[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 2eee26: target/arm: Avoid writing to constant
|
From: |
Thomas Huth |
|
Subject: |
[Qemu-commits] [qemu/qemu] 2eee26: target/arm: Avoid writing to constant TCGv in tran... |
|
Date: |
Fri, 04 Aug 2023 01:17:08 -0700 |
Branch: refs/heads/staging-8.0
Home: https://github.com/qemu/qemu
Commit: 2eee26f579ccf08a7becc22f60c590b830a1427a
https://github.com/qemu/qemu/commit/2eee26f579ccf08a7becc22f60c590b830a1427a
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-07-31 (Mon, 31 Jul 2023)
Changed paths:
M target/arm/tcg/translate.c
Log Message:
-----------
target/arm: Avoid writing to constant TCGv in trans_CSEL()
In commit 0b188ea05acb5 we changed the implementation of
trans_CSEL() to use tcg_constant_i32(). However, this change
was incorrect, because the implementation of the function
sets up the TCGv_i32 rn and rm to be either zero or else
a TCG temp created in load_reg(), and these TCG temps are
then in both cases written to by the emitted TCG ops.
The result is that we hit a TCG assertion:
qemu-system-arm: ../../tcg/tcg.c:4455: tcg_reg_alloc_mov: Assertion
`!temp_readonly(ots)' failed.
(or on a non-debug build, just produce a garbage result)
Adjust the code so that rn and rm are always writeable
temporaries whether the instruction is using the special
case "0" or a normal register as input.
Cc: qemu-stable@nongnu.org
Fixes: 0b188ea05acb5 ("target/arm: Use tcg_constant in trans_CSEL")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20230727103906.2641264-1-peter.maydell@linaro.org
(cherry picked from commit 2b0d656ab6484cae7f174e194215a6d50343ecd2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b2ec46364945c84bad1d6097b9be2b291fe39828
https://github.com/qemu/qemu/commit/b2ec46364945c84bad1d6097b9be2b291fe39828
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
M util/interval-tree.c
Log Message:
-----------
util/interval-tree: Use qatomic_read for left/right while searching
Fixes a race condition (generally without optimization) in which
the subtree is re-read after the protecting if condition.
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 055b86e0f0b4325117055d8d31c49011258f4af3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5ee0ad66efe4685c21c4fd850089c974348fadda
https://github.com/qemu/qemu/commit/5ee0ad66efe4685c21c4fd850089c974348fadda
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
M util/interval-tree.c
Log Message:
-----------
util/interval-tree: Use qatomic_set_mb in rb_link_node
Ensure that the stores to rb_left and rb_right are complete before
inserting the new node into the tree. Otherwise a concurrent reader
could see garbage in the new leaf.
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 4c8baa02d36379507afd17bdea87aabe0aa32ed3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 73aa520943ca68a398c314b6b681ddca05253366
https://github.com/qemu/qemu/commit/73aa520943ca68a398c314b6b681ddca05253366
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
M target/ppc/translate.c
Log Message:
-----------
target/ppc: Disable goto_tb with architectural singlestep
The change to use translator_use_goto_tb went too far, as the
CF_SINGLE_STEP flag managed by the translator only handles
gdb single stepping and not the architectural single stepping
modeled in DisasContext.singlestep_enabled.
Fixes: 6e9cc373ec5 ("target/ppc: Use translator_use_goto_tb")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1795
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 2e718e665706d5fcc3e3501bda26f277f055ed85)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 559c2267b43397c677ed9a0a5757e36c7bcb69e6
https://github.com/qemu/qemu/commit/559c2267b43397c677ed9a0a5757e36c7bcb69e6
Author: Helge Deller <deller@gmx.de>
Date: 2023-08-01 (Tue, 01 Aug 2023)
Changed paths:
M linux-user/arm/cpu_loop.c
Log Message:
-----------
linux-user/armeb: Fix __kernel_cmpxchg() for armeb
Commit 7f4f0d9ea870 ("linux-user/arm: Implement __kernel_cmpxchg with host
atomics") switched to use qatomic_cmpxchg() to swap a word with the memory
content, but missed to endianess-swap the oldval and newval values when
emulating an armeb CPU, which expects words to be stored in big endian in
the guest memory.
The bug can be verified with qemu >= v7.0 on any little-endian host, when
starting the armeb binary of the upx program, which just hangs without
this patch.
Cc: qemu-stable@nongnu.org
Signed-off-by: Helge Deller <deller@gmx.de>
Reported-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Reported-by: John Reiser <jreiser@BitWagon.com>
Closes: https://github.com/upx/upx/issues/687
Message-Id: <ZMQVnqY+F+5sTNFd@p100>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 38dd78c41eaf08b490c9e7ec68fc508bbaa5cb1d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4448659636866a43f2a826fcaa442096527734dc
https://github.com/qemu/qemu/commit/4448659636866a43f2a826fcaa442096527734dc
Author: Anthony PERARD <anthony.perard@citrix.com>
Date: 2023-08-02 (Wed, 02 Aug 2023)
Changed paths:
M util/thread-pool.c
Log Message:
-----------
thread-pool: signal "request_cond" while locked
thread_pool_free() might have been called on the `pool`, which would
be a reason for worker_thread() to quit. In this case,
`pool->request_cond` is been destroyed.
If worker_thread() didn't managed to signal `request_cond` before it
been destroyed by thread_pool_free(), we got:
util/qemu-thread-posix.c:198: qemu_cond_signal: Assertion
`cond->initialized' failed.
One backtrace:
__GI___assert_fail (assertion=0x55555614abcb "cond->initialized",
file=0x55555614ab88 "util/qemu-thread-posix.c", line=198,
function=0x55555614ad80 <__PRETTY_FUNCTION__.17104> "qemu_cond_signal")
at assert.c:101
qemu_cond_signal (cond=0x7fffb800db30) at util/qemu-thread-posix.c:198
worker_thread (opaque=0x7fffb800dab0) at util/thread-pool.c:129
qemu_thread_start (args=0x7fffb8000b20) at util/qemu-thread-posix.c:505
start_thread (arg=<optimized out>) at pthread_create.c:486
Reported here:
https://lore.kernel.org/all/ZJwoK50FcnTSfFZ8@MacBook-Air-de-Roger.local/T/#u
To avoid issue, keep lock while sending a signal to `request_cond`.
Fixes: 900fa208f506 ("thread-pool: replace semaphore with condition variable")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230714152720.5077-1-anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit f4f71363fcdb1092ff64d2bba6f9af39570c2f2b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 07819b3e06c1e202aee5948427b3448151716d96
https://github.com/qemu/qemu/commit/07819b3e06c1e202aee5948427b3448151716d96
Author: Anthony PERARD <anthony.perard@citrix.com>
Date: 2023-08-02 (Wed, 02 Aug 2023)
Changed paths:
M hw/block/xen-block.c
Log Message:
-----------
xen-block: Avoid leaks on new error path
Commit 189829399070 ("xen-block: Use specific blockdev driver")
introduced a new error path, without taking care of allocated
resources.
So only allocate the qdicts after the error check, and free both
`filename` and `driver` when we are about to return and thus taking
care of both success and error path.
Coverity only spotted the leak of qdicts (*_layer variables).
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: Coverity CID 1508722, 1398649
Fixes: 189829399070 ("xen-block: Use specific blockdev driver")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230704171819.42564-1-anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit aa36243514a777f76c8b8a19b1f8a71f27ec6c78)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6efd35527b5cd969a75423dcbdf6dfdf4df5e39e
https://github.com/qemu/qemu/commit/6efd35527b5cd969a75423dcbdf6dfdf4df5e39e
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2023-08-02 (Wed, 02 Aug 2023)
Changed paths:
M include/io/channel-tls.h
M io/channel-tls.c
Log Message:
-----------
io: remove io watch if TLS channel is closed during handshake
The TLS handshake make take some time to complete, during which time an
I/O watch might be registered with the main loop. If the owner of the
I/O channel invokes qio_channel_close() while the handshake is waiting
to continue the I/O watch must be removed. Failing to remove it will
later trigger the completion callback which the owner is not expecting
to receive. In the case of the VNC server, this results in a SEGV as
vnc_disconnect_start() tries to shutdown a client connection that is
already gone / NULL.
CVE-2023-3354
Reported-by: jiangyegen <jiangyegen@huawei.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 10be627d2b5ec2d6b3dce045144aa739eef678b4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 49476e7aa375bd96642c5dac2d6855c8089c985d
https://github.com/qemu/qemu/commit/49476e7aa375bd96642c5dac2d6855c8089c985d
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-08-03 (Thu, 03 Aug 2023)
Changed paths:
M hw/i386/kvm/xen_evtchn.c
Log Message:
-----------
hw/xen: fix off-by-one in xen_evtchn_set_gsi()
Coverity points out (CID 1508128) a bounds checking error. We need to check
for gsi >= IOAPIC_NUM_PINS, not just greater-than.
Also fix up an assert() that has the same problem, that Coverity didn't see.
Fixes: 4f81baa33ed6 ("hw/xen: Support GSI mapping to PIRQ")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230801175747.145906-2-dwmw2@infradead.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit cf885b19579646d6a085470658bc83432d6786d2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: dd467995b55c5f43b187e0b90afc3a4c770ab125
https://github.com/qemu/qemu/commit/dd467995b55c5f43b187e0b90afc3a4c770ab125
Author: Keith Packard <keithp@keithp.com>
Date: 2023-08-03 (Thu, 03 Aug 2023)
Changed paths:
M target/nios2/nios2-semi.c
Log Message:
-----------
target/nios2: Pass semihosting arg to exit
Instead of using R_ARG0 (the semihost function number), use R_ARG1
(the provided exit status).
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230801152245.332749-1-keithp@keithp.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit c11d5bdae79a8edaf00dfcb2e49c064a50c67671)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c594c7b30b06fcb7e2fccd697e2d666421c104ce
https://github.com/qemu/qemu/commit/c594c7b30b06fcb7e2fccd697e2d666421c104ce
Author: Keith Packard <keithp@keithp.com>
Date: 2023-08-03 (Thu, 03 Aug 2023)
Changed paths:
M target/nios2/nios2-semi.c
Log Message:
-----------
target/nios2: Fix semihost lseek offset computation
The arguments for deposit64 are (value, start, length, fieldval); this
appears to have thought they were (value, fieldval, start,
length). Reorder the parameters to match the actual function.
Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Fixes: d1e23cbaa403b2d ("target/nios2: Use semihosting/syscalls.h")
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230731235245.295513-1-keithp@keithp.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 71e2dd6aa1bdbac19c661638a4ae91816002ac9e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ccda608f610296106a8b4150a838d02d7bb25c3c
https://github.com/qemu/qemu/commit/ccda608f610296106a8b4150a838d02d7bb25c3c
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-08-03 (Thu, 03 Aug 2023)
Changed paths:
M target/m68k/m68k-semi.c
Log Message:
-----------
target/m68k: Fix semihost lseek offset computation
The arguments for deposit64 are (value, start, length, fieldval); this
appears to have thought they were (value, fieldval, start,
length). Reorder the parameters to match the actual function.
Cc: qemu-stable@nongnu.org
Fixes: 950272506d ("target/m68k: Use semihosting/syscalls.h")
Reported-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230801154519.3505531-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 8caaae7319a5f7ca449900c0e6bfcaed78fa3ae2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9941837a2d9a6817550999b6a893b930ceb291c1
https://github.com/qemu/qemu/commit/9941837a2d9a6817550999b6a893b930ceb291c1
Author: Eric Auger <eric.auger@redhat.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/virtio/virtio-iommu.c
Log Message:
-----------
hw/virtio-iommu: Fix potential OOB access in virtio_iommu_handle_command()
In the virtio_iommu_handle_command() when a PROBE request is handled,
output_size takes a value greater than the tail size and on a subsequent
iteration we can get a stack out-of-band access. Initialize the
output_size on each iteration.
The issue was found with ASAN. Credits to:
Yiming Tao(Zhejiang University)
Gaoning Pan(Zhejiang University)
Fixes: 1733eebb9e7 ("virtio-iommu: Implement RESV_MEM probe request")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Mauro Matteo Cascella <mcascell@redhat.com>
Cc: qemu-stable@nongnu.org
Message-Id: <20230717162126.11693-1-eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit cf2f89edf36a59183166ae8721a8d7ab5cd286bd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: abe67f660ecbf77658497197d44e01f449ccc92a
https://github.com/qemu/qemu/commit/abe67f660ecbf77658497197d44e01f449ccc92a
Author: Li Feng <fengli@smartx.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/virtio/vhost.c
Log Message:
-----------
vhost: fix the fd leak
When the vhost-user reconnect to the backend, the notifer should be
cleanup. Otherwise, the fd resource will be exhausted.
Fixes: f9a09ca3ea ("vhost: add support for configure interrupt")
Signed-off-by: Li Feng <fengli@smartx.com>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20230731121018.2856310-2-fengli@smartx.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Fiona Ebner <f.ebner@proxmox.com>
(cherry picked from commit 18f2971ce403008d5e1c2875b483c9d1778143dc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: aeddeff6384cbb76a508e3e5a063e2e78aeeace9
https://github.com/qemu/qemu/commit/aeddeff6384cbb76a508e3e5a063e2e78aeeace9
Author: zhenwei pi <pizhenwei@bytedance.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/virtio/virtio-crypto.c
Log Message:
-----------
virtio-crypto: verify src&dst buffer length for sym request
For symmetric algorithms, the length of ciphertext must be as same
as the plaintext.
The missing verification of the src_len and the dst_len in
virtio_crypto_sym_op_helper() may lead buffer overflow/divulged.
This patch is originally written by Yiming Tao for QEMU-SECURITY,
resend it(a few changes of error message) in qemu-devel.
Fixes: CVE-2023-3180
Fixes: 04b9b37edda("virtio-crypto: add data queue processing handler")
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: Mauro Matteo Cascella <mcascell@redhat.com>
Cc: Yiming Tao <taoym@zju.edu.cn>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <20230803024314.29962-2-pizhenwei@bytedance.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 9d38a8434721a6479fe03fb5afb150ca793d3980)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9700e9896b31a6e58b5007bb4d710f04be18857a
https://github.com/qemu/qemu/commit/9700e9896b31a6e58b5007bb4d710f04be18857a
Author: zhenwei pi <pizhenwei@bytedance.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M backends/cryptodev.c
Log Message:
-----------
cryptodev: Handle unexpected request to avoid crash
Generally guest side should discover which services the device is
able to offer, then do requests on device.
However it's also possible to break this rule in a guest. Handle
unexpected request here to avoid NULL pointer dereference.
Fixes: e7a775fd ('cryptodev: Account statistics')
Cc: Gonglei <arei.gonglei@huawei.com>
Cc: Mauro Matteo Cascella <mcascell@redhat.com>
Cc: Xiao Lei <nop.leixiao@gmail.com>
Cc: Yongkang Jia <kangel@zju.edu.cn>
Reported-by: Yiming Tao <taoym@zju.edu.cn>
Signed-off-by: zhenwei pi <pizhenwei@bytedance.com>
Message-Id: <20230803024314.29962-3-pizhenwei@bytedance.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 15b11a1da6a4b7c6b8bb37883f52b544dee2b8fd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0fd382f2966443ba4a87e00a8f9e2adc16ceca14
https://github.com/qemu/qemu/commit/0fd382f2966443ba4a87e00a8f9e2adc16ceca14
Author: Helge Deller <deller@gmx.de>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M target/hppa/cpu.h
Log Message:
-----------
target/hppa: Move iaoq registers and thus reduce generated code size
On hppa the Instruction Address Offset Queue (IAOQ) registers specifies
the next to-be-executed instructions addresses. Each generated TB writes those
registers at least once, so those registers are used heavily in generated
code.
Looking at the generated assembly, for a x86-64 host this code
to write the address $0x7ffe826f into iaoq_f is generated:
0x7f73e8000184: c7 85 d4 01 00 00 6f 82 movl $0x7ffe826f, 0x1d4(%rbp)
0x7f73e800018c: fe 7f
0x7f73e800018e: c7 85 d8 01 00 00 73 82 movl $0x7ffe8273, 0x1d8(%rbp)
0x7f73e8000196: fe 7f
With the trivial change, by moving the variables iaoq_f and iaoq_b to
the top of struct CPUArchState, the offset to %rbp is reduced (from
0x1d4 to 0), which allows the x86-64 tcg to generate 3 bytes less of
generated code per move instruction:
0x7fc1e800018c: c7 45 00 6f 82 fe 7f movl $0x7ffe826f, (%rbp)
0x7fc1e8000193: c7 45 04 73 82 fe 7f movl $0x7ffe8273, 4(%rbp)
Overall this is a reduction of generated code (not a reduction of
number of instructions).
A test run with checks the generated code size by running "/bin/ls"
with qemu-user shows that the code size shrinks from 1616767 to 1569273
bytes, which is ~97% of the former size.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: qemu-stable@nongnu.org
(cherry picked from commit f8c0fd9804f435a20c3baa4c0c77ba9a02af24ef)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7d2089e08d3af02b06caf22ccbc924ceee8988ae
https://github.com/qemu/qemu/commit/7d2089e08d3af02b06caf22ccbc924ceee8988ae
Author: Yuri Benditovich <yuri.benditovich@daynix.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/pci/pci_host.c
Log Message:
-----------
pci: do not respond config requests after PCI device eject
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224964
In migration with VF failover, Windows guest and ACPI hot
unplug we do not need to satisfy config requests, otherwise
the guest immediately detects the device and brings up its
driver. Many network VF's are stuck on the guest PCI bus after
the migration.
Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Message-Id: <20230728084049.191454-1-yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 348e354417b64c484877354ee7cc66f29fa6c7df)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: dbb6e76e3feb2e8496b0ec65de63600d7d5cd971
https://github.com/qemu/qemu/commit/dbb6e76e3feb2e8496b0ec65de63600d7d5cd971
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/i386/intel_iommu.c
Log Message:
-----------
hw/i386/intel_iommu: Fix trivial endianness problems
After reading the guest memory with dma_memory_read(), we have
to make sure that we byteswap the little endian data to the host's
byte order.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230802135723.178083-2-thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit cc2a08480e19007c05be8fe5b6893e20448954dc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 180e89ebeb4fbaac7a8cf50ed7735bd2c1bce5e4
https://github.com/qemu/qemu/commit/180e89ebeb4fbaac7a8cf50ed7735bd2c1bce5e4
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/i386/intel_iommu.c
M include/hw/i386/intel_iommu.h
Log Message:
-----------
hw/i386/intel_iommu: Fix endianness problems related to VTD_IR_TableEntry
The code already tries to do some endianness handling here, but
currently fails badly:
- While it already swaps the data when logging errors / tracing, it fails
to byteswap the value before e.g. accessing entry->irte.present
- entry->irte.source_id is swapped with le32_to_cpu(), though this is
a 16-bit value
- The whole union is apparently supposed to be swapped via the 64-bit
data[2] array, but the struct is a mixture between 32 bit values
(the first 8 bytes) and 64 bit values (the second 8 bytes), so this
cannot work as expected.
Fix it by converting the struct to two proper 64-bit bitfields, and
by swapping the values only once for everybody right after reading
the data from memory.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230802135723.178083-3-thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 642ba89672279fbdd14016a90da239c85e845d18)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 82232f13056086c3800d9f1ccffdd6d9b38d01df
https://github.com/qemu/qemu/commit/82232f13056086c3800d9f1ccffdd6d9b38d01df
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/i386/intel_iommu_internal.h
Log Message:
-----------
hw/i386/intel_iommu: Fix struct VTDInvDescIEC on big endian hosts
On big endian hosts, we need to reverse the bitfield order in the
struct VTDInvDescIEC, just like it is already done for the other
bitfields in the various structs of the intel-iommu device.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230802135723.178083-4-thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 4572b22cf9ba432fa3955686853c706a1821bbc7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b90259ce28cf3b34902743c634a9c83022f31de2
https://github.com/qemu/qemu/commit/b90259ce28cf3b34902743c634a9c83022f31de2
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/i386/intel_iommu.c
Log Message:
-----------
hw/i386/intel_iommu: Fix index calculation in vtd_interrupt_remap_msi()
The values in "addr" are populated locally in this function in host
endian byte order, so we must not swap the index_l field here.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230802135723.178083-5-thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit fcd8027423300b201b37842b88393dc5c6c8ee9e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 13909d5f0c428490cb4fda404c816214321c6c6e
https://github.com/qemu/qemu/commit/13909d5f0c428490cb4fda404c816214321c6c6e
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M hw/i386/x86-iommu.c
Log Message:
-----------
hw/i386/x86-iommu: Fix endianness issue in x86_iommu_irq_to_msi_message()
The values in "msg" are assembled in host endian byte order (the other
field are also not swapped), so we must not swap the __addr_head here.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230802135723.178083-6-thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 37cf5cecb039a063c0abe3b51ae30f969e73aa84)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8029ce37424bd444a7bcd80b8aab9aec1318c176
https://github.com/qemu/qemu/commit/8029ce37424bd444a7bcd80b8aab9aec1318c176
Author: Thomas Huth <thuth@redhat.com>
Date: 2023-08-04 (Fri, 04 Aug 2023)
Changed paths:
M include/hw/i386/x86-iommu.h
Log Message:
-----------
include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts
The first bitfield here is supposed to be used as a 64-bit equivalent
to the "uint64_t msi_addr" in the union. To make this work correctly
on big endian hosts, too, the __addr_hi field has to be part of the
bitfield, and the the bitfield members must be declared with "uint64_t"
instead of "uint32_t" - otherwise the values are placed in the wrong
bytes on big endian hosts.
Same applies to the 32-bit "msi_data" field: __resved1 must be part
of the bitfield, and the members must be declared with "uint32_t"
instead of "uint16_t".
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230802135723.178083-7-thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit e1e56c07d1fa24aa37a7e89e6633768fc8ea8705)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/2bff614256f9...8029ce37424b
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 2eee26: target/arm: Avoid writing to constant TCGv in tran...,
Thomas Huth <=