[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] e589e5: migration: Plug memory leak on HMP mi
|
From: |
Akihiko Odaki |
|
Subject: |
[Qemu-commits] [qemu/qemu] e589e5: migration: Plug memory leak on HMP migrate error path |
|
Date: |
Tue, 20 Feb 2024 23:47:03 -0800 |
Branch: refs/heads/staging-8.2
Home: https://github.com/qemu/qemu
Commit: e589e5ade7e7dc1f14eacc1670646439e4c07284
https://github.com/qemu/qemu/commit/e589e5ade7e7dc1f14eacc1670646439e4c07284
Author: Markus Armbruster <armbru@redhat.com>
Date: 2024-01-29 (Mon, 29 Jan 2024)
Changed paths:
M migration/migration-hmp-cmds.c
Log Message:
-----------
migration: Plug memory leak on HMP migrate error path
hmp_migrate() leaks @caps when qmp_migrate() fails. Plug the leak
with g_autoptr().
Fixes: 967f2de5c9ec (migration: Implement MigrateChannelList to hmp migration
flow.) v8.2.0-rc0
Fixes: CID 1533125
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Link: https://lore.kernel.org/r/20240117140722.3979657-1-armbru@redhat.com
[peterx: fix CID number as reported by Peter Maydell]
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 918f620d30a9b0095b7824b8d77a2d6059a439d9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 106aa13c5bbb10d1742d9f2be1ac73a4918f6a27
https://github.com/qemu/qemu/commit/106aa13c5bbb10d1742d9f2be1ac73a4918f6a27
Author: Fabiano Rosas <farosas@suse.de>
Date: 2024-01-29 (Mon, 29 Jan 2024)
Changed paths:
M migration/migration.c
Log Message:
-----------
migration: Fix use-after-free of migration state object
We're currently allowing the process_incoming_migration_bh bottom-half
to run without holding a reference to the 'current_migration' object,
which leads to a segmentation fault if the BH is still live after
migration_shutdown() has dropped the last reference to
current_migration.
In my system the bug manifests as migrate_multifd() returning true
when it shouldn't and multifd_load_shutdown() calling
multifd_recv_terminate_threads() which crashes due to an uninitialized
multifd_recv_state.
Fix the issue by holding a reference to the object when scheduling the
BH and dropping it before returning from the BH. The same is already
done for the cleanup_bh at migrate_fd_cleanup_schedule().
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1969
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20240119233922.32588-2-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 27eb8499edb2bc952c29ddae0bdac9fc959bf7b1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b79a2ef0d4dc6b8a4093334db29f7c221c1ac8bd
https://github.com/qemu/qemu/commit/b79a2ef0d4dc6b8a4093334db29f7c221c1ac8bd
Author: Cédric Le Goater <clg@redhat.com>
Date: 2024-01-29 (Mon, 29 Jan 2024)
Changed paths:
M hw/vfio/pci.c
Log Message:
-----------
vfio/pci: Clear MSI-X IRQ index always
When doing device assignment of a physical device, MSI-X can be
enabled with no vectors enabled and this sets the IRQ index to
VFIO_PCI_MSIX_IRQ_INDEX. However, when MSI-X is disabled, the IRQ
index is left untouched if no vectors are in use. Then, when INTx
is enabled, the IRQ index value is considered incompatible (set to
MSI-X) and VFIO_DEVICE_SET_IRQS fails. QEMU complains with :
qemu-system-x86_64: vfio 0000:08:00.0: Failed to set up TRIGGER eventfd
signaling for interrupt INTX-0: VFIO_DEVICE_SET_IRQS failure: Invalid argument
To avoid that, unconditionaly clear the IRQ index when MSI-X is
disabled.
Buglink: https://issues.redhat.com/browse/RHEL-21293
Fixes: 5ebffa4e87e7 ("vfio/pci: use an invalid fd to enable MSI-X")
Cc: Jing Liu <jing2.liu@intel.com>
Cc: Alex Williamson <alex.williamson@redhat.com>
Reviewed-by: Alex Williamson <alex.williamson@redhat.com>
Signed-off-by: Cédric Le Goater <clg@redhat.com>
(cherry picked from commit d2b668fca5652760b435ce812a743bba03d2f316)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3837e6dd1ef56e63919b961fa6786fd566fe0311
https://github.com/qemu/qemu/commit/3837e6dd1ef56e63919b961fa6786fd566fe0311
Author: Het Gala <het.gala@nutanix.com>
Date: 2024-01-29 (Mon, 29 Jan 2024)
Changed paths:
M qapi/migration.json
Log Message:
-----------
Make 'uri' optional for migrate QAPI
'uri' argument should be optional, as 'uri' and 'channels'
arguments are mutally exclusive in nature.
Fixes: 074dbce5fcce (migration: New migrate and migrate-incoming argument
'channels')
Signed-off-by: Het Gala <het.gala@nutanix.com>
Link: https://lore.kernel.org/r/20240123064219.40514-1-het.gala@nutanix.com
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 57fd4b4e10756448acd6c90ce041ba8dc9313efc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 84c9704b8e4a347ff74f17c018e58e7f90ca63fc
https://github.com/qemu/qemu/commit/84c9704b8e4a347ff74f17c018e58e7f90ca63fc
Author: Yihuan Pan <xun794@gmail.com>
Date: 2024-02-01 (Thu, 01 Feb 2024)
Changed paths:
M docs/system/keys.rst.inc
Log Message:
-----------
qemu-docs: Update options for graphical frontends
The command line options `-ctrl-grab` and `-alt-grab` have been removed
in QEMU 7.1. Instead, use the `-display sdl,grab-mod=<modifiers>` option
to specify the grab modifiers.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2103
Signed-off-by: Yihuan Pan <xun794@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit db101376af52e81f740a27f5fa38260ad171323c)
Commit: b91715588a101024c644a322ad2f43af50a8d2fd
https://github.com/qemu/qemu/commit/b91715588a101024c644a322ad2f43af50a8d2fd
Author: Richard W.M. Jones <rjones@redhat.com>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M block/blkio.c
Log Message:
-----------
block/blkio: Make s->mem_region_alignment be 64 bits
With GCC 14 the code failed to compile on i686 (and was wrong for any
version of GCC):
../block/blkio.c: In function ‘blkio_file_open’:
../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from
incompatible pointer type [-Wincompatible-pointer-types]
857 | &s->mem_region_alignment);
| ^~~~~~~~~~~~~~~~~~~~~~~~
| |
| size_t * {aka unsigned int *}
In file included from ../block/blkio.c:12:
/usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long
unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’}
49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t
*value);
| ~~~~~~~~~~^~~~~
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-id: 20240130122006.2977938-1-rjones@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 615eaeab3d318ba239d54141a4251746782f65c1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 35a60a20f0008a39af39bf39e12a1b07889b4e56
https://github.com/qemu/qemu/commit/35a60a20f0008a39af39bf39e12a1b07889b4e56
Author: Jan Klötzke <jan.kloetzke@kernkonzept.com>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M target/arm/helper.c
M target/arm/syndrome.h
Log Message:
-----------
target/arm: fix exception syndrome for AArch32 bkpt insn
Debug exceptions that target AArch32 Hyp mode are reported differently
than on AAarch64. Internally, Qemu uses the AArch64 syndromes. Therefore
such exceptions need to be either converted to a prefetch abort
(breakpoints, vector catch) or a data abort (watchpoints).
Cc: qemu-stable@nongnu.org
Signed-off-by: Jan Klötzke <jan.kloetzke@kernkonzept.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240127202758.3326381-1-jan.kloetzke@kernkonzept.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit f670be1aad33e801779af580398895b9455747ee)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e2a12fa4e7da627516b82ace779d7bfa641aa0de
https://github.com/qemu/qemu/commit/e2a12fa4e7da627516b82ace779d7bfa641aa0de
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M system/vl.c
Log Message:
-----------
system/vl.c: Fix handling of '-serial none -serial something'
Currently if the user passes multiple -serial options on the command
line, we mostly treat those as applying to the different serial
devices in order, so that for example
-serial stdio -serial file:filename
will connect the first serial port to stdio and the second to the
named file.
The exception to this is the '-serial none' serial device type. This
means "don't allocate this serial device", but a bug means that
following -serial options are not correctly handled, so that
-serial none -serial stdio
has the unexpected effect that stdio is connected to the first serial
port, not the second.
This is a very long-standing bug that dates back at least as far as
commit 998bbd74b9d81 from 2009.
Make the 'none' serial type move forward in the indexing of serial
devices like all the other serial types, so that any subsequent
-serial options are correctly handled.
Note that if your commandline mistakenly had a '-serial none' that
was being overridden by a following '-serial something' option, you
should delete the unnecessary '-serial none'. This will give you the
same behaviour as before, on QEMU versions both with and without this
bug fix.
Cc: qemu-stable@nongnu.org
Reported-by: Bohdan Kostiv <bohdan.kostiv@tii.ae>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240122163607.459769-2-peter.maydell@linaro.org
Fixes: 998bbd74b9d81 ("default devices: core code & serial lines")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit d2019a9d0c34a4fdcb5b5df550d73040dc0637d9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2d0530abe27bf5dce5aca269fbb2aa16e0ee88eb
https://github.com/qemu/qemu/commit/2d0530abe27bf5dce5aca269fbb2aa16e0ee88eb
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M qemu-options.hx
Log Message:
-----------
qemu-options.hx: Improve -serial option documentation
The -serial option documentation is a bit brief about '-serial none'
and '-serial null'. In particular it's not very clear about the
difference between them, and it doesn't mention that it's up to
the machine model whether '-serial none' means "don't create the
serial port" or "don't wire the serial port up to anything".
Expand on these points.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240122163607.459769-3-peter.maydell@linaro.org
(cherry picked from commit 747bfaf3a9d2f3cd51674763dc1f7575100cd200)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: de6992d390fa4e0623a135f0363b99cb6fd8ca5d
https://github.com/qemu/qemu/commit/de6992d390fa4e0623a135f0363b99cb6fd8ca5d
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M target/arm/cpu.c
Log Message:
-----------
target/arm: Reinstate "vfp" property on AArch32 CPUs
In commit 4315f7c614743 we restructured the logic for creating the
VFP related properties to avoid testing the aa32_simd_r32 feature on
AArch64 CPUs. However in the process we accidentally stopped
exposing the "vfp" QOM property on AArch32 TCG CPUs.
This mostly hasn't had any ill effects because not many people want
to disable VFP, but it wasn't intentional. Reinstate the property.
Cc: qemu-stable@nongnu.org
Fixes: 4315f7c614743 ("target/arm: Restructure has_vfp_d32 test")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2098
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240126193432.2210558-1-peter.maydell@linaro.org
(cherry picked from commit 185e3fdf8d106cb2f7d234d5e6453939c66db2a9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5f5e30229eea3971135ddc6dc70635866e605b63
https://github.com/qemu/qemu/commit/5f5e30229eea3971135ddc6dc70635866e605b63
Author: Guenter Roeck <linux@roeck-us.net>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M hw/pci-host/designware.c
Log Message:
-----------
pci-host: designware: Limit value range of iATU viewport register
The latest version of qemu (v8.2.0-869-g7a1dc45af5) crashes when booting
the mcimx7d-sabre emulation with Linux v5.11 and later.
qemu-system-arm: ../system/memory.c:2750: memory_region_set_alias_offset:
Assertion `mr->alias' failed.
Problem is that the Designware PCIe emulation accepts the full value range
for the iATU Viewport Register. However, both hardware and emulation only
support four inbound and four outbound viewports.
The Linux kernel determines the number of supported viewports by writing
0xff into the viewport register and reading the value back. The expected
value when reading the register is the highest supported viewport index.
Match that code by masking the supported viewport value range when the
register is written. With this change, the Linux kernel reports
imx6q-pcie 33800000.pcie: iATU: unroll F, 4 ob, 4 ib, align 0K, limit 4G
as expected and supported.
Fixes: d64e5eabc4c7 ("pci: Add support for Designware IP block")
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Nikita Ostrenkov <n.ostrenkov@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20240129060055.2616989-1-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 8a73152020337a7fbf34daf0a006d4d89ec1494e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8b7750c66f191ec830c2985dcc1382703b48a117
https://github.com/qemu/qemu/commit/8b7750c66f191ec830c2985dcc1382703b48a117
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M tcg/loongarch64/tcg-target.c.inc
Log Message:
-----------
tcg/loongarch64: Set vector registers call clobbered
Because there are more call clobbered registers than
call saved registers, we begin with all registers as
call clobbered and then reset those that are saved.
This was missed when we introduced the LSX support.
Cc: qemu-stable@nongnu.org
Fixes: 16288ded944 ("tcg/loongarch64: Lower basic tcg vec ops to LSX")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2136
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20240201233414.500588-1-richard.henderson@linaro.org>
(cherry picked from commit 45bf0e7aa648369cf8ab2333bd20144806fc1be3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3a970decfee1f82dcafce8b9e56bc1b382975f77
https://github.com/qemu/qemu/commit/3a970decfee1f82dcafce8b9e56bc1b382975f77
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M linux-user/aarch64/vdso-be.so
M linux-user/aarch64/vdso-le.so
M linux-user/aarch64/vdso.S
Log Message:
-----------
linux-user/aarch64: Add padding before __kernel_rt_sigreturn
Without this padding, an unwind through the signal handler
will pick up the unwind info for the preceding syscall.
This fixes gcc's 30_threads/thread/native_handle/cancel.cc.
Cc: qemu-stable@nongnu.org
Fixes: ee95fae075c6 ("linux-user/aarch64: Add vdso")
Resolves: https://linaro.atlassian.net/browse/GNU-974
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240202034427.504686-1-richard.henderson@linaro.org>
(cherry picked from commit 6400be014f80e4c2c246eb8be709ea3a96428233)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: bbfcb0f7bcc1f905eee3997e56d42bb1e97de51d
https://github.com/qemu/qemu/commit/bbfcb0f7bcc1f905eee3997e56d42bb1e97de51d
Author: Sven Schnelle <svens@stackframe.org>
Date: 2024-02-09 (Fri, 09 Feb 2024)
Changed paths:
M hw/scsi/lsi53c895a.c
Log Message:
-----------
hw/scsi/lsi53c895a: add missing decrement of reentrancy counter
When the maximum count of SCRIPTS instructions is reached, the code
stops execution and returns, but fails to decrement the reentrancy
counter. This effectively renders the SCSI controller unusable
because on next entry the reentrancy counter is still above the limit.
This bug was seen on HP-UX 10.20 which seems to trigger SCRIPTS
loops.
Fixes: b987718bbb ("hw/scsi/lsi53c895a: Fix reentrancy issues in the LSI
controller (CVE-2023-0330)")
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-ID: <20240128202214.2644768-1-svens@stackframe.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 8b09b7fe47082c69295a0fc0cc01b041b6385025)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 88555e3607d322e46e1f33a2acf9a7f4055bfde9
https://github.com/qemu/qemu/commit/88555e3607d322e46e1f33a2acf9a7f4055bfde9
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-02-12 (Mon, 12 Feb 2024)
Changed paths:
M tests/qemu-iotests/check
Log Message:
-----------
iotests: fix leak of tmpdir in dry-run mode
Creating an instance of the 'TestEnv' class will create a temporary
directory. This dir is only deleted, however, in the __exit__ handler
invoked by a context manager.
In dry-run mode, we don't use the TestEnv via a context manager, so
were leaking the temporary directory. Since meson invokes 'check'
5 times on each configure run, developers /tmp was filling up with
empty temporary directories.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20240205154019.1841037-1-berrange@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit c645bac4e06bf9642cc8e339d027a5d6ec54d811)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 84c54eaeffd3caf83b0c105b904928b40bad5db9
https://github.com/qemu/qemu/commit/84c54eaeffd3caf83b0c105b904928b40bad5db9
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-02-12 (Mon, 12 Feb 2024)
Changed paths:
M tests/qemu-iotests/testenv.py
Log Message:
-----------
iotests: give tempdir an identifying name
If something goes wrong causing the iotests not to cleanup their
temporary directory, it is useful if the dir had an identifying
name to show what is to blame.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <20240205155158.1843304-1-berrange@redhat.com>
Revieved-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 7d2faf0ce2ccc896ac56bc5ed2cdf4a55056a8bb)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: feb2073c866fb2cd600c6783f196139120ff2f9e
https://github.com/qemu/qemu/commit/feb2073c866fb2cd600c6783f196139120ff2f9e
Author: Hanna Czenczek <hreitz@redhat.com>
Date: 2024-02-12 (Mon, 12 Feb 2024)
Changed paths:
M hw/scsi/virtio-scsi.c
Log Message:
-----------
virtio-scsi: Attach event vq notifier with no_poll
As of commit 38738f7dbbda90fbc161757b7f4be35b52205552 ("virtio-scsi:
don't waste CPU polling the event virtqueue"), we only attach an io_read
notifier for the virtio-scsi event virtqueue instead, and no polling
notifiers. During operation, the event virtqueue is typically
non-empty, but none of the buffers are intended to be used immediately.
Instead, they only get used when certain events occur. Therefore, it
makes no sense to continuously poll it when non-empty, because it is
supposed to be and stay non-empty.
We do this by using virtio_queue_aio_attach_host_notifier_no_poll()
instead of virtio_queue_aio_attach_host_notifier() for the event
virtqueue.
Commit 766aa2de0f29b657148e04599320d771c36fd126 ("virtio-scsi: implement
BlockDevOps->drained_begin()") however has virtio_scsi_drained_end() use
virtio_queue_aio_attach_host_notifier() for all virtqueues, including
the event virtqueue. This can lead to it being polled again, undoing
the benefit of commit 38738f7dbbda90fbc161757b7f4be35b52205552.
Fix it by using virtio_queue_aio_attach_host_notifier_no_poll() for the
event virtqueue.
Reported-by: Fiona Ebner <f.ebner@proxmox.com>
Fixes: 766aa2de0f29b657148e04599320d771c36fd126
("virtio-scsi: implement BlockDevOps->drained_begin()")
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Tested-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Fiona Ebner <f.ebner@proxmox.com>
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
Message-ID: <20240202153158.788922-2-hreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit c42c3833e0cfdf2b80fb3ca410acfd392b6874ab)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 00e50cb42941decc79b61be27a14d009f4d96695
https://github.com/qemu/qemu/commit/00e50cb42941decc79b61be27a14d009f4d96695
Author: Hanna Czenczek <hreitz@redhat.com>
Date: 2024-02-12 (Mon, 12 Feb 2024)
Changed paths:
M hw/virtio/virtio.c
M include/block/aio.h
Log Message:
-----------
virtio: Re-enable notifications after drain
During drain, we do not care about virtqueue notifications, which is why
we remove the handlers on it. When removing those handlers, whether vq
notifications are enabled or not depends on whether we were in polling
mode or not; if not, they are enabled (by default); if so, they have
been disabled by the io_poll_start callback.
Because we do not care about those notifications after removing the
handlers, this is fine. However, we have to explicitly ensure they are
enabled when re-attaching the handlers, so we will resume receiving
notifications. We do this in virtio_queue_aio_attach_host_notifier*().
If such a function is called while we are in a polling section,
attaching the notifiers will then invoke the io_poll_start callback,
re-disabling notifications.
Because we will always miss virtqueue updates in the drained section, we
also need to poll the virtqueue once after attaching the notifiers.
Buglink: https://issues.redhat.com/browse/RHEL-3934
Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
Message-ID: <20240202153158.788922-3-hreitz@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit 5bdbaebcce18fe6a627cafad2043ec08f3de5744)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c36d4d3ceeb2c197614d552fc1aab5551d7d57f9
https://github.com/qemu/qemu/commit/c36d4d3ceeb2c197614d552fc1aab5551d7d57f9
Author: Stefan Hajnoczi <stefanha@redhat.com>
Date: 2024-02-12 (Mon, 12 Feb 2024)
Changed paths:
M hw/block/virtio-blk.c
Log Message:
-----------
virtio-blk: avoid using ioeventfd state in irqfd conditional
Requests that complete in an IOThread use irqfd to notify the guest
while requests that complete in the main loop thread use the traditional
qdev irq code path. The reason for this conditional is that the irq code
path requires the BQL:
if (s->ioeventfd_started && !s->ioeventfd_disabled) {
virtio_notify_irqfd(vdev, req->vq);
} else {
virtio_notify(vdev, req->vq);
}
There is a corner case where the conditional invokes the irq code path
instead of the irqfd code path:
static void virtio_blk_stop_ioeventfd(VirtIODevice *vdev)
{
...
/*
* Set ->ioeventfd_started to false before draining so that host notifiers
* are not detached/attached anymore.
*/
s->ioeventfd_started = false;
/* Wait for virtio_blk_dma_restart_bh() and in flight I/O to complete */
blk_drain(s->conf.conf.blk);
During blk_drain() the conditional produces the wrong result because
ioeventfd_started is false.
Use qemu_in_iothread() instead of checking the ioeventfd state.
Cc: qemu-stable@nongnu.org
Buglink: https://issues.redhat.com/browse/RHEL-15394
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20240122172625.415386-1-stefanha@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
(cherry picked from commit bfa36802d1704fc413c590ebdcc4e5ae0eacf439)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup for v8.2.0-809-g3cdaf3dd4a
"virtio-blk: rename dataplane to ioeventfd")
Commit: 76c172ffbe931c5018bd781fa565327010068b16
https://github.com/qemu/qemu/commit/76c172ffbe931c5018bd781fa565327010068b16
Author: Avihai Horon <avihaih@nvidia.com>
Date: 2024-02-12 (Mon, 12 Feb 2024)
Changed paths:
M migration/migration.c
Log Message:
-----------
migration: Fix logic of channels and transport compatibility check
The commit in the fixes line mistakenly modified the channels and
transport compatibility check logic so it now checks multi-channel
support only for socket transport type.
Thus, running multifd migration using a transport other than socket that
is incompatible with multi-channels (such as "exec") would lead to a
segmentation fault instead of an error message.
For example:
(qemu) migrate_set_capability multifd on
(qemu) migrate -d "exec:cat > /tmp/vm_state"
Segmentation fault (core dumped)
Fix it by checking multi-channel compatibility for all transport types.
Cc: qemu-stable <qemu-stable@nongnu.org>
Fixes: d95533e1cdcc ("migration: modify migration_channels_and_uri_compatible()
for new QAPI syntax")
Signed-off-by: Avihai Horon <avihaih@nvidia.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Link: https://lore.kernel.org/r/20240125162528.7552-2-avihaih@nvidia.com
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 3205bebd4fc6dd501fb8b10c93ddce9da18e09db)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: eca4e19914baba9fd73f774eb517acdd80add813
https://github.com/qemu/qemu/commit/eca4e19914baba9fd73f774eb517acdd80add813
Author: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Date: 2024-02-13 (Tue, 13 Feb 2024)
Changed paths:
M hw/riscv/virt-acpi-build.c
Log Message:
-----------
hw/riscv/virt-acpi-build.c: fix leak in build_rhct()
The 'isa' char pointer isn't being freed after use.
Issue detected by Valgrind:
==38752== 128 bytes in 1 blocks are definitely lost in loss record 3,190 of
3,884
==38752== at 0x484280F: malloc (vg_replace_malloc.c:442)
==38752== by 0x5189619: g_malloc (gmem.c:130)
==38752== by 0x51A5BF2: g_strconcat (gstrfuncs.c:628)
==38752== by 0x6C1E3E: riscv_isa_string_ext (cpu.c:2321)
==38752== by 0x6C1E3E: riscv_isa_string (cpu.c:2343)
==38752== by 0x6BD2EA: build_rhct (virt-acpi-build.c:232)
==38752== by 0x6BD2EA: virt_acpi_build (virt-acpi-build.c:556)
==38752== by 0x6BDC86: virt_acpi_setup (virt-acpi-build.c:662)
==38752== by 0x9C8DC6: notifier_list_notify (notify.c:39)
==38752== by 0x4A595A: qdev_machine_creation_done (machine.c:1589)
==38752== by 0x61E052: qemu_machine_creation_done (vl.c:2680)
==38752== by 0x61E052: qmp_x_exit_preconfig.part.0 (vl.c:2709)
==38752== by 0x6220C6: qmp_x_exit_preconfig (vl.c:2702)
==38752== by 0x6220C6: qemu_init (vl.c:3758)
==38752== by 0x425858: main (main.c:47)
Fixes: ebfd392893 ("hw/riscv/virt: virt-acpi-build.c: Add RHCT Table")
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <20240122221529.86562-2-dbarboza@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
(cherry picked from commit 1a49762c07d001ce291e4fc6773317f5611af3a4)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context fixup)
Commit: cefca32a2440ffc7bfb247b064d713d9de7c4489
https://github.com/qemu/qemu/commit/cefca32a2440ffc7bfb247b064d713d9de7c4489
Author: Fabiano Rosas <farosas@suse.de>
Date: 2024-02-13 (Tue, 13 Feb 2024)
Changed paths:
M tests/docker/dockerfiles/opensuse-leap.docker
M tests/lcitool/mappings.yml
M tests/lcitool/projects/qemu.yml
Log Message:
-----------
tests/docker: Add sqlite3 module to openSUSE Leap container
Avocado needs sqlite3:
Failed to load plugin from module "avocado.plugins.journal":
ImportError("Module 'sqlite3' is not installed.
Use: sudo zypper install python311 to install it")
>From 'zypper info python311':
"This package supplies rich command line features provided by
readline, and sqlite3 support for the interpreter core, thus forming
a so called "extended" runtime."
Include the appropriate package in the lcitool mappings which will
guarantee the dockerfile gets properly updated when lcitool is
run. Also include the updated dockerfile.
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Suggested-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20240117164227.32143-1-farosas@suse.de>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240207163812.3231697-2-alex.bennee@linaro.org>
(cherry picked from commit 7485508341f4e8c6802f7716a64dd49a4dd28d22)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6eeeb8733177db7bc23fb2e7271dea759b47e4f9
https://github.com/qemu/qemu/commit/6eeeb8733177db7bc23fb2e7271dea759b47e4f9
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2024-02-13 (Tue, 13 Feb 2024)
Changed paths:
M configure
Log Message:
-----------
configure: run plugin TCG tests again
Commit 39fb3cfc28b ("configure: clean up plugin option handling", 2023-10-18)
dropped the CONFIG_PLUGIN line from tests/tcg/config-host.mak, due to confusion
caused by the shadowing of $config_host_mak. However, TCG tests were still
expecting it. Oops.
Put it back, in the meanwhile the shadowing is gone so it's clear that it goes
in the tests/tcg configuration.
Cc: <alex.bennee@linaro.org>
Fixes: 39fb3cfc28b ("configure: clean up plugin option handling", 2023-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20240124115332.612162-1-pbonzini@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240207163812.3231697-4-alex.bennee@linaro.org>
(cherry picked from commit 15cc103362499bd94c5aec5fa66543d0de3bf4b5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: context fixup)
Commit: d6e07d59169e16beba99fd139d1fb99ca197c555
https://github.com/qemu/qemu/commit/d6e07d59169e16beba99fd139d1fb99ca197c555
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-02-13 (Tue, 13 Feb 2024)
Changed paths:
M hw/smbios/smbios.c
Log Message:
-----------
hw/smbios: Fix OEM strings table option validation
qemu_smbios_type11_opts did not have the list terminator and that
resulted in out-of-bound memory access. It also needs to have an element
for the type option.
Cc: qemu-stable@nongnu.org
Fixes: 2d6dcbf93fb0 ("smbios: support setting OEM strings table")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit cd8a35b913c24248267c682cb9a348461c106139)
Commit: 9ab476c3de1c2ff5851f00671cd24d6a16efff54
https://github.com/qemu/qemu/commit/9ab476c3de1c2ff5851f00671cd24d6a16efff54
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-02-13 (Tue, 13 Feb 2024)
Changed paths:
M hw/smbios/smbios.c
Log Message:
-----------
hw/smbios: Fix port connector option validation
qemu_smbios_type8_opts did not have the list terminator and that
resulted in out-of-bound memory access. It also needs to have an element
for the type option.
Cc: qemu-stable@nongnu.org
Fixes: fd8caa253c56 ("hw/smbios: support for type 8 (port connector)")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 196578c9d051d19c23e6c13e97b791a41b318315)
Commit: 281fea01d6d71ea8f5b33390f32886f054813cf6
https://github.com/qemu/qemu/commit/281fea01d6d71ea8f5b33390f32886f054813cf6
Author: Sven Schnelle <svens@stackframe.org>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M hw/net/tulip.c
Log Message:
-----------
hw/net/tulip: add chip status register values
Netbsd isn't able to detect a link on the emulated tulip card. That's
because netbsd reads the Chip Status Register of the Phy (address
0x14). The default phy data in the qemu tulip driver is all zero,
which means no link is established and autonegotation isn't complete.
Therefore set the register to 0x3b40, which means:
Link is up, Autonegotation complete, Full Duplex, 100MBit/s Link
speed.
Also clear the mask because this register is read only.
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Helge Deller <deller@gmx.de>
Tested-by: Helge Deller <deller@gmx.de>
Signed-off-by: Helge Deller <deller@gmx.de>
(cherry picked from commit 9b60a3ed5569a70bbdd29e3c9ec4c5d4685c6e2c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e5f105655c226262d9d7529dc8ee70402d9ef4ad
https://github.com/qemu/qemu/commit/e5f105655c226262d9d7529dc8ee70402d9ef4ad
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M include/tcg/tcg.h
Log Message:
-----------
tcg: Increase width of temp_subindex
We need values 0-3 for TCG_TYPE_I128 on 32-bit hosts.
Cc: qemu-stable@nongnu.org
Fixes: 43eef72f4109 ("tcg: Add temp allocation for TCGv_i128")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2159
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Tested-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit c0e688153f299d5d493989c80bcc84c9cf36d6a6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 181e54871574bf5aa10b5a44fec94f198bc912ce
https://github.com/qemu/qemu/commit/181e54871574bf5aa10b5a44fec94f198bc912ce
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M tcg/arm/tcg-target.c.inc
Log Message:
-----------
tcg/arm: Fix goto_tb for large translation blocks
Correct arithmetic for separating high and low
on a large negative number.
Cc: qemu-stable@nongnu.org
Fixes: 79ffece4447 ("tcg/arm: Implement direct branch for goto_tb")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1714
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit e41f1825b43796c3508ef309ed0b150ef89acc44)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 17ae7ebedcbd958c03a0878ff92d970ebca123c6
https://github.com/qemu/qemu/commit/17ae7ebedcbd958c03a0878ff92d970ebca123c6
Author: Andrey Ignatov <rdna@apple.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M docs/interop/vhost-user.rst
Log Message:
-----------
vhost-user.rst: Fix vring address description
There is no "size" field in vring address structure. Remove it.
Fixes: 5fc0e00291 ("Add vhost-user protocol documentation")
Signed-off-by: Andrey Ignatov <rdna@apple.com>
Message-Id: <20240112004555.64900-1-rdna@apple.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit aa05bd9ef4073ccb72d04ad78de32916af31c7c3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 89970831184893c21edcf455e0d91aaedd27a02d
https://github.com/qemu/qemu/commit/89970831184893c21edcf455e0d91aaedd27a02d
Author: Ira Weiny <ira.weiny@intel.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M hw/cxl/cxl-cdat.c
Log Message:
-----------
cxl/cdat: Handle cdat table build errors
The callback for building CDAT tables may return negative error codes.
This was previously unhandled and will result in potentially huge
allocations later on in ct3_build_cdat()
Detect the negative error code and defer cdat building.
Fixes: f5ee7413d592 ("hw/mem/cxl-type3: Add CXL CDAT Data Object Exchange")
Cc: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit c62926f730d08450502d36548e28dd727c998ace)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9d8a2a8aafa575429ccb001c99827ea199fbe7a6
https://github.com/qemu/qemu/commit/9d8a2a8aafa575429ccb001c99827ea199fbe7a6
Author: Ira Weiny <ira.weiny@intel.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M hw/cxl/cxl-cdat.c
Log Message:
-----------
cxl/cdat: Fix header sum value in CDAT checksum
The addition of the DCD support for CXL type-3 devices extended the CDAT
table large enough that the checksum being returned was incorrect.[1]
This was because the checksum value was using the header length field
rather than each of the 4 bytes of the length field. This was
previously not seen because the length of the CDAT data was less than
256 thus resulting in an equivalent checksum value.
Properly calculate the checksum for the CDAT header.
[1]
https://lore.kernel.org/all/20231116-fix-cdat-devm-free-v1-1-b148b40707d7@intel.com/
Fixes: aba578bdace5 ("hw/cxl/cdat: CXL CDAT Data Object Exchange
implementation")
Cc: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-5-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 64fdad5e67587e88c2f1d8f294e89403856a4a31)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: bdd3159ad724e4e0aad571b4352b288b8f947ddd
https://github.com/qemu/qemu/commit/bdd3159ad724e4e0aad571b4352b288b8f947ddd
Author: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M hw/cxl/cxl-device-utils.c
M include/hw/cxl/cxl_device.h
Log Message:
-----------
hw/cxl/device: read from register values in mdev_reg_read()
In the current mdev_reg_read() implementation, it consistently returns
that the Media Status is Ready (01b). This was fine until commit
25a52959f99d ("hw/cxl: Add support for device sanitation") because the
media was presumed to be ready.
However, as per the CXL 3.0 spec "8.2.9.8.5.1 Sanitize (Opcode 4400h)",
during sanitation, the Media State should be set to Disabled (11b). The
mentioned commit correctly sets it to Disabled, but mdev_reg_read()
still returns Media Status as Ready.
To address this, update mdev_reg_read() to read register values instead
of returning dummy values.
Note that __toggle_media() managed to not only write something
that no one read, it did it to the wrong register storage and
so changed the reported mailbox size which was definitely not
the intent. That gets fixed as a side effect of allocating
separate state storage for this register.
Fixes: commit 25a52959f99d ("hw/cxl: Add support for device sanitation")
Signed-off-by: Hyeonggon Yoo <42.hyeyoo@gmail.com>
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-7-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit f7509f462c788a347521f90f19d623908c4fbcc5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: bbe51d6ea3a9adcca3b46ce8f19b9b4ead488e28
https://github.com/qemu/qemu/commit/bbe51d6ea3a9adcca3b46ce8f19b9b4ead488e28
Author: Li Zhijian <lizhijian@fujitsu.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M hw/cxl/cxl-component-utils.c
Log Message:
-----------
hw/cxl: Pass CXLComponentState to cache_mem_ops
cache_mem_ops.{read,write}() interprets opaque as
CXLComponentState(cxl_cstate) instead of ComponentRegisters(cregs).
Fortunately, cregs is the first member of cxl_cstate, so their values are
the same.
Fixes: 9e58f52d3f8 ("hw/cxl/component: Introduce CXL components (8.1.x, 8.2.5)")
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-8-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 729d45a6af06753d3e330f589c248fe9687c5cd5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1c38c8a24a9d053d42e3892fddf18421cf3a67d3
https://github.com/qemu/qemu/commit/1c38c8a24a9d053d42e3892fddf18421cf3a67d3
Author: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M contrib/vhost-user-gpu/virgl.c
M hw/display/virtio-gpu-virgl.c
Log Message:
-----------
virtio-gpu: Correct virgl_renderer_resource_get_info() error check
virgl_renderer_resource_get_info() returns errno and not -1 on error.
Correct the return-value check.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Dmitry Osipenko <dmitry.osipenko@collabora.com>
Message-Id: <20240129073921.446869-1-dmitry.osipenko@collabora.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 574b64aa6754ba491f51024c5a823a674d48a658)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 721c3ceaeffed4d9adf9bb0062431483792c57b7
https://github.com/qemu/qemu/commit/721c3ceaeffed4d9adf9bb0062431483792c57b7
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M hw/virtio/virtio-iommu.c
Log Message:
-----------
virtio_iommu: Clear IOMMUPciBus pointer cache when system reset
s->iommu_pcibus_by_bus_num is a IOMMUPciBus pointer cache indexed
by bus number, bus number may not always be a fixed value,
i.e., guest reboot to different kernel which set bus number with
different algorithm.
This could lead to endpoint binding to wrong iommu MR in
virtio_iommu_get_endpoint(), then vfio device setup wrong
mapping from other device.
Remove the memset in virtio_iommu_device_realize() to avoid
redundancy with memset in system reset.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <20240125073706.339369-2-zhenzhong.duan@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 9a457383ce9d309d4679b079fafb51f0a2d949aa)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d4157195bd3b8753dc422085623e415d0bab3bb9
https://github.com/qemu/qemu/commit/d4157195bd3b8753dc422085623e415d0bab3bb9
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M hw/arm/smmu-common.c
Log Message:
-----------
smmu: Clear SMMUPciBus pointer cache when system reset
s->smmu_pcibus_by_bus_num is a SMMUPciBus pointer cache indexed
by bus number, bus number may not always be a fixed value,
i.e., guest reboot to different kernel which set bus number with
different algorithm.
This could lead to smmu_iommu_mr() providing the wrong iommu MR.
Suggested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <20240125073706.339369-3-zhenzhong.duan@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 8a6b3f4dc95a064e88adaca86374108da0ecb38d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 47df9ca585cbc1c14f197af1a05a236a3fad9920
https://github.com/qemu/qemu/commit/47df9ca585cbc1c14f197af1a05a236a3fad9920
Author: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M tests/qtest/bios-tables-test-allowed-diff.h
Log Message:
-----------
tests/acpi: Allow update of DSDT.cxl
The _STA value returned currently indicates the ACPI0017 device
is not enabled. Whilst this isn't a real device, setting _STA
like this may prevent an OS from enumerating it correctly and
hence from parsing the CEDT table.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-11-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 14ec4ff3e4293635240ba5a7afe7a0f3ba447d31)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 02d9979ba8f0bc504be36860969c6c6921816841
https://github.com/qemu/qemu/commit/02d9979ba8f0bc504be36860969c6c6921816841
Author: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M hw/i386/acpi-build.c
Log Message:
-----------
hw/i386: Fix _STA return value for ACPI0017
Found whilst testing a series for the linux kernel that actually
bothers to check if enabled is set. 0xB is the option used
for vast majority of DSDT entries in QEMU.
It is a little odd for a device that doesn't really exist and
is simply a hook to tell the OS there is a CEDT table but 0xB
seems a reasonable choice and avoids need to special case
this device in the OS.
Means:
* Device present.
* Device enabled and decoding it's resources.
* Not shown in UI
* Functioning properly
* No battery (on this device!)
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-12-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit d9ae5802f656f6fb53b788747ba557a826b6e740)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 803f1e70ec79f0f51fee4e175e747598488c0fa5
https://github.com/qemu/qemu/commit/803f1e70ec79f0f51fee4e175e747598488c0fa5
Author: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M tests/data/acpi/q35/DSDT.cxl
M tests/qtest/bios-tables-test-allowed-diff.h
Log Message:
-----------
tests/acpi: Update DSDT.cxl to reflect change _STA return value.
_STA will now return 0xB (in common with most other devices)
rather than not setting the bits to indicate this fake device
has not been enabled, and self tests haven't passed.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-13-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit b24a981b9f1c4767aaea815e504a2c7aeb405d72)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7950913ece574bc12089cca421e1a51d891b963e
https://github.com/qemu/qemu/commit/7950913ece574bc12089cca421e1a51d891b963e
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M linux-user/aarch64/target_prctl.h
Log Message:
-----------
linux-user/aarch64: Choose SYNC as the preferred MTE mode
The API does not generate an error for setting ASYNC | SYNC; that merely
constrains the selection vs the per-cpu default. For qemu linux-user,
choose SYNC as the default.
Cc: qemu-stable@nongnu.org
Reported-by: Gustavo Romero <gustavo.romero@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 681dfc0d552963d4d598350d26097a692900b408)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5e6e09baa516fd7c768cc1050a6ed638574e8047
https://github.com/qemu/qemu/commit/5e6e09baa516fd7c768cc1050a6ed638574e8047
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/tcg/translate-sve.c
Log Message:
-----------
target/arm: Fix nregs computation in do_{ld,st}_zpa
The field is encoded as [0-3], which is convenient for
indexing our array of function pointers, but the true
value is [1-4]. Adjust before calling do_mem_zpa.
Add an assert, and move the comment re passing ZT to
the helper back next to the relevant code.
Cc: qemu-stable@nongnu.org
Fixes: 206adacfb8d ("target/arm: Add mte helpers for sve scalar + int loads")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 64c6e7444dff64b42d11b836b9aec9acfbe8ecc2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8da74af97029dc96205ed4ddd53230d6d99c15c3
https://github.com/qemu/qemu/commit/8da74af97029dc96205ed4ddd53230d6d99c15c3
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/internals.h
M target/arm/tcg/translate-sve.c
Log Message:
-----------
target/arm: Adjust and validate mtedesc sizem1
When we added SVE_MTEDESC_SHIFT, we effectively limited the
maximum size of MTEDESC. Adjust SIZEM1 to consume the remaining
bits (32 - 10 - 5 - 12 == 5). Assert that the data to be stored
fits within the field (expecting 8 * 4 - 1 == 31, exact fit).
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-4-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit b12a7671b6099a26ce5d5ab09701f151e21c112c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: da804717a549118ef4fc1351540737444ffbb5b0
https://github.com/qemu/qemu/commit/da804717a549118ef4fc1351540737444ffbb5b0
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/tcg/translate-a64.h
M target/arm/tcg/translate-sme.c
M target/arm/tcg/translate-sve.c
Log Message:
-----------
target/arm: Split out make_svemte_desc
Share code that creates mtedesc and embeds within simd_desc.
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-5-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 96fcc9982b4aad7aced7fbff046048bbccc6cb0c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2d1a29e3b23d833c22ef01df9b6ceb7200275fd3
https://github.com/qemu/qemu/commit/2d1a29e3b23d833c22ef01df9b6ceb7200275fd3
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/tcg/translate-sve.c
Log Message:
-----------
target/arm: Handle mte in do_ldrq, do_ldro
These functions "use the standard load helpers", but
fail to clean_data_tbi or populate mtedesc.
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-6-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 623507ccfcfebb0f10229ae5de3f85a27fb615a7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 429c11c7266b14f3ce0a052cd582095fdf085d56
https://github.com/qemu/qemu/commit/429c11c7266b14f3ce0a052cd582095fdf085d56
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/tcg/sme_helper.c
M target/arm/tcg/sve_helper.c
Log Message:
-----------
target/arm: Fix SVE/SME gross MTE suppression checks
The TBI and TCMA bits are located within mtedesc, not desc.
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 855f94eca80c85a99f459e36684ea2f98f6a3243)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f030e96d27c50a13a5295927d90853680dbc1052
https://github.com/qemu/qemu/commit/f030e96d27c50a13a5295927d90853680dbc1052
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking
ARM_FEATURE_PMU
It doesn't make sense to read the value of MDCR_EL2 on a non-A-profile
CPU, and in fact if you try to do it we will assert:
#6 0x00007ffff4b95e96 in __GI___assert_fail
(assertion=0x5555565a8c70 "!arm_feature(env, ARM_FEATURE_M)",
file=0x5555565a6e5c "../../target/arm/helper.c", line=12600,
function=0x5555565a9560 <__PRETTY_FUNCTION__.0> "arm_security_space_below_el3")
at ./assert/assert.c:101
#7 0x0000555555ebf412 in arm_security_space_below_el3 (env=0x555557bc8190) at
../../target/arm/helper.c:12600
#8 0x0000555555ea6f89 in arm_is_el2_enabled (env=0x555557bc8190) at
../../target/arm/cpu.h:2595
#9 0x0000555555ea942f in arm_mdcr_el2_eff (env=0x555557bc8190) at
../../target/arm/internals.h:1512
We might call pmu_counter_enabled() on an M-profile CPU (for example
from the migration pre/post hooks in machine.c); this should always
return false because these CPUs don't set ARM_FEATURE_PMU.
Avoid the assertion by not calling arm_mdcr_el2_eff() before we
have done the early return for "PMU not present".
This fixes an assertion failure if you try to do a loadvm or
savevm for an M-profile board.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2155
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240208153346.970021-1-peter.maydell@linaro.org
(cherry picked from commit ac1d88e9e7ca0bed83e91e07ce6d0597f10cc77d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d5bc76fa20a8887d582710054bb3b06dd80c2aca
https://github.com/qemu/qemu/commit/d5bc76fa20a8887d582710054bb3b06dd80c2aca
Author: Kevin Wolf <kwolf@redhat.com>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M tests/qemu-iotests/144
M tests/qemu-iotests/144.out
Log Message:
-----------
iotests: Make 144 deterministic again
Since commit effd60c8 changed how QMP commands are processed, the order
of the block-commit return value and job events in iotests 144 wasn't
fixed and more and caused the test to fail intermittently.
Change the test to cache events first and then print them in a
predefined order.
Waiting three times for JOB_STATUS_CHANGE is a bit uglier than just
waiting for the JOB_STATUS_CHANGE that has "status": "ready", but the
tooling we have doesn't seem to allow the latter easily.
Fixes: effd60c878176bcaf97fa7ce2b12d04bb8ead6f7
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2126
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20240209173103.239994-1-kwolf@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit cc29c12ec629ba68a4a6cb7d165c94cc8502815a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4d9dc117eae8a5d5464635a436349c71e2f8ce8d
https://github.com/qemu/qemu/commit/4d9dc117eae8a5d5464635a436349c71e2f8ce8d
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M .gitlab-ci.d/windows.yml
Log Message:
-----------
.gitlab-ci/windows.yml: Don't install libusb or spice packages on 32-bit
When msys2 updated their libusb packages to libusb 1.0.27, they
dropped support for building them for mingw32, leaving only mingw64
packages. This broke our CI job, as the 'pacman' package install now
fails with:
error: target not found: mingw-w64-i686-libusb
error: target not found: mingw-w64-i686-usbredir
(both these binary packages are from the libusb source package).
Similarly, spice is now 64-bit only:
error: target not found: mingw-w64-i686-spice
Fix this by dropping these packages from the list we install for our
msys2-32bit build. We do this with a simple mechanism for the
msys2-64bit and msys2-32bit jobs to specify a list of extra packages
to install on top of the common ones we install for both jobs.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2160
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-id: 20240215155009.2422335-1-peter.maydell@linaro.org
(cherry picked from commit 8e31b744fdf2c5d933681e4128acee72a83af4b8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0766f137f50068e73fdca2a23b6f7b1de23d83ef
https://github.com/qemu/qemu/commit/0766f137f50068e73fdca2a23b6f7b1de23d83ef
Author: Xiaoyao Li <xiaoyao.li@intel.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not
available
Leaf FEAT_XSAVE_XSS_LO and FEAT_XSAVE_XSS_HI also need to be cleared
when CPUID_EXT_XSAVE is not set.
Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
Message-ID: <20240115091325.1904229-2-xiaoyao.li@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 81f5cad3858f27623b1b14467926032d229b76cc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 72c4ef9da08c4e8c692fe429cfd78ec934cdfb84
https://github.com/qemu/qemu/commit/72c4ef9da08c4e8c692fe429cfd78ec934cdfb84
Author: Xiaoyao Li <xiaoyao.li@intel.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and
FEAT_XSAVE_XSS_HI leafs
The value of FEAT_XSAVE_XCR0_HI leaf and FEAT_XSAVE_XSS_HI leaf also
need to be masked by XCR0 and XSS mask respectively, to make it
logically correct.
Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
Message-ID: <20240115091325.1904229-3-xiaoyao.li@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit a11a365159b944e05be76f3ec3b98c8b38cb70fd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: e8d27721cbb267fde6b7ce7e0984ec07df21d7e7
https://github.com/qemu/qemu/commit/e8d27721cbb267fde6b7ce7e0984ec07df21d7e7
Author: Xiaoyao Li <xiaoyao.li@intel.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/kvm/kvm.c
Log Message:
-----------
i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
Existing code misses a decrement of cpuid_i when skip leaf 0x1F.
There's a blank CPUID entry(with leaf, subleaf as 0, and all fields
stuffed 0s) left in the CPUID array.
It conflicts with correct CPUID leaf 0.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by:Yang Weijiang <weijiang.yang@intel.com>
Message-ID: <20240125024016.2521244-2-xiaoyao.li@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 10f92799af8ba3c3cef2352adcd4780f13fbab31)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f5dddb856cccdc491547235aeafb451acd63c8b1
https://github.com/qemu/qemu/commit/f5dddb856cccdc491547235aeafb451acd63c8b1
Author: Xiaoyao Li <xiaoyao.li@intel.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/kvm/kvm.c
Log Message:
-----------
i386/cpuid: Move leaf 7 to correct group
CPUID leaf 7 was grouped together with SGX leaf 0x12 by commit
b9edbadefb9e ("i386: Propagate SGX CPUID sub-leafs to KVM") by mistake.
SGX leaf 0x12 has its specific logic to check if subleaf (starting from 2)
is valid or not by checking the bit 0:3 of corresponding EAX is 1 or
not.
Leaf 7 follows the logic that EAX of subleaf 0 enumerates the maximum
valid subleaf.
Fixes: b9edbadefb9e ("i386: Propagate SGX CPUID sub-leafs to KVM")
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-ID: <20240125024016.2521244-4-xiaoyao.li@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0729857c707535847d7fe31d3d91eb8b2a118e3c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0b30735d3807640587c2bc9b19ab274e0f8eef57
https://github.com/qemu/qemu/commit/0b30735d3807640587c2bc9b19ab274e0f8eef57
Author: Ziqiao Kong <ziqiaokong@gmail.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: Generate an illegal opcode exception on cmp instructions with
lock prefix
target/i386: As specified by Intel Manual Vol2 3-180, cmp instructions
are not allowed to have lock prefix and a `UD` should be raised. Without
this patch, s1->T0 will be uninitialized and used in the case OP_CMPL.
Signed-off-by: Ziqiao Kong <ziqiaokong@gmail.com>
Message-ID: <20240215095015.570748-2-ziqiaokong@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 99d0dcd7f102c07a510200d768cae65e5db25d23)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4fd56da3370a7ad009a0a960e722991c9927d890
https://github.com/qemu/qemu/commit/4fd56da3370a7ad009a0a960e722991c9927d890
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/vnc.c
Log Message:
-----------
ui: reject extended clipboard message if not activated
The extended clipboard message protocol requires that the client
activate the extension by requesting a psuedo encoding. If this
is not done, then any extended clipboard messages from the client
should be considered invalid and the client dropped.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240115095119.654271-1-berrange@redhat.com>
(cherry picked from commit 4cba8388968b70fe20e290221dc421c717051fdd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 480a6adc83a7bbc84bfe67229e084603dc061824
https://github.com/qemu/qemu/commit/480a6adc83a7bbc84bfe67229e084603dc061824
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/clipboard.c
Log Message:
-----------
ui/clipboard: mark type as not available when there is no data
With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT
message with len=0. In qemu_clipboard_set_data(), the clipboard info
will be updated setting data to NULL (because g_memdup(data, size)
returns NULL when size is 0). If the client does not set the
VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then
the 'request' callback for the clipboard peer is not initialized.
Later, because data is NULL, qemu_clipboard_request() can be reached
via vdagent_chr_write() and vdagent_clipboard_recv_request() and
there, the clipboard owner's 'request' callback will be attempted to
be called, but that is a NULL pointer.
In particular, this can happen when using the KRDC (22.12.3) VNC
client.
Another scenario leading to the same issue is with two clients (say
noVNC and KRDC):
The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and
initializes its cbpeer.
The KRDC client does not, but triggers a vnc_client_cut_text() (note
it's not the _ext variant)). There, a new clipboard info with it as
the 'owner' is created and via qemu_clipboard_set_data() is called,
which in turn calls qemu_clipboard_update() with that info.
In qemu_clipboard_update(), the notifier for the noVNC client will be
called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the
noVNC client. The 'owner' in that clipboard info is the clipboard peer
for the KRDC client, which did not initialize the 'request' function.
That sounds correct to me, it is the owner of that clipboard info.
Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set
the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it
passes), that clipboard info is passed to qemu_clipboard_request() and
the original segfault still happens.
Fix the issue by handling updates with size 0 differently. In
particular, mark in the clipboard info that the type is not available.
While at it, switch to g_memdup2(), because g_memdup() is deprecated.
Cc: qemu-stable@nongnu.org
Fixes: CVE-2023-6683
Reported-by: Markus Frank <m.frank@proxmox.com>
Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Markus Frank <m.frank@proxmox.com>
Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com>
(cherry picked from commit 405484b29f6548c7b86549b0f961b906337aa68a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7ff0d4d184a83ac54b917c5af577e7a32e6a6f3e
https://github.com/qemu/qemu/commit/7ff0d4d184a83ac54b917c5af577e7a32e6a6f3e
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/clipboard.c
Log Message:
-----------
ui/clipboard: add asserts for update and request
Should an issue like CVE-2023-6683 ever appear again in the future,
it will be more obvious which assumption was violated.
Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20240124105749.204610-2-f.ebner@proxmox.com>
(cherry picked from commit 9c416582611b7495bdddb4c5456c7acb64b78938)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2e5c9d5462a24d54ed8df0fcbab12e3cc6b50f90
https://github.com/qemu/qemu/commit/2e5c9d5462a24d54ed8df0fcbab12e3cc6b50f90
Author: Tianlan Zhou <bobby825@126.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/console.c
Log Message:
-----------
ui/console: Fix console resize with placeholder surface
In `qemu_console_resize()`, the old surface of the console is keeped if the new
console size is the same as the old one. If the old surface is a placeholder,
and the new size of console is the same as the placeholder surface (640*480),
the surface won't be replace.
In this situation, the surface's `QEMU_PLACEHOLDER_FLAG` flag is still set, so
the console won't be displayed in SDL display mode.
This patch fixes this problem by forcing a new surface if the old one is a
placeholder.
Signed-off-by: Tianlan Zhou <bobby825@126.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20240207172024.8-1-bobby825@126.com>
(cherry picked from commit 95b08fee8f68d284a5028d37fd28be7a70c8e92b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1766b9360c3dfe3fb18241149047dc369ff7b1ae
https://github.com/qemu/qemu/commit/1766b9360c3dfe3fb18241149047dc369ff7b1ae
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M audio/meson.build
Log Message:
-----------
audio: Depend on dbus_display1_dep
dbusaudio needs dbus_display1_dep.
Fixes: 739362d4205c ("audio: add "dbus" audio backend")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240214-dbus-v7-1-7eff29f04c34@daynix.com>
(cherry picked from commit d67611907590a1e6c998b7c5a5cb4394acf84329)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fb22ee75b2949b57c18872f9d1b026af9f068455
https://github.com/qemu/qemu/commit/fb22ee75b2949b57c18872f9d1b026af9f068455
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/meson.build
Log Message:
-----------
meson: Explicitly specify dbus-display1.h dependency
Explicitly specify dbus-display1.h as a dependency so that files
depending on it will not get compiled too early.
Fixes: 1222070e7728 ("meson: ensure dbus-display generated code is built before
other units")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240214-dbus-v7-2-7eff29f04c34@daynix.com>
(cherry picked from commit 7aee57df930da2cf6361c5183aff96468ae4027d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 814f887430deb390341c8585cd413e0effc94798
https://github.com/qemu/qemu/commit/814f887430deb390341c8585cd413e0effc94798
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M tests/qtest/meson.build
Log Message:
-----------
tests/qtest: Depend on dbus_display1_dep
It ensures dbus-display1.c will not be recompiled.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240214-dbus-v7-3-7eff29f04c34@daynix.com>
(cherry picked from commit 186acfbaf7f325833702f50f75ef5116dc29e233)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/f48c205fb42b...814f887430de
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] e589e5: migration: Plug memory leak on HMP migrate error path,
Akihiko Odaki <=