/qemu/qemu/commit/c1bdd3cdc4636adb150b17f490da5dc5c15689b6
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/s390x/tcg/translate_vx.c.inc
Log Message:
-----------
target/s390x: Fix assertion failure in VFMIN/VFMAX with type 13
Type 13 is reserved, so using it should result in specification
exception. Due to an off-by-1 error the code triggers an assertion at a
later point in time instead.
Cc: qemu-stable@nongnu.org
Fixes: da4807527f3b ("s390x/tcg: Implement VECTOR FP (MAXIMUM|MINIMUM)")
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20230724082032.66864-8-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit ff537b0370ab5918052b8d8a798e803c47272406)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0c8e6ac989581666b0fe4e0c8502000194152611
https://github.com/qemu/qemu/commit/0c8e6ac989581666b0fe4e0c8502000194152611
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/loongarch/cpu.h
M target/loongarch/csr_helper.c
M target/loongarch/helper.h
M target/loongarch/insn_trans/trans_privileged.c.inc
Log Message:
-----------
target/loongarch: Fix the CSRRD CPUID instruction on big endian hosts
The test in tests/avocado/machine_loongarch.py is currently failing
on big endian hosts like s390x. By comparing the traces between running
the QEMU_EFI.fd bios on a s390x and on a x86 host, it's quickly obvious
that the CSRRD instruction for the CPUID is behaving differently. And
indeed: The code currently does a long read (i.e. 64 bit) from the
address that points to the CPUState->cpu_index field (with tcg_gen_ld_tl()
in the trans_csrrd() function). But this cpu_index field is only an "int"
(i.e. 32 bit). While this dirty pointer magic works on little endian hosts,
it of course fails on big endian hosts. Fix it by using a proper helper
function instead.
Message-Id: <20230720175307.854460-1-thuth@redhat.com>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit c34ad459926f6c600a55fe6782a27edfa405d60b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 61693479d8ff6fff80b346eb7830a61a9db57634
https://github.com/qemu/qemu/commit/61693479d8ff6fff80b346eb7830a61a9db57634
Author: Viktor Prutyanov <viktor@daynix.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M hw/virtio/virtio-pci.c
M include/hw/virtio/virtio.h
Log Message:
-----------
virtio-pci: add handling of PCI ATS and Device-TLB enable/disable
According to PCIe Address Translation Services specification 5.1.3.,
ATS Control Register has Enable bit to enable/disable ATS. Guest may
enable/disable PCI ATS and, accordingly, Device-TLB for the VirtIO PCI
device. So, raise/lower a flag and call a trigger function to pass this
event to a device implementation.
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Message-Id: <20230512135122.70403-2-viktor@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 206e91d143301414df2deb48a411e402414ba6db)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: include/hw/virtio/virtio.h: skip extra struct field added in 8.0)
Commit: 9a541b2143d252a0b96b896e771000f53bcc7c84
https://github.com/qemu/qemu/commit/9a541b2143d252a0b96b896e771000f53bcc7c84
Author: Viktor Prutyanov <viktor@daynix.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M hw/virtio/vhost-stub.c
M hw/virtio/vhost.c
M include/hw/virtio/vhost.h
Log Message:
-----------
vhost: register and change IOMMU flag depending on Device-TLB state
The guest can disable or never enable Device-TLB. In these cases,
it can't be used even if enabled in QEMU. So, check Device-TLB state
before registering IOMMU notifier and select unmap flag depending on
that. Also, implement a way to change IOMMU notifier flag if Device-TLB
state is changed.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2001312
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20230626091258.24453-2-viktor@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit ee071f67f7a103c66f85f68ffe083712929122e3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ec934266fdb21c1791163e5d8ccc1632b667045d
https://github.com/qemu/qemu/commit/ec934266fdb21c1791163e5d8ccc1632b667045d
Author: Viktor Prutyanov <viktor@daynix.com>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M hw/net/virtio-net.c
Log Message:
-----------
virtio-net: pass Device-TLB enable/disable events to vhost
If vhost is enabled for virtio-net, Device-TLB enable/disable events
must be passed to vhost for proper IOMMU unmap flag selection.
Signed-off-by: Viktor Prutyanov <viktor@daynix.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20230626091258.24453-3-viktor@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit cd9b8346884353ba9ae6560b44b7cccdf00a6633)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8cce5d060a3e9fb27b1c954a640df5f8c951c576
https://github.com/qemu/qemu/commit/8cce5d060a3e9fb27b1c954a640df5f8c951c576
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M hw/arm/smmu-common.c
M hw/arm/smmuv3.c
Log Message:
-----------
hw/arm/smmu: Handle big-endian hosts correctly
The implementation of the SMMUv3 has multiple places where it reads a
data structure from the guest and directly operates on it without
doing a guest-to-host endianness conversion. Since all SMMU data
structures are little-endian, this means that the SMMU doesn't work
on a big-endian host. In particular, this causes the Avocado test
machine_aarch64_virt.py:Aarch64VirtMachine.test_alpine_virt_tcg_gic_max
to fail on an s390x host.
Add appropriate byte-swapping on reads and writes of guest in-memory
data structures so that the device works correctly on big-endian
hosts.
As part of this we constrain queue_read() to operate only on Cmd
structs and queue_write() on Evt structs, because in practice these
are the only data structures the two functions are used with, and we
need to know what the data structure is to be able to byte-swap its
parts correctly.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20230717132641.764660-1-peter.maydell@linaro.org
Cc: qemu-stable@nongnu.org
(cherry picked from commit c6445544d4cea2628fbad3bad09f3d3a03c749d3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 26a49f9f6283083cf6084696ee99914228a3690a
https://github.com/qemu/qemu/commit/26a49f9f6283083cf6084696ee99914228a3690a
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/arm/translate.c
Log Message:
-----------
target/arm: Avoid writing to constant TCGv in trans_CSEL()
In commit 0b188ea05acb5 we changed the implementation of
trans_CSEL() to use tcg_constant_i32(). However, this change
was incorrect, because the implementation of the function
sets up the TCGv_i32 rn and rm to be either zero or else
a TCG temp created in load_reg(), and these TCG temps are
then in both cases written to by the emitted TCG ops.
The result is that we hit a TCG assertion:
qemu-system-arm: ../../tcg/tcg.c:4455: tcg_reg_alloc_mov: Assertion
`!temp_readonly(ots)' failed.
(or on a non-debug build, just produce a garbage result)
Adjust the code so that rn and rm are always writeable
temporaries whether the instruction is using the special
case "0" or a normal register as input.
Cc: qemu-stable@nongnu.org
Fixes: 0b188ea05acb5 ("target/arm: Use tcg_constant in trans_CSEL")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230727103906.2641264-1-peter.maydell@linaro.org
(cherry picked from commit 2b0d656ab6484cae7f174e194215a6d50343ecd2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context fixup in target/arm/tcg/translate.c)
Commit: d53d3f07dc488961bb9cb074504efdf890603c96
https://github.com/qemu/qemu/commit/d53d3f07dc488961bb9cb074504efdf890603c96
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
M target/ppc/translate.c
Log Message:
-----------
target/ppc: Disable goto_tb with architectural singlestep
The change to use translator_use_goto_tb went too far, as the
CF_SINGLE_STEP flag managed by the translator only handles
gdb single stepping and not the architectural single stepping
modeled in DisasContext.singlestep_enabled.
Fixes: 6e9cc373ec5 ("target/ppc: Use translator_use_goto_tb")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1795
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 2e718e665706d5fcc3e3501bda26f277f055ed85)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: daa3277175e7fd7ec97d2368a35e9804f1870410
https://github.com/qemu/qemu/commit/daa3277175e7fd7ec97d2368a35e9804f1870410
Author: Helge Deller <deller@gmx.de>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
M linux-user/arm/cpu_loop.c
Log Message:
-----------
linux-user/armeb: Fix __kernel_cmpxchg() for armeb
Commit 7f4f0d9ea870 ("linux-user/arm: Implement __kernel_cmpxchg with host
atomics") switched to use qatomic_cmpxchg() to swap a word with the memory
content, but missed to endianess-swap the oldval and newval values when
emulating an armeb CPU, which expects words to be stored in big endian in
the guest memory.
The bug can be verified with qemu >= v7.0 on any little-endian host, when
starting the armeb binary of the upx program, which just hangs without
this patch.
Cc: qemu-stable@nongnu.org
Signed-off-by: Helge Deller <deller@gmx.de>
Reported-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Reported-by: John Reiser <jreiser@BitWagon.com>
Closes: https://github.com/upx/upx/issues/687
Message-Id: <ZMQVnqY+F+5sTNFd@p100>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 38dd78c41eaf08b490c9e7ec68fc508bbaa5cb1d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/cf51ff87b7f7...daa3277175e7
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 3b8031: qemu-nbd: regression with arguments passing into n...,
Helge Deller <=