[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] af566c: hw/pvrdma: Protect against buggy or m
|
From: |
Alex Bennée |
|
Subject: |
[Qemu-commits] [qemu/qemu] af566c: hw/pvrdma: Protect against buggy or malicious gues... |
|
Date: |
Tue, 21 Nov 2023 04:47:27 -0800 |
Branch: refs/heads/stable-8.1
Home: https://github.com/qemu/qemu
Commit: af566ccb38bdb65ed239c9cd22de3fbde9ad1483
https://github.com/qemu/qemu/commit/af566ccb38bdb65ed239c9cd22de3fbde9ad1483
Author: Yuval Shaia <yuval.shaia.ml@gmail.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M hw/rdma/vmw/pvrdma_main.c
Log Message:
-----------
hw/pvrdma: Protect against buggy or malicious guest driver
Guest driver allocates and initialize page tables to be used as a ring
of descriptors for CQ and async events.
The page table that represents the ring, along with the number of pages
in the page table is passed to the device.
Currently our device supports only one page table for a ring.
Let's make sure that the number of page table entries the driver
reports, do not exceeds the one page table size.
Reported-by: Soul Chen <soulchen8650@gmail.com>
Signed-off-by: Yuval Shaia <yuval.shaia.ml@gmail.com>
Fixes: CVE-2023-1544
Message-ID: <20230301142926.18686-1-yuval.shaia.ml@gmail.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 85fc35afa93c7320d1641d344d0c5dfbe341d087)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9285589334de8faa924f898547bcc716b14a9f0d
https://github.com/qemu/qemu/commit/9285589334de8faa924f898547bcc716b14a9f0d
Author: Fabiano Rosas <farosas@suse.de>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M scripts/analyze-migration.py
Log Message:
-----------
migration: Fix analyze-migration read operation signedness
The migration code uses unsigned values for 16, 32 and 64-bit
operations. Fix the script to do the same.
This was causing an issue when parsing the migration stream generated
on the ppc64 target because one of instance_ids was larger than the
32bit signed maximum:
Traceback (most recent call last):
File "/home/fabiano/kvm/qemu/build/scripts/analyze-migration.py", line 658,
in <module>
dump.read(dump_memory = args.memory)
File "/home/fabiano/kvm/qemu/build/scripts/analyze-migration.py", line 592,
in read
classdesc = self.section_classes[section_key]
KeyError: ('spapr_iommu', -2147483648)
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20231009184326.15777-6-farosas@suse.de>
(cherry picked from commit caea03279e11dfcb0e5a567b81fe7f02ee80af02)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 95b3854bf7b11c58f89f19d274d958e4ca5d7873
https://github.com/qemu/qemu/commit/95b3854bf7b11c58f89f19d274d958e4ca5d7873
Author: Juan Quintela <quintela@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M migration/ram.c
Log Message:
-----------
migration: Non multifd migration don't care about multifd flushes
RDMA was having trouble because
migrate_multifd_flush_after_each_section() can only be true or false,
but we don't want to send any flush when we are not in multifd
migration.
CC: Fabiano Rosas <farosas@suse.de
Fixes: 294e5a4034e81 ("multifd: Only flush once each full round of memory")
Reported-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Li Zhijian <lizhijian@fujitsu.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20231011205548.10571-2-quintela@redhat.com>
(cherry picked from commit d4f34485ca8a077c98fc2303451e9bece9200dd7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 663aca79f96968357736fdaf50c49eea87efa50c
https://github.com/qemu/qemu/commit/663aca79f96968357736fdaf50c49eea87efa50c
Author: John Snow <jsnow@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M python/qemu/qmp/protocol.py
Log Message:
-----------
python/qmp: remove Server.wait_closed() call for Python 3.12
This patch is a backport from
https://gitlab.com/qemu-project/python-qemu-qmp/-/commit/e03a3334b6a477beb09b293708632f2c06fe9f61
According to Guido in https://github.com/python/cpython/issues/104344 ,
this call was never meant to wait for the server to shut down - that is
handled synchronously - but instead, this waits for all connections to
close. Or, it would have, if it wasn't broken since it was introduced.
3.12 fixes the bug, which now causes a hang in our code. The fix is just
to remove the wait.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Message-id: 20231006195243.3131140-3-jsnow@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
(cherry picked from commit acf873873ae38e68371b0c53c42d3530636ff94e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: adbbddf90beec4219ee9fa0a4b6f7eb4f107989e
https://github.com/qemu/qemu/commit/adbbddf90beec4219ee9fa0a4b6f7eb4f107989e
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M tests/docker/docker.py
Log Message:
-----------
tests/docker: avoid invalid escape in Python string
This is an error in Python 3.12; fix it by using a raw string literal.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit a5e3cb3b90a62a42cd19ad9a20ca25c7df1dc3da)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 23b0010786f354845f8ff7760bc1af83fc160649
https://github.com/qemu/qemu/commit/23b0010786f354845f8ff7760bc1af83fc160649
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M docs/sphinx/hxtool.py
Log Message:
-----------
docs/sphinx: avoid invalid escape in Python string
This is an error in Python 3.12; fix it by using a raw string literal.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit e4b6532cc0a5518c0dea15eeca573829df9ec1df)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7a04747125e595c7cb4db66dcd0b4fc4b13b6e87
https://github.com/qemu/qemu/commit/7a04747125e595c7cb4db66dcd0b4fc4b13b6e87
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M target/hexagon/hex_common.py
Log Message:
-----------
target/hexagon: avoid invalid escape in Python string
This is an error in Python 3.12; fix it by using a raw string literal.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit e41c40d101fce79af4d679955eb6e0d31e02c47c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6dbb538a7159edef132353e6855ad0b8a501fc87
https://github.com/qemu/qemu/commit/6dbb538a7159edef132353e6855ad0b8a501fc87
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M tests/avocado/virtio_check_params.py
Log Message:
-----------
tests/avocado: avoid invalid escape in Python string
This is an error in Python 3.12; fix it by using a raw string literal.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 1b5f3f65cc71341a4f9fc9e89bb6985fde703758)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 791cbfeec2065c29755ba5d89fd6378a1530ec94
https://github.com/qemu/qemu/commit/791cbfeec2065c29755ba5d89fd6378a1530ec94
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M tests/vm/basevm.py
Log Message:
-----------
tests/vm: avoid invalid escape in Python string
This is an error in Python 3.12; fix it by using a raw string literal
or by double-escaping the backslash.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 86a8989d4557a09b68f8b78b6c3fb6ad3f23ca6f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 71452f87c9ad7a205516066f37dfb7e7d12f1d02
https://github.com/qemu/qemu/commit/71452f87c9ad7a205516066f37dfb7e7d12f1d02
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M scripts/tracetool/__init__.py
M scripts/tracetool/format/log_stap.py
Log Message:
-----------
tracetool: avoid invalid escape in Python string
This is an error in Python 3.12; fix it by using a raw string literal.
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit e6d8e5e6e366ab4c9ed7d8ed1572f98c6ad6a38e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e73f57b1b57bb41ebbbcb6fe6f75bc8a770d17c7
https://github.com/qemu/qemu/commit/e73f57b1b57bb41ebbbcb6fe6f75bc8a770d17c7
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user: Fixes for zero_bss
The previous change, 2d385be6152, assumed !PAGE_VALID meant that
the page would be unmapped by the elf image. However, since we
reserved the entire image space via mmap, PAGE_VALID will always
be set. Instead, assume PROT_NONE for the same condition.
Furthermore, assume bss is only ever present for writable segments,
and that there is no page overlap between PT_LOAD segments.
Instead of an assert, return false to indicate failure.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1854
Fixes: 2d385be6152 ("linux-user: Do not adjust zero_bss for host page size")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit e6e66b03287331abc6f184456dbc6d25505590ec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 814f91d6790de6b24832f9282527a447bdc33de2
https://github.com/qemu/qemu/commit/814f91d6790de6b24832f9282527a447bdc33de2
Author: Mikulas Patocka <mpatocka@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M linux-user/mips/cpu_loop.c
Log Message:
-----------
linux-user/mips: fix abort on integer overflow
QEMU mips userspace emulation crashes with "qemu: unhandled CPU exception
0x15 - aborting" when one of the integer arithmetic instructions detects
an overflow.
This patch fixes it so that it delivers SIGFPE with FPE_INTOVF instead.
Cc: qemu-stable@nongnu.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Message-Id: <3ef979a8-3ee1-eb2d-71f7-d788ff88dd11@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 6fad9b4bb91dcc824f9c00a36ee843883b58313b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1e4c468ec7cae54905560c9d9fede0bdbb52eeb4
https://github.com/qemu/qemu/commit/1e4c468ec7cae54905560c9d9fede0bdbb52eeb4
Author: Mikulas Patocka <mpatocka@redhat.com>
Date: 2023-10-19 (Thu, 19 Oct 2023)
Changed paths:
M linux-user/sh4/signal.c
Log Message:
-----------
linux-user/sh4: Fix crashes on signal delivery
sh4 uses gUSA (general UserSpace Atomicity) to provide atomicity on CPUs
that don't have atomic instructions. A gUSA region that adds 1 to an
atomic variable stored in @R2 looks like this:
4004b6: 03 c7 mova 4004c4 <gusa+0x10>,r0
4004b8: f3 61 mov r15,r1
4004ba: 09 00 nop
4004bc: fa ef mov #-6,r15
4004be: 22 63 mov.l @r2,r3
4004c0: 01 73 add #1,r3
4004c2: 32 22 mov.l r3,@r2
4004c4: 13 6f mov r1,r15
R0 contains a pointer to the end of the gUSA region
R1 contains the saved stack pointer
R15 contains negative length of the gUSA region
When this region is interrupted by a signal, the kernel detects if
R15 >= -128U. If yes, the kernel rolls back PC to the beginning of the
region and restores SP by copying R1 to R15.
The problem happens if we are interrupted by a signal at address 4004c4.
R15 still holds the value -6, but the atomic value was already written by
an instruction at address 4004c2. In this situation we can't undo the
gUSA. The function unwind_gusa does nothing, the signal handler attempts
to push a signal frame to the address -6 and crashes.
This patch fixes it, so that if we are interrupted at the last instruction
in a gUSA region, we copy R1 to R15 to restore the correct stack pointer
and avoid crashing.
There's another bug: if we are interrupted in a delay slot, we save the
address of the instruction in the delay slot. We must save the address of
the previous instruction.
Cc: qemu-stable@nongnu.org
Signed-off-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Yoshinori Sato <ysato@users.sourcefoege.jp>
Message-Id: <b16389f7-6c62-70b7-59b3-87533c0bcc@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 3b894b699c9a9c064466e128c18be80a3f2113bc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 59ee12a961bbde4e2be6766ba297c03a3d670356
https://github.com/qemu/qemu/commit/59ee12a961bbde4e2be6766ba297c03a3d670356
Author: Helge Deller <deller@gmx.de>
Date: 2023-10-21 (Sat, 21 Oct 2023)
Changed paths:
M hw/input/lasips2.c
Log Message:
-----------
lasips2: LASI PS/2 devices are not user-createable
Those PS/2 ports are created with the LASI controller when
a 32-bit PA-RISC machine is created.
Mark them not user-createable to avoid showing them in
the qemu device list.
Signed-off-by: Helge Deller <deller@gmx.de>
Cc: qemu-stable@nongnu.org
(cherry picked from commit a1e6a5c46219bada2c7b932748527553b36559ae)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 31c6d1d6549a153c0e6023308b47794672c5275b
https://github.com/qemu/qemu/commit/31c6d1d6549a153c0e6023308b47794672c5275b
Author: Michal Orzel <michal.orzel@amd.com>
Date: 2023-10-21 (Sat, 21 Oct 2023)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Fix CNTPCT_EL0 trapping from EL0 when HCR_EL2.E2H is 0
On an attempt to access CNTPCT_EL0 from EL0 using a guest running on top
of Xen, a trap from EL2 was observed which is something not reproducible
on HW (also, Xen does not trap accesses to physical counter).
This is because gt_counter_access() checks for an incorrect bit (1
instead of 0) of CNTHCTL_EL2 if HCR_EL2.E2H is 0 and access is made to
physical counter. Refer ARM ARM DDI 0487J.a, D19.12.2:
When HCR_EL2.E2H is 0:
- EL1PCTEN, bit [0]: refers to physical counter
- EL1PCEN, bit [1]: refers to physical timer registers
Drop entire block "if (hcr & HCR_E2H) {...} else {...}" from EL0 case
and fall through to EL1 case, given that after fixing checking for the
correct bit, the handling is the same.
Fixes: 5bc8437136fb ("target/arm: Update timer access for VHE")
Signed-off-by: Michal Orzel <michal.orzel@amd.com>
Tested-by: Oleksandr Tyshchenko <oleksandr_tyshchenko@epam.com>
Message-id: 20230928094404.20802-1-michal.orzel@amd.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit d01448c79d89cfdc86228081b1dd1dfaf85fb4c3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fdeedb886aa40e2e632f365c46c53c3380135073
https://github.com/qemu/qemu/commit/fdeedb886aa40e2e632f365c46c53c3380135073
Author: Lu Gao <lu.gao@verisilicon.com>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M hw/sd/sdhci.c
Log Message:
-----------
hw/sd/sdhci: Block Size Register bits [14:12] is lost
Block Size Register bits [14:12] is SDMA Buffer Boundary, it is missed
in register write, but it is needed in SDMA transfer. e.g. it will be
used in sdhci_sdma_transfer_multi_blocks to calculate boundary_ variables.
Missing this field will cause wrong operation for different SDMA Buffer
Boundary settings.
Fixes: d7dfca0807 ("hw/sdhci: introduce standard SD host controller")
Fixes: dfba99f17f ("hw/sdhci: Fix DMA Transfer Block Size field")
Signed-off-by: Lu Gao <lu.gao@verisilicon.com>
Signed-off-by: Jianxian Wen <jianxian.wen@verisilicon.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-ID: <20220321055618.4026-1-lu.gao@verisilicon.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit ae5f70baf549925080fcdbc6c1939c98a4a39246)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 28facf15989f43a4b6e801e6349c03603a78a6a0
https://github.com/qemu/qemu/commit/28facf15989f43a4b6e801e6349c03603a78a6a0
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-10-24 (Tue, 24 Oct 2023)
Changed paths:
M hw/rdma/vmw/pvrdma_cmd.c
Log Message:
-----------
hw/rdma/vmw/pvrdma_cmd: Use correct struct in query_port()
In query_port() we pass the address of a local pvrdma_port_attr
struct to the rdma_query_backend_port() function. Unfortunately,
rdma_backend_query_port() wants a pointer to a struct ibv_port_attr,
and the two are not the same length.
Coverity spotted this (CID 1507146): pvrdma_port_attr is 48 bytes
long, and ibv_port_attr is 52 bytes, because it has a few extra
fields at the end.
Fortunately, all we do with the attrs struct after the call is to
read a few specific fields out of it which are all at the same
offsets in both structs, so we can simply make the local variable the
correct type. This also lets us drop the cast (which should have
been a bit of a warning flag that we were doing something wrong
here).
We do however need to add extra casts for the fields of the
struct that are enums: clang will complain about the implicit
cast to a different enum type otherwise.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 4ab9a7429bf7507fba4b96b97d4147628c91ba14)
Commit: fd4ce7455f68288efcf255c01f0a97b40e7ac4ab
https://github.com/qemu/qemu/commit/fd4ce7455f68288efcf255c01f0a97b40e7ac4ab
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-10-29 (Sun, 29 Oct 2023)
Changed paths:
M target/sparc/translate.c
Log Message:
-----------
target/sparc: Clear may_lookup for npc == DYNAMIC_PC
With pairs of jmp+rett, pc == DYNAMIC_PC_LOOKUP and
npc == DYNAMIC_PC. Make sure that we exit for interrupts.
Cc: qemu-stable@nongnu.org
Fixes: 633c42834c7 ("target/sparc: Introduce DYNAMIC_PC_LOOKUP")
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
(cherry picked from commit 930f1865cc654b637ffe1207fa5b44bf0a156279)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 143352cd7d9fa2359ff27a322fa4e2cf17b2583e
https://github.com/qemu/qemu/commit/143352cd7d9fa2359ff27a322fa4e2cf17b2583e
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-10-31 (Tue, 31 Oct 2023)
Changed paths:
M target/arm/tcg/translate-a64.c
Log Message:
-----------
target/arm: Fix syndrome for FGT traps on ERET
In commit 442c9d682c94fc2 when we converted the ERET, ERETAA, ERETAB
instructions to decodetree, the conversion accidentally lost the
correct setting of the syndrome register when taking a trap because
of the FEAT_FGT HFGITR_EL1.ERET bit. Instead of reporting a correct
full syndrome value with the EC and IL bits, we only reported the low
two bits of the syndrome, because the call to syn_erettrap() got
dropped.
Fix the syndrome values for these traps by reinstating the
syn_erettrap() calls.
Fixes: 442c9d682c94fc2 ("target/arm: Convert ERET, ERETAA, ERETAB to
decodetree")
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231024172438.2990945-1-peter.maydell@linaro.org
(cherry picked from commit 307521d6e29e559c89afa9dbd337ae75fe3c436d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b938418f0d757ce3a2c81bf1f33d15eceead2201
https://github.com/qemu/qemu/commit/b938418f0d757ce3a2c81bf1f33d15eceead2201
Author: Glenn Miles <milesg@linux.vnet.ibm.com>
Date: 2023-10-31 (Tue, 31 Oct 2023)
Changed paths:
M hw/misc/led.c
Log Message:
-----------
misc/led: LED state is set opposite of what is expected
Testing of the LED state showed that when the LED polarity was
set to GPIO_POLARITY_ACTIVE_LOW and a low logic value was set on
the input GPIO of the LED, the LED was being turn off when it was
expected to be turned on.
Fixes: ddb67f6402 ("hw/misc/led: Allow connecting from GPIO output")
Signed-off-by: Glenn Miles <milesg@linux.vnet.ibm.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au>
Message-id: 20231024191945.4135036-1-milesg@linux.vnet.ibm.com
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 6f83dc67168d17856744275e2a0d7a6addf6cfb9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3a2d501916dd392af400a6748fc5efb8baef05f2
https://github.com/qemu/qemu/commit/3a2d501916dd392af400a6748fc5efb8baef05f2
Author: Kevin Wolf <kwolf@redhat.com>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M block/qapi-sysemu.c
Log Message:
-----------
block: Fix locking in media change monitor commands
blk_insert_bs() requires that the caller holds the AioContext lock for
the node to be inserted. Since commit c066e808e11, neglecting to do so
causes a crash when the child has to be moved to a different AioContext
to attach it to the BlockBackend.
This fixes qmp_blockdev_insert_anon_medium(), which is called for the
QMP commands 'blockdev-insert-medium' and 'blockdev-change-medium', to
correctly take the lock.
Cc: qemu-stable@nongnu.org
Fixes: https://issues.redhat.com/browse/RHEL-3922
Fixes: c066e808e11a5c181b625537b6c78e0de27a4801
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <20231013153302.39234-2-kwolf@redhat.com>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit fed824501501518b1ad3dc08a39f8f855508190d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: de18cbdaf21ae64c6b776e16bcc62f63b46a9661
https://github.com/qemu/qemu/commit/de18cbdaf21ae64c6b776e16bcc62f63b46a9661
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M tests/tcg/Makefile.target
M tests/tcg/aarch64/Makefile.target
M tests/tcg/arm/Makefile.target
M tests/tcg/cris/Makefile.target
M tests/tcg/hexagon/Makefile.target
M tests/tcg/i386/Makefile.target
M tests/tcg/minilib/Makefile.target
M tests/tcg/mips/Makefile.target
M tests/tcg/mips/hello-mips.c
Log Message:
-----------
tests/tcg: Add -fno-stack-protector
A build of GCC 13.2 will have stack protector enabled by default if it
was configured with --enable-default-ssp option. For such a compiler,
it is necessary to explicitly disable stack protector when linking
without standard libraries.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20230731091042.139159-3-akihiko.odaki@daynix.com>
[AJB: fix comment string typo]
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20231029145033.592566-3-alex.bennee@linaro.org>
(cherry picked from commit 580731dcc87eb27a2b0dc20ec331f1ce51864c97)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: bd8d9c618a1921355c94adb6ab07de8540f02f6e
https://github.com/qemu/qemu/commit/bd8d9c618a1921355c94adb6ab07de8540f02f6e
Author: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M qemu-img.c
Log Message:
-----------
qemu-img: rebase: stop when reaching EOF of old backing file
In case when we're rebasing within one backing chain, and when target image
is larger than old backing file, bdrv_is_allocated_above() ends up setting
*pnum = 0. As a result, target offset isn't getting incremented, and we
get stuck in an infinite for loop. Let's detect this case and proceed
further down the loop body, as the offsets beyond the old backing size need
to be explicitly zeroed.
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Message-ID: <20230919165804.439110-2-andrey.drobyshev@virtuozzo.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 8b097fd6b06ec295faefd4f30f96f8709abc9605)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b7867c82624547763a187d284ed7ab3a5516a57f
https://github.com/qemu/qemu/commit/b7867c82624547763a187d284ed7ab3a5516a57f
Author: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Date: 2023-11-01 (Wed, 01 Nov 2023)
Changed paths:
M tests/qemu-iotests/024
M tests/qemu-iotests/024.out
Log Message:
-----------
qemu-iotests: 024: add rebasing test case for overlay_size > backing_size
Before previous commit, rebase was getting infitely stuck in case of
rebasing within the same backing chain and when overlay_size > backing_size.
Let's add this case to the rebasing test 024 to make sure it doesn't
break again.
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Reviewed-by: Denis V. Lunev <den@openvz.org>
Reviewed-by: Hanna Czenczek <hreitz@redhat.com>
Message-ID: <20230919165804.439110-3-andrey.drobyshev@virtuozzo.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 827171c3180533f4ad0bc338ea166f401bb5d348)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: baf28675da28b6713d99b2a4d8ab6ffde1a70cb1
https://github.com/qemu/qemu/commit/baf28675da28b6713d99b2a4d8ab6ffde1a70cb1
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/arm/tcg/translate-sve.c
M tests/tcg/aarch64/Makefile.target
A tests/tcg/aarch64/sve-str.c
Log Message:
-----------
target/arm: Fix SVE STR increment
The previous change missed updating one of the increments and
one of the MemOps. Add a test case for all vector lengths.
Cc: qemu-stable@nongnu.org
Fixes: e6dd5e782be ("target/arm: Use tcg_gen_qemu_{ld, st}_i128 in gen_sve_{ld,
st}r")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231031143215.29764-1-richard.henderson@linaro.org
[PMM: fixed checkpatch nit]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit b11293c212c2927fcea1befc50dabec9baba4fcc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context fix in tests/tcg/aarch64/Makefile.target)
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Commit: 155856d890296f2ce3de0af67d1631ebfc9c060c
https://github.com/qemu/qemu/commit/155856d890296f2ce3de0af67d1631ebfc9c060c
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/arm/internals.h
M target/arm/ptw.c
Log Message:
-----------
target/arm: Correctly propagate stage 1 BTI guarded bit in a two-stage walk
In a two-stage translation, the result of the BTI guarded bit should
be the guarded bit from the first stage of translation, as there is
no BTI guard information in stage two. Our code tried to do this,
but got it wrong, because we currently have two fields where the GP
bit information might live (ARMCacheAttrs::guarded and
CPUTLBEntryFull::extra::arm::guarded), and we were storing the GP bit
in the latter during the stage 1 walk but trying to copy the former
in combine_cacheattrs().
Remove the duplicated storage, and always use the field in
CPUTLBEntryFull; correctly propagate the stage 1 value to the output
in get_phys_addr_twostage().
Note for stable backports: in v8.0 and earlier the field is named
result->f.guarded, not result->f.extra.arm.guarded.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1950
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20231031173723.26582-1-peter.maydell@linaro.org
(cherry picked from commit 4c09abeae8704970ff03bf2196973f6bf08ab6f9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: replace f.extra.arm.guarded -> f.guarded due to v8.1.0-1179-ga81fef4b64)
Commit: 6ede082daf431c4a7bc03f07f7f4436fe6097b42
https://github.com/qemu/qemu/commit/6ede082daf431c4a7bc03f07f7f4436fe6097b42
Author: Cédric Le Goater <clg@redhat.com>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/parallels-ext.c
M block/vdi.c
M hw/core/qdev-properties-system.c
M hw/hyperv/vmbus.c
M include/qemu/uuid.h
M migration/savevm.c
M tests/unit/test-uuid.c
M util/uuid.c
Log Message:
-----------
util/uuid: Add UUID_STR_LEN definition
qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Add a
define for this size and use it where required.
Cc: Fam Zheng <fam@euphon.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: "Denis V. Lunev" <den@openvz.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit 721da0396cfa0a4859cefb57e32cc79d19d80f54)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 47c408b80e2eb6b970df27970778a626229a6afb
https://github.com/qemu/qemu/commit/47c408b80e2eb6b970df27970778a626229a6afb
Author: Cédric Le Goater <clg@redhat.com>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio/pci: Fix buffer overrun when writing the VF token
qemu_uuid_unparse() includes a trailing NUL when writing the uuid
string and the buffer size should be UUID_FMT_LEN + 1 bytes. Use the
recently added UUID_STR_LEN which defines the correct size.
Fixes: CID 1522913
Fixes: 2dca1b37a760 ("vfio/pci: add support for VF token")
Cc: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: "Denis V. Lunev" <den@openvz.org>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit f8d6f3b16c37bd516a026e92a31dade5d761d3a6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5f0083a95d86e97f98e68c92e6e3aa06ce7e6c7f
https://github.com/qemu/qemu/commit/5f0083a95d86e97f98e68c92e6e3aa06ce7e6c7f
Author: Cédric Le Goater <clg@redhat.com>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M include/qemu/uuid.h
Log Message:
-----------
util/uuid: Remove UUID_FMT_LEN
Dangerous and now unused.
Cc: Fam Zheng <fam@euphon.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: "Denis V. Lunev" <den@openvz.org>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit 4ef9d97b1a37b8cfd152cc3ac5f9576e406868b1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3321ec125f06b116c4baf9da7568b7c69fa34813
https://github.com/qemu/qemu/commit/3321ec125f06b116c4baf9da7568b7c69fa34813
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/i386/kvm/xen-emu.c
Log Message:
-----------
i386/xen: Don't advertise XENFEAT_supervisor_mode_kernel
This confuses lscpu into thinking it's running in PVH mode.
Cc: qemu-stable@nongnu.org
Fixes: bedcc139248 ("i386/xen: implement HYPERVISOR_xen_version")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit e969f992c6562222e245dd8557f5b132a11ec29c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 91d789a891a45ea92f5d385f64db2d8d644a077b
https://github.com/qemu/qemu/commit/91d789a891a45ea92f5d385f64db2d8d644a077b
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/i386/kvm/xen-emu.c
Log Message:
-----------
i386/xen: fix per-vCPU upcall vector for Xen emulation
The per-vCPU upcall vector support had three problems. Firstly it was
using the wrong hypercall argument and would always return -EFAULT when
the guest tried to set it up. Secondly it was using the wrong ioctl() to
pass the vector to the kernel and thus the *kernel* would always return
-EINVAL. Finally, even when delivering the event directly from userspace
with an MSI, it put the destination CPU ID into the wrong bits of the
MSI address.
Linux doesn't (yet) use this mode so it went without decent testing
for a while.
Cc: qemu-stable@nongnu.org
Fixes: 105b47fdf2d0 ("i386/xen: implement HVMOP_set_evtchn_upcall_vector")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit e7dbb62ff19ce55548c785d76e814e7b144e6217)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5450203719f64907e0498eddabae15eadd4aee07
https://github.com/qemu/qemu/commit/5450203719f64907e0498eddabae15eadd4aee07
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/i386/kvm/xen_evtchn.c
M include/sysemu/kvm_xen.h
M target/i386/kvm/xen-emu.c
Log Message:
-----------
hw/xen: select kernel mode for per-vCPU event channel upcall vector
A guest which has configured the per-vCPU upcall vector may set the
HVM_PARAM_CALLBACK_IRQ param to fairly much anything other than zero.
For example, Linux v6.0+ after commit b1c3497e604 ("x86/xen: Add support
for HVMOP_set_evtchn_upcall_vector") will just do this after setting the
vector:
/* Trick toolstack to think we are enlightened. */
if (!cpu)
rc = xen_set_callback_via(1);
That's explicitly setting the delivery to GSI#1, but it's supposed to be
overridden by the per-vCPU vector setting. This mostly works in Qemu
*except* for the logic to enable the in-kernel handling of event channels,
which falsely determines that the kernel cannot accelerate GSI delivery
in this case.
Add a kvm_xen_has_vcpu_callback_vector() to report whether vCPU#0 has
the vector set, and use that in xen_evtchn_set_callback_param() to
enable the kernel acceleration features even when the param *appears*
to be set to target a GSI.
Preserve the Xen behaviour that when HVM_PARAM_CALLBACK_IRQ is set to
*zero* the event channel delivery is disabled completely. (Which is
what that bizarre guest behaviour is working round in the first place.)
Cc: qemu-stable@nongnu.org
Fixes: 91cce756179 ("hw/xen: Add xen_evtchn device for event channel emulation")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit 18e83f28bf39ffd2784aeb2e4e229096a86d349b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0f2dd05b9f9ae554312832e7c3b1eb9b88738fca
https://github.com/qemu/qemu/commit/0f2dd05b9f9ae554312832e7c3b1eb9b88738fca
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/i386/kvm/xen_gnttab.c
Log Message:
-----------
hw/xen: don't clear map_track[] in xen_gnttab_reset()
The refcounts actually correspond to 'active_ref' structures stored in a
GHashTable per "user" on the backend side (mostly, per XenDevice).
If we zero map_track[] on reset, then when the backend drivers get torn
down and release their mapping we hit the assert(s->map_track[ref] != 0)
in gnt_unref().
So leave them in place. Each backend driver will disconnect and reconnect
as the guest comes back up again and reconnects, and it all works out OK
in the end as the old refs get dropped.
Cc: qemu-stable@nongnu.org
Fixes: de26b2619789 ("hw/xen: Implement soft reset for emulated gnttab")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit 3de75ed352411899dbc9222e82fe164890c77e78)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b644416ec6d171a5befda4faf7c7ac90cf413a0c
https://github.com/qemu/qemu/commit/b644416ec6d171a5befda4faf7c7ac90cf413a0c
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/i386/kvm/xen_xenstore.c
Log Message:
-----------
hw/xen: fix XenStore watch delivery to guest
When fire_watch_cb() found the response buffer empty, it would call
deliver_watch() to generate the XS_WATCH_EVENT message in the response
buffer and send an event channel notification to the guest… without
actually *copying* the response buffer into the ring. So there was
nothing for the guest to see. The pending response didn't actually get
processed into the ring until the guest next triggered some activity
from its side.
Add the missing call to put_rsp().
It might have been slightly nicer to call xen_xenstore_event() here,
which would *almost* have worked. Except for the fact that it calls
xen_be_evtchn_pending() to check that it really does have an event
pending (and clear the eventfd for next time). And under Xen it's
defined that setting that fd to O_NONBLOCK isn't guaranteed to work,
so the emu implementation follows suit.
This fixes Xen device hot-unplug.
Cc: qemu-stable@nongnu.org
Fixes: 0254c4d19df ("hw/xen: Add xenstore wire implementation and
implementation stubs")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit 4a5780f52095f1daf23618dc6198a2a1665ea505)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 30a4cc2723c67f4c99633e9695835ddb6fcdbfe0
https://github.com/qemu/qemu/commit/30a4cc2723c67f4c99633e9695835ddb6fcdbfe0
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/i386/kvm/xen_evtchn.c
Log Message:
-----------
hw/xen: take iothread mutex in xen_evtchn_reset_op()
The xen_evtchn_soft_reset() function requires the iothread mutex, but is
also called for the EVTCHNOP_reset hypercall. Ensure the mutex is taken
in that case.
Cc: qemu-stable@nongnu.org
Fixes: a15b10978fe6 ("hw/xen: Implement EVTCHNOP_reset")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit debc995e883b05c2fd02fb797a61ab1328e5bae2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 287303495cbf7b554d193da7d76b226f2de86b59
https://github.com/qemu/qemu/commit/287303495cbf7b554d193da7d76b226f2de86b59
Author: David Woodhouse <dwmw@amazon.co.uk>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/block/xen-block.c
Log Message:
-----------
hw/xen: use correct default protocol for xen-block on x86
Even on x86_64 the default protocol is the x86-32 one if the guest doesn't
specifically ask for x86-64.
Cc: qemu-stable@nongnu.org
Fixes: b6af8926fb85 ("xen: add implementations of xen-block connect and
disconnect functions...")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
(cherry picked from commit a1c1082908dde4867b1ac55f546bea0c17d52318)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a89c8b96a8f6116e6b4325cca74f563868f25c58
https://github.com/qemu/qemu/commit/a89c8b96a8f6116e6b4325cca74f563868f25c58
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/display/virtio-gpu.c
Log Message:
-----------
virtio-gpu: block migration of VMs with blob=true
"blob" resources don't have an associated pixman image:
#0 pixman_image_get_stride (image=0x0) at ../pixman/pixman-image.c:921
#1 0x0000562327c25236 in virtio_gpu_save (f=0x56232bb13b00,
opaque=0x56232b555a60, size=0, field=0x5623289ab6c8 <__compound_literal.3+104>,
vmdesc=0x56232ab59fe0) at ../hw/display/virtio-gpu.c:1225
Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=2236353
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 9c549ab6895a43ad0cb33e684e11cdb0b5400897)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1f560fa2761e023ae19f5c178e2ecfc0df74e54d
https://github.com/qemu/qemu/commit/1f560fa2761e023ae19f5c178e2ecfc0df74e54d
Author: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/nvme.c
Log Message:
-----------
block/nvme: nvme_process_completion() fix bound for cid
NVMeQueuePair::reqs has length NVME_NUM_REQS, which less than
NVME_QUEUE_SIZE by 1.
Fixes: 1086e95da17050 ("block/nvme: switch to a NVMeRequest freelist")
Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Maksim Davydov <davydov-max@yandex-team.ru>
Message-id: 20231017125941.810461-5-vsementsov@yandex-team.ru
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit cc8fb0c3ae3c950eb40e969607e17ff16a7519ac)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fe8eb3187c35189a3bde8775696468c84a89e96f
https://github.com/qemu/qemu/commit/fe8eb3187c35189a3bde8775696468c84a89e96f
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M target/arm/tcg/a64.decode
M target/arm/tcg/translate.h
Log Message:
-----------
target/arm: Fix A64 LDRA immediate decode
In commit be23a049 in the conversion to decodetree we broke the
decoding of the immediate value in the LDRA instruction. This should
be a 10 bit signed value that is scaled by 8, but in the conversion
we incorrectly ended up scaling it only by 2. Fix the scaling
factor.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1970
Fixes: be23a049 ("target/arm: Convert load (pointer auth) insns to decodetree")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20231106113445.1163063-1-peter.maydell@linaro.org
(cherry picked from commit 5722fc471296d5f042df4b005a851cc8008df0c9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: cc9f53b3ec140b07328e38167dc44f37f63b7781
https://github.com/qemu/qemu/commit/cc9f53b3ec140b07328e38167dc44f37f63b7781
Author: Jean-Louis Dupond <jean-louis@dupond.be>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/qcow2-cluster.c
M qapi/block-core.json
M qemu-options.hx
Log Message:
-----------
qcow2: keep reference on zeroize with discard-no-unref enabled
When the discard-no-unref flag is enabled, we keep the reference for
normal discard requests.
But when a discard is executed on a snapshot/qcow2 image with backing,
the discards are saved as zero clusters in the snapshot image.
When committing the snapshot to the backing file, not
discard_in_l2_slice is called but zero_in_l2_slice. Which did not had
any logic to keep the reference when discard-no-unref is enabled.
Therefor we add logic in the zero_in_l2_slice call to keep the reference
on commit.
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1621
Signed-off-by: Jean-Louis Dupond <jean-louis@dupond.be>
Message-Id: <20231003125236.216473-2-jean-louis@dupond.be>
[hreitz: Made the documentation change more verbose, as discussed
on-list]
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
(cherry picked from commit b2b109041ecd1095384f5be5bb9badd13c1cf286)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a753815aa8b2ce9d72a7494c940485b5d885ba98
https://github.com/qemu/qemu/commit/a753815aa8b2ce9d72a7494c940485b5d885ba98
Author: Sam Li <faithilikerun@gmail.com>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/file-posix.c
Log Message:
-----------
block/file-posix: fix update_zones_wp() caller
When the zoned request fail, it needs to update only the wp of
the target zones for not disrupting the in-flight writes on
these other zones. The wp is updated successfully after the
request completes.
Fixed the callers with right offset and nr_zones.
Signed-off-by: Sam Li <faithilikerun@gmail.com>
Message-Id: <20230825040556.4217-1-faithilikerun@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
[hreitz: Rebased and fixed comment spelling]
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
(cherry picked from commit 10b9e0802a074c991e1ce485631d75641d0b0f9e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: bcc9879c1c83c930c656f57e5444e1adc18c206f
https://github.com/qemu/qemu/commit/bcc9879c1c83c930c656f57e5444e1adc18c206f
Author: Naohiro Aota <nao.aota@gmail.com>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M block/file-posix.c
Log Message:
-----------
file-posix: fix over-writing of returning zone_append offset
raw_co_zone_append() sets "s->offset" where "BDRVRawState *s". This pointer
is used later at raw_co_prw() to save the block address where the data is
written.
When multiple IOs are on-going at the same time, a later IO's
raw_co_zone_append() call over-writes a former IO's offset address before
raw_co_prw() completes. As a result, the former zone append IO returns the
initial value (= the start address of the writing zone), instead of the
proper address.
Fix the issue by passing the offset pointer to raw_co_prw() instead of
passing it through s->offset. Also, remove "offset" from BDRVRawState as
there is no usage anymore.
Fixes: 4751d09adcc3 ("block: introduce zone append write for zoned devices")
Signed-off-by: Naohiro Aota <naohiro.aota@wdc.com>
Message-Id: <20231030073853.2601162-1-naohiro.aota@wdc.com>
Reviewed-by: Sam Li <faithilikerun@gmail.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
(cherry picked from commit ad4feaca61d76fecad784e6d5e7bae40d0411c46)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e301a77abb4a51aac4ea58c148f7ec1f47fc1c35
https://github.com/qemu/qemu/commit/e301a77abb4a51aac4ea58c148f7ec1f47fc1c35
Author: BALATON Zoltan <balaton@eik.bme.hu>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M hw/display/ati.c
M hw/display/ati_2d.c
M hw/display/ati_int.h
Log Message:
-----------
ati-vga: Implement fallback for pixman routines
Pixman routines can fail if no implementation is available and it will
become optional soon so add fallbacks when pixman does not work.
Signed-off-by: BALATON Zoltan <balaton@eik.bme.hu>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID:
<ed0fba3f74e48143f02228b83bf8796ca49f3e7d.1698871239.git.balaton@eik.bme.hu>
(cherry picked from commit 08730ee0cc01c3fceb907a93436d15170a7556c4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 30d90aebcd505cd0f0bcaa20e4ff488af778d11f
https://github.com/qemu/qemu/commit/30d90aebcd505cd0f0bcaa20e4ff488af778d11f
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M ui/gtk.c
Log Message:
-----------
ui/gtk: force realization of drawing area
Fixes the GL context creation from a widget that isn't yet realized (in
a hidden tab for example).
Resolves:
https://gitlab.com/qemu-project/qemu/-/issues/1727
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Antonio Caggiano <quic_acaggian@quicinc.com>
Message-Id: <20231017111642.1155545-1-marcandre.lureau@redhat.com>
(cherry picked from commit 565f85a9c293818a91a3d3414311303de7e00cec)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 801b7e43905b180d1012ce394e7af9eb2eb7b826
https://github.com/qemu/qemu/commit/801b7e43905b180d1012ce394e7af9eb2eb7b826
Author: Dongwon Kim <dongwon.kim@intel.com>
Date: 2023-11-09 (Thu, 09 Nov 2023)
Changed paths:
M ui/gtk-egl.c
Log Message:
-----------
ui/gtk-egl: apply scale factor when calculating window's dimension
Scale factor needs to be applied when calculating width/height of the
GTK windows.
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Dongwon Kim <dongwon.kim@intel.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20231012222643.13996-1-dongwon.kim@intel.com>
(cherry picked from commit 47fd6ab1e334962890bc3e8d2e32857f6594e1c1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f68a36b7c44097e82b5bd47bfe3a70d61031654b
https://github.com/qemu/qemu/commit/f68a36b7c44097e82b5bd47bfe3a70d61031654b
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M target/mips/tcg/msa.decode
Log Message:
-----------
target/mips: Fix MSA BZ/BNZ opcodes displacement
The PC offset is *signed*.
Cc: qemu-stable@nongnu.org
Reported-by: Sergey Evlashev <vectorchiefrocks@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1624
Fixes: c7a9ef7517 ("target/mips: Introduce decode tree bindings for MSA ASE")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230914085807.12241-1-philmd@linaro.org>
(cherry picked from commit 04591b3ddd9a96b9298a1dd437a6464ab55e62ee)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f15258b1963816d8a51538007abd172ae2a1f4bf
https://github.com/qemu/qemu/commit/f15258b1963816d8a51538007abd172ae2a1f4bf
Author: Philippe Mathieu-Daudé <philmd@linaro.org>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M target/mips/tcg/tx79.decode
Log Message:
-----------
target/mips: Fix TX79 LQ/SQ opcodes
The base register address offset is *signed*.
Cc: qemu-stable@nongnu.org
Fixes: aaaa82a9f9 ("target/mips/tx79: Introduce LQ opcode (Load Quadword)")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230914090447.12557-1-philmd@linaro.org>
(cherry picked from commit 18f86aecd6a1bea0f78af14587a684ad966d8d3a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 60f7b60429da8b3a53cac46f4d7ff1cc21f186d8
https://github.com/qemu/qemu/commit/60f7b60429da8b3a53cac46f4d7ff1cc21f186d8
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M hw/ide/core.c
Log Message:
-----------
hw/ide: reset: cancel async DMA operation before resetting state
If there is a pending DMA operation during ide_bus_reset(), the fact
that the IDEState is already reset before the operation is canceled
can be problematic. In particular, ide_dma_cb() might be called and
then use the reset IDEState which contains the signature after the
reset. When used to construct the IO operation this leads to
ide_get_sector() returning 0 and nsector being 1. This is particularly
bad, because a write command will thus destroy the first sector which
often contains a partition table or similar.
Traces showing the unsolicited write happening with IDEState
0x5595af6949d0 being used after reset:
> ahci_port_write ahci(0x5595af6923f0)[0]: port write [reg:PxSCTL] @ 0x2c:
> 0x00000300
> ahci_reset_port ahci(0x5595af6923f0)[0]: reset port
> ide_reset IDEstate 0x5595af6949d0
> ide_reset IDEstate 0x5595af694da8
> ide_bus_reset_aio aio_cancel
> dma_aio_cancel dbs=0x7f64600089a0
> dma_blk_cb dbs=0x7f64600089a0 ret=0
> dma_complete dbs=0x7f64600089a0 ret=0 cb=0x5595acd40b30
> ahci_populate_sglist ahci(0x5595af6923f0)[0]
> ahci_dma_prepare_buf ahci(0x5595af6923f0)[0]: prepare buf limit=512
> prepared=512
> ide_dma_cb IDEState 0x5595af6949d0; sector_num=0 n=1 cmd=DMA WRITE
> dma_blk_io dbs=0x7f6420802010 bs=0x5595ae2c6c30 offset=0 to_dev=1
> dma_blk_cb dbs=0x7f6420802010 ret=0
> (gdb) p *qiov
> $11 = {iov = 0x7f647c76d840, niov = 1, {{nalloc = 1, local_iov = {iov_base =
> 0x0,
> iov_len = 512}}, {__pad =
> "\001\000\000\000\000\000\000\000\000\000\000",
> size = 512}}}
> (gdb) bt
> #0 blk_aio_pwritev (blk=0x5595ae2c6c30, offset=0, qiov=0x7f6420802070,
> flags=0,
> cb=0x5595ace6f0b0 <dma_blk_cb>, opaque=0x7f6420802010)
> at ../block/block-backend.c:1682
> #1 0x00005595ace6f185 in dma_blk_cb (opaque=0x7f6420802010, ret=<optimized
> out>)
> at ../softmmu/dma-helpers.c:179
> #2 0x00005595ace6f778 in dma_blk_io (ctx=0x5595ae0609f0,
> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
> io_func=io_func@entry=0x5595ace6ee30 <dma_blk_write_io_func>,
> io_func_opaque=io_func_opaque@entry=0x5595ae2c6c30,
> cb=0x5595acd40b30 <ide_dma_cb>, opaque=0x5595af6949d0,
> dir=DMA_DIRECTION_TO_DEVICE) at ../softmmu/dma-helpers.c:244
> #3 0x00005595ace6f90a in dma_blk_write (blk=0x5595ae2c6c30,
> sg=sg@entry=0x5595af694d00, offset=offset@entry=0, align=align@entry=512,
> cb=cb@entry=0x5595acd40b30 <ide_dma_cb>,
> opaque=opaque@entry=0x5595af6949d0)
> at ../softmmu/dma-helpers.c:280
> #4 0x00005595acd40e18 in ide_dma_cb (opaque=0x5595af6949d0, ret=<optimized
> out>)
> at ../hw/ide/core.c:953
> #5 0x00005595ace6f319 in dma_complete (ret=0, dbs=0x7f64600089a0)
> at ../softmmu/dma-helpers.c:107
> #6 dma_blk_cb (opaque=0x7f64600089a0, ret=0) at ../softmmu/dma-helpers.c:127
> #7 0x00005595ad12227d in blk_aio_complete (acb=0x7f6460005b10)
> at ../block/block-backend.c:1527
> #8 blk_aio_complete (acb=0x7f6460005b10) at ../block/block-backend.c:1524
> #9 blk_aio_write_entry (opaque=0x7f6460005b10) at
> ../block/block-backend.c:1594
> #10 0x00005595ad258cfb in coroutine_trampoline (i0=<optimized out>,
> i1=<optimized out>) at ../util/coroutine-ucontext.c:177
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: simon.rowe@nutanix.com
Message-ID: <20230906130922.142845-1-f.ebner@proxmox.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 7d7512019fc40c577e2bdd61f114f31a9eb84a8e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 07c2a9c0fa1cff5fe9da15977bb0118ffc1b2aae
https://github.com/qemu/qemu/commit/07c2a9c0fa1cff5fe9da15977bb0118ffc1b2aae
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M tests/qtest/ahci-test.c
Log Message:
-----------
tests/qtest: ahci-test: add test exposing reset issue with pending callback
Before commit "hw/ide: reset: cancel async DMA operation before
resetting state", this test would fail, because a reset with a
pending write operation would lead to an unsolicited write to the
first sector of the disk.
The test writes a pattern to the beginning of the disk and verifies
that it is still intact after a reset with a pending operation. It
also checks that the pending operation actually completes correctly.
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Message-ID: <20230906130922.142845-2-f.ebner@proxmox.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit cc610857bbd3551f4b86ae2299336b5d9aa0db2b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 88b778e4c2ef66d5faa1cc607dc6cbb996ca23e0
https://github.com/qemu/qemu/commit/88b778e4c2ef66d5faa1cc607dc6cbb996ca23e0
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix CLC corrupting cc_src
CLC updates cc_src before accessing the second operand; if the latter
is inaccessible, the former ends up containing a bogus value.
Fix by reading cc_src into a temporary first.
Fixes: 4f7403d52b1c ("target-s390: Convert CLC")
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1865
Cc: qemu-stable@nongnu.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Message-ID: <20231106093605.1349201-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit aba2ec341c6d20c8dc3e6ecf87fa7c1a71e30c1e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 255422dc75db9b3502434f791abfdc32e6d886bb
https://github.com/qemu/qemu/commit/255422dc75db9b3502434f791abfdc32e6d886bb
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/clc.c
Log Message:
-----------
tests/tcg/s390x: Test CLC with inaccessible second operand
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20231106093605.1349201-3-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 43fecbe7a53fe8e5a6aff0d6471b1cc624e26b51)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a16eec9fb22444ef0aa2054d33fabbf8165ee78c
https://github.com/qemu/qemu/commit/a16eec9fb22444ef0aa2054d33fabbf8165ee78c
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M target/s390x/tcg/insn-data.h.inc
M target/s390x/tcg/translate.c
Log Message:
-----------
target/s390x: Fix LAALG not updating cc_src
LAALG uses op_laa() and wout_addu64(). The latter expects cc_src to be
set, but the former does not do it. This can lead to assertion failures
if something sets cc_src to neither 0 nor 1 before.
Fix by introducing op_laa_addu64(), which sets cc_src, and using it for
LAALG.
Fixes: 4dba4d6fef61 ("target/s390x: Use atomic operations for LOAD AND OP")
Cc: qemu-stable@nongnu.org
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20231106093605.1349201-4-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit bea402482a8c94389638cbd3d7fe3963fb317f4c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 097c347136d18fc2d472ffa31326d883a2d9c196
https://github.com/qemu/qemu/commit/097c347136d18fc2d472ffa31326d883a2d9c196
Author: Ilya Leoshkevich <iii@linux.ibm.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M tests/tcg/s390x/Makefile.target
A tests/tcg/s390x/laalg.c
Log Message:
-----------
tests/tcg/s390x: Test LAALG with negative cc_src
Add a small test to prevent regressions.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <20231106093605.1349201-5-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit ebc14107f1f3ac1db13132cd28cf94adcd38e5d7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 100feda604fbe389353bbce306fb3b28de70dbad
https://github.com/qemu/qemu/commit/100feda604fbe389353bbce306fb3b28de70dbad
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M scripts/tracetool/__init__.py
Log Message:
-----------
tracetool: avoid invalid escape in Python string
This is an error in Python 3.12; fix it by using a raw string literal.
Cc: <qemu-stable@nongnu.org>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20231108105649.60453-1-marcandre.lureau@redhat.com>
(cherry picked from commit 4d96307c5b4fac40c6ca25f38318b4b65d315de0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 221c0e142608a8567e7d3d82500dea84639587a7
https://github.com/qemu/qemu/commit/221c0e142608a8567e7d3d82500dea84639587a7
Author: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M target/riscv/kvm.c
Log Message:
-----------
target/riscv/kvm: improve 'init_multiext_cfg' error msg
Our error message is returning the value of 'ret', which will be always
-1 in case of error, and will not be that useful:
qemu-system-riscv64: Unable to read ISA_EXT KVM register ssaia, error -1
Improve the error message by outputting 'errno' instead of 'ret'. Use
strerrorname_np() to output the error name instead of the error code.
This will give us what we need to know right away:
qemu-system-riscv64: Unable to read ISA_EXT KVM register ssaia, error code:
ENOENT
Given that we're going to exit(1) in this condition instead of
attempting to recover, remove the 'kvm_riscv_destroy_scratch_vcpu()'
call.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20231003132148.797921-2-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 082e9e4a58ba80ec056220a2f762a1c6b9a3a96c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 150ebd076e4aff712a7e098ff59fc962dc218697
https://github.com/qemu/qemu/commit/150ebd076e4aff712a7e098ff59fc962dc218697
Author: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M target/riscv/kvm.c
Log Message:
-----------
target/riscv/kvm: support KVM_GET_REG_LIST
KVM for RISC-V started supporting KVM_GET_REG_LIST in Linux 6.6. It
consists of a KVM ioctl() that retrieves a list of all available regs
for get_one_reg/set_one_reg. Regs that aren't present in the list aren't
supported in the host.
This simplifies our lives when initing the KVM regs since we don't have
to always attempt a KVM_GET_ONE_REG for all regs QEMU knows. We'll only
attempt a get_one_reg() if we're sure the reg is supported, i.e. it was
retrieved by KVM_GET_REG_LIST. Any error in get_one_reg() will then
always considered fatal, instead of having to handle special error codes
that might indicate a non-fatal failure.
Start by moving the current kvm_riscv_init_multiext_cfg() logic into a
new kvm_riscv_read_multiext_legacy() helper. We'll prioritize using
KVM_GET_REG_LIST, so check if we have it available and, in case we
don't, use the legacy() logic.
Otherwise, retrieve the available reg list and use it to check if the
host supports our known KVM regs, doing the usual get_one_reg() for
the supported regs and setting cpu->cfg accordingly.
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-ID: <20231003132148.797921-3-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 608bdebb6075b757e5505f6bbc60c45a54a1390b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: trivial context tweak in target/riscv/kvm.c)
Commit: 25f55508fc53ed5b0ca90a0b1b158e7d6accb487
https://github.com/qemu/qemu/commit/25f55508fc53ed5b0ca90a0b1b158e7d6accb487
Author: Matthew Rosato <mjrosato@linux.ibm.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M hw/s390x/s390-pci-vfio.c
Log Message:
-----------
s390x/pci: only limit DMA aperture if vfio DMA limit reported
If the host kernel lacks vfio DMA limit reporting, do not attempt
to shrink the guest DMA aperture.
Fixes: df202e3ff3 ("s390x/pci: shrink DMA aperture to be bound by vfio DMA
limit")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-ID: <20231110175108.465851-3-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 8011b508cf0ddbdbda03820f4fa6cd484a6d9aed)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b88b9585d8801c967ddfabd8375eba6b88f8632c
https://github.com/qemu/qemu/commit/b88b9585d8801c967ddfabd8375eba6b88f8632c
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M target/arm/tcg/translate-a64.c
Log Message:
-----------
target/arm: HVC at EL3 should go to EL3, not EL2
AArch64 permits code at EL3 to use the HVC instruction; however the
exception we take should go to EL3, not down to EL2 (see the pseudocode
AArch64.CallHypervisor()). Fix the target EL.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Edgar E. Iglesias <edgar@zeroasic.com>
Message-id: 20231109151917.1925107-1-peter.maydell@linaro.org
(cherry picked from commit fc58891d0422607d172a3d6b3158798f2556aef1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d19b4a4215950468147d9153a0495cd45608ad25
https://github.com/qemu/qemu/commit/d19b4a4215950468147d9153a0495cd45608ad25
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2023-11-19 (Sun, 19 Nov 2023)
Changed paths:
M hw/mips/Kconfig
Log Message:
-----------
hw/mips: LOONGSON3V depends on UNIMP device
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: qemu-stable@nongnu.org
Fixes: c76b409fef ("hw/mips: Add Loongson-3 machine support")
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20231107140615.3034763-1-marcandre.lureau@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 52c773ce893f6321f20c80101aa4ea9489a6f701)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 179cc58e00eab7497ce0ac3a1897ec4878588a15
https://github.com/qemu/qemu/commit/179cc58e00eab7497ce0ac3a1897ec4878588a15
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: 2023-11-21 (Tue, 21 Nov 2023)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 8.1.3 release
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/78385bc73810...179cc58e00ea