[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] 18c776: migration: Fix use-after-free of migr
|
From: |
Alex Bennée |
|
Subject: |
[Qemu-commits] [qemu/qemu] 18c776: migration: Fix use-after-free of migration state o... |
|
Date: |
Mon, 04 Mar 2024 04:17:50 -0800 |
Branch: refs/heads/stable-7.2
Home: https://github.com/qemu/qemu
Commit: 18c776ecf6fa8bc32fe18388e4e147c105a99ac0
https://github.com/qemu/qemu/commit/18c776ecf6fa8bc32fe18388e4e147c105a99ac0
Author: Fabiano Rosas <farosas@suse.de>
Date: 2024-01-29 (Mon, 29 Jan 2024)
Changed paths:
M migration/migration.c
Log Message:
-----------
migration: Fix use-after-free of migration state object
We're currently allowing the process_incoming_migration_bh bottom-half
to run without holding a reference to the 'current_migration' object,
which leads to a segmentation fault if the BH is still live after
migration_shutdown() has dropped the last reference to
current_migration.
In my system the bug manifests as migrate_multifd() returning true
when it shouldn't and multifd_load_shutdown() calling
multifd_recv_terminate_threads() which crashes due to an uninitialized
multifd_recv_state.
Fix the issue by holding a reference to the object when scheduling the
BH and dropping it before returning from the BH. The same is already
done for the cleanup_bh at migrate_fd_cleanup_schedule().
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1969
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Link: https://lore.kernel.org/r/20240119233922.32588-2-farosas@suse.de
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 27eb8499edb2bc952c29ddae0bdac9fc959bf7b1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ce979ef754ced807e5f4c90e54eaf3dd1628b87a
https://github.com/qemu/qemu/commit/ce979ef754ced807e5f4c90e54eaf3dd1628b87a
Author: Yihuan Pan <xun794@gmail.com>
Date: 2024-02-01 (Thu, 01 Feb 2024)
Changed paths:
M docs/system/keys.rst.inc
Log Message:
-----------
qemu-docs: Update options for graphical frontends
The command line options `-ctrl-grab` and `-alt-grab` have been removed
in QEMU 7.1. Instead, use the `-display sdl,grab-mod=<modifiers>` option
to specify the grab modifiers.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2103
Signed-off-by: Yihuan Pan <xun794@gmail.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit db101376af52e81f740a27f5fa38260ad171323c)
Commit: c49842381ac7d8436b578013d87bb3afb16a7421
https://github.com/qemu/qemu/commit/c49842381ac7d8436b578013d87bb3afb16a7421
Author: Richard W.M. Jones <rjones@redhat.com>
Date: 2024-02-01 (Thu, 01 Feb 2024)
Changed paths:
M block/blkio.c
Log Message:
-----------
block/blkio: Make s->mem_region_alignment be 64 bits
With GCC 14 the code failed to compile on i686 (and was wrong for any
version of GCC):
../block/blkio.c: In function ‘blkio_file_open’:
../block/blkio.c:857:28: error: passing argument 3 of ‘blkio_get_uint64’ from
incompatible pointer type [-Wincompatible-pointer-types]
857 | &s->mem_region_alignment);
| ^~~~~~~~~~~~~~~~~~~~~~~~
| |
| size_t * {aka unsigned int *}
In file included from ../block/blkio.c:12:
/usr/include/blkio.h:49:67: note: expected ‘uint64_t *’ {aka ‘long long
unsigned int *’} but argument is of type ‘size_t *’ {aka ‘unsigned int *’}
49 | int blkio_get_uint64(struct blkio *b, const char *name, uint64_t
*value);
| ~~~~~~~~~~^~~~~
Signed-off-by: Richard W.M. Jones <rjones@redhat.com>
Message-id: 20240130122006.2977938-1-rjones@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 615eaeab3d318ba239d54141a4251746782f65c1)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d9b2dc2ffad4b763074883b70731a2272ee8e141
https://github.com/qemu/qemu/commit/d9b2dc2ffad4b763074883b70731a2272ee8e141
Author: Jan Klötzke <jan.kloetzke@kernkonzept.com>
Date: 2024-02-03 (Sat, 03 Feb 2024)
Changed paths:
M target/arm/helper.c
M target/arm/syndrome.h
Log Message:
-----------
target/arm: fix exception syndrome for AArch32 bkpt insn
Debug exceptions that target AArch32 Hyp mode are reported differently
than on AAarch64. Internally, Qemu uses the AArch64 syndromes. Therefore
such exceptions need to be either converted to a prefetch abort
(breakpoints, vector catch) or a data abort (watchpoints).
Cc: qemu-stable@nongnu.org
Signed-off-by: Jan Klötzke <jan.kloetzke@kernkonzept.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240127202758.3326381-1-jan.kloetzke@kernkonzept.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit f670be1aad33e801779af580398895b9455747ee)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 597a9a2b4b18323c20538008cd3ded85de76e9fa
https://github.com/qemu/qemu/commit/597a9a2b4b18323c20538008cd3ded85de76e9fa
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-03 (Sat, 03 Feb 2024)
Changed paths:
M softmmu/vl.c
Log Message:
-----------
system/vl.c: Fix handling of '-serial none -serial something'
Currently if the user passes multiple -serial options on the command
line, we mostly treat those as applying to the different serial
devices in order, so that for example
-serial stdio -serial file:filename
will connect the first serial port to stdio and the second to the
named file.
The exception to this is the '-serial none' serial device type. This
means "don't allocate this serial device", but a bug means that
following -serial options are not correctly handled, so that
-serial none -serial stdio
has the unexpected effect that stdio is connected to the first serial
port, not the second.
This is a very long-standing bug that dates back at least as far as
commit 998bbd74b9d81 from 2009.
Make the 'none' serial type move forward in the indexing of serial
devices like all the other serial types, so that any subsequent
-serial options are correctly handled.
Note that if your commandline mistakenly had a '-serial none' that
was being overridden by a following '-serial something' option, you
should delete the unnecessary '-serial none'. This will give you the
same behaviour as before, on QEMU versions both with and without this
bug fix.
Cc: qemu-stable@nongnu.org
Reported-by: Bohdan Kostiv <bohdan.kostiv@tii.ae>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240122163607.459769-2-peter.maydell@linaro.org
Fixes: 998bbd74b9d81 ("default devices: core code & serial lines")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit d2019a9d0c34a4fdcb5b5df550d73040dc0637d9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f039059e0a1cc3cebb74d60096ba2cad05e9dfd5
https://github.com/qemu/qemu/commit/f039059e0a1cc3cebb74d60096ba2cad05e9dfd5
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-03 (Sat, 03 Feb 2024)
Changed paths:
M qemu-options.hx
Log Message:
-----------
qemu-options.hx: Improve -serial option documentation
The -serial option documentation is a bit brief about '-serial none'
and '-serial null'. In particular it's not very clear about the
difference between them, and it doesn't mention that it's up to
the machine model whether '-serial none' means "don't create the
serial port" or "don't wire the serial port up to anything".
Expand on these points.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240122163607.459769-3-peter.maydell@linaro.org
(cherry picked from commit 747bfaf3a9d2f3cd51674763dc1f7575100cd200)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2884514b98b69bc03f173ab7fe1adce7bcd564ab
https://github.com/qemu/qemu/commit/2884514b98b69bc03f173ab7fe1adce7bcd564ab
Author: Guenter Roeck <linux@roeck-us.net>
Date: 2024-02-03 (Sat, 03 Feb 2024)
Changed paths:
M hw/pci-host/designware.c
Log Message:
-----------
pci-host: designware: Limit value range of iATU viewport register
The latest version of qemu (v8.2.0-869-g7a1dc45af5) crashes when booting
the mcimx7d-sabre emulation with Linux v5.11 and later.
qemu-system-arm: ../system/memory.c:2750: memory_region_set_alias_offset:
Assertion `mr->alias' failed.
Problem is that the Designware PCIe emulation accepts the full value range
for the iATU Viewport Register. However, both hardware and emulation only
support four inbound and four outbound viewports.
The Linux kernel determines the number of supported viewports by writing
0xff into the viewport register and reading the value back. The expected
value when reading the register is the highest supported viewport index.
Match that code by masking the supported viewport value range when the
register is written. With this change, the Linux kernel reports
imx6q-pcie 33800000.pcie: iATU: unroll F, 4 ob, 4 ib, align 0K, limit 4G
as expected and supported.
Fixes: d64e5eabc4c7 ("pci: Add support for Designware IP block")
Cc: Andrey Smirnov <andrew.smirnov@gmail.com>
Cc: Nikita Ostrenkov <n.ostrenkov@gmail.com>
Signed-off-by: Guenter Roeck <linux@roeck-us.net>
Message-id: 20240129060055.2616989-1-linux@roeck-us.net
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 8a73152020337a7fbf34daf0a006d4d89ec1494e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 258293b564d00d8c34419442da3fd7b8108eaee4
https://github.com/qemu/qemu/commit/258293b564d00d8c34419442da3fd7b8108eaee4
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-02-13 (Tue, 13 Feb 2024)
Changed paths:
M hw/smbios/smbios.c
Log Message:
-----------
hw/smbios: Fix OEM strings table option validation
qemu_smbios_type11_opts did not have the list terminator and that
resulted in out-of-bound memory access. It also needs to have an element
for the type option.
Cc: qemu-stable@nongnu.org
Fixes: 2d6dcbf93fb0 ("smbios: support setting OEM strings table")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit cd8a35b913c24248267c682cb9a348461c106139)
Commit: 0fd604b02ab880f3c8416d8f9e74eaa55f43cb56
https://github.com/qemu/qemu/commit/0fd604b02ab880f3c8416d8f9e74eaa55f43cb56
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-02-13 (Tue, 13 Feb 2024)
Changed paths:
M hw/smbios/smbios.c
Log Message:
-----------
hw/smbios: Fix port connector option validation
qemu_smbios_type8_opts did not have the list terminator and that
resulted in out-of-bound memory access. It also needs to have an element
for the type option.
Cc: qemu-stable@nongnu.org
Fixes: fd8caa253c56 ("hw/smbios: support for type 8 (port connector)")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 196578c9d051d19c23e6c13e97b791a41b318315)
Commit: 2112a217dc48d6cd2fce4737db0849558e98e643
https://github.com/qemu/qemu/commit/2112a217dc48d6cd2fce4737db0849558e98e643
Author: Andrey Ignatov <rdna@apple.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M docs/interop/vhost-user.rst
Log Message:
-----------
vhost-user.rst: Fix vring address description
There is no "size" field in vring address structure. Remove it.
Fixes: 5fc0e00291 ("Add vhost-user protocol documentation")
Signed-off-by: Andrey Ignatov <rdna@apple.com>
Message-Id: <20240112004555.64900-1-rdna@apple.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit aa05bd9ef4073ccb72d04ad78de32916af31c7c3)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: eccd94458b4d4784fce17b001b061ce94b7ca80a
https://github.com/qemu/qemu/commit/eccd94458b4d4784fce17b001b061ce94b7ca80a
Author: Ira Weiny <ira.weiny@intel.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M hw/cxl/cxl-cdat.c
Log Message:
-----------
cxl/cdat: Handle cdat table build errors
The callback for building CDAT tables may return negative error codes.
This was previously unhandled and will result in potentially huge
allocations later on in ct3_build_cdat()
Detect the negative error code and defer cdat building.
Fixes: f5ee7413d592 ("hw/mem/cxl-type3: Add CXL CDAT Data Object Exchange")
Cc: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit c62926f730d08450502d36548e28dd727c998ace)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b5246140deddb281de5886b640711a57dbf7df94
https://github.com/qemu/qemu/commit/b5246140deddb281de5886b640711a57dbf7df94
Author: Ira Weiny <ira.weiny@intel.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M hw/cxl/cxl-cdat.c
Log Message:
-----------
cxl/cdat: Fix header sum value in CDAT checksum
The addition of the DCD support for CXL type-3 devices extended the CDAT
table large enough that the checksum being returned was incorrect.[1]
This was because the checksum value was using the header length field
rather than each of the 4 bytes of the length field. This was
previously not seen because the length of the CDAT data was less than
256 thus resulting in an equivalent checksum value.
Properly calculate the checksum for the CDAT header.
[1]
https://lore.kernel.org/all/20231116-fix-cdat-devm-free-v1-1-b148b40707d7@intel.com/
Fixes: aba578bdace5 ("hw/cxl/cdat: CXL CDAT Data Object Exchange
implementation")
Cc: Huai-Cheng Kuo <hchkuo@avery-design.com.tw>
Signed-off-by: Ira Weiny <ira.weiny@intel.com>
Reviewed-by: Dave Jiang <dave.jiang@intel.com>
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-5-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 64fdad5e67587e88c2f1d8f294e89403856a4a31)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4bfbb4ed9a97876cdfa07c79116a2f6d4a3ca26b
https://github.com/qemu/qemu/commit/4bfbb4ed9a97876cdfa07c79116a2f6d4a3ca26b
Author: Li Zhijian <lizhijian@fujitsu.com>
Date: 2024-02-14 (Wed, 14 Feb 2024)
Changed paths:
M hw/cxl/cxl-component-utils.c
Log Message:
-----------
hw/cxl: Pass CXLComponentState to cache_mem_ops
cache_mem_ops.{read,write}() interprets opaque as
CXLComponentState(cxl_cstate) instead of ComponentRegisters(cregs).
Fortunately, cregs is the first member of cxl_cstate, so their values are
the same.
Fixes: 9e58f52d3f8 ("hw/cxl/component: Introduce CXL components (8.1.x, 8.2.5)")
Reviewed-by: Fan Ni <fan.ni@samsung.com>
Signed-off-by: Li Zhijian <lizhijian@fujitsu.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-8-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 729d45a6af06753d3e330f589c248fe9687c5cd5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 10981da02263ecc5e73e55ad1159d23009e3703c
https://github.com/qemu/qemu/commit/10981da02263ecc5e73e55ad1159d23009e3703c
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M hw/virtio/virtio-iommu.c
Log Message:
-----------
virtio_iommu: Clear IOMMUPciBus pointer cache when system reset
s->iommu_pcibus_by_bus_num is a IOMMUPciBus pointer cache indexed
by bus number, bus number may not always be a fixed value,
i.e., guest reboot to different kernel which set bus number with
different algorithm.
This could lead to endpoint binding to wrong iommu MR in
virtio_iommu_get_endpoint(), then vfio device setup wrong
mapping from other device.
Remove the memset in virtio_iommu_device_realize() to avoid
redundancy with memset in system reset.
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <20240125073706.339369-2-zhenzhong.duan@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 9a457383ce9d309d4679b079fafb51f0a2d949aa)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3004edca488b945bb70c9706ece44cf6699bff30
https://github.com/qemu/qemu/commit/3004edca488b945bb70c9706ece44cf6699bff30
Author: Zhenzhong Duan <zhenzhong.duan@intel.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M hw/arm/smmu-common.c
Log Message:
-----------
smmu: Clear SMMUPciBus pointer cache when system reset
s->smmu_pcibus_by_bus_num is a SMMUPciBus pointer cache indexed
by bus number, bus number may not always be a fixed value,
i.e., guest reboot to different kernel which set bus number with
different algorithm.
This could lead to smmu_iommu_mr() providing the wrong iommu MR.
Suggested-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com>
Message-Id: <20240125073706.339369-3-zhenzhong.duan@intel.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 8a6b3f4dc95a064e88adaca86374108da0ecb38d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b8c6b783c375096bbb599c9b355c97a024a0e5da
https://github.com/qemu/qemu/commit/b8c6b783c375096bbb599c9b355c97a024a0e5da
Author: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M tests/qtest/bios-tables-test-allowed-diff.h
Log Message:
-----------
tests/acpi: Allow update of DSDT.cxl
The _STA value returned currently indicates the ACPI0017 device
is not enabled. Whilst this isn't a real device, setting _STA
like this may prevent an OS from enumerating it correctly and
hence from parsing the CEDT table.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-11-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 14ec4ff3e4293635240ba5a7afe7a0f3ba447d31)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3b88637c8cf8039577b713ffe5a87b29a64702db
https://github.com/qemu/qemu/commit/3b88637c8cf8039577b713ffe5a87b29a64702db
Author: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M hw/i386/acpi-build.c
Log Message:
-----------
hw/i386: Fix _STA return value for ACPI0017
Found whilst testing a series for the linux kernel that actually
bothers to check if enabled is set. 0xB is the option used
for vast majority of DSDT entries in QEMU.
It is a little odd for a device that doesn't really exist and
is simply a hook to tell the OS there is a CEDT table but 0xB
seems a reasonable choice and avoids need to special case
this device in the OS.
Means:
* Device present.
* Device enabled and decoding it's resources.
* Not shown in UI
* Functioning properly
* No battery (on this device!)
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-12-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit d9ae5802f656f6fb53b788747ba557a826b6e740)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4971891b37520c389345531ca66f77eb8f89a1e6
https://github.com/qemu/qemu/commit/4971891b37520c389345531ca66f77eb8f89a1e6
Author: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date: 2024-02-15 (Thu, 15 Feb 2024)
Changed paths:
M tests/data/acpi/q35/DSDT.cxl
M tests/qtest/bios-tables-test-allowed-diff.h
Log Message:
-----------
tests/acpi: Update DSDT.cxl to reflect change _STA return value.
_STA will now return 0xB (in common with most other devices)
rather than not setting the bits to indicate this fake device
has not been enabled, and self tests haven't passed.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240126120132.24248-13-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit b24a981b9f1c4767aaea815e504a2c7aeb405d72)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: rebuild tests/data/acpi/q35/DSDT.cxl for 7.2.x)
Commit: bbeeed7102c9c20565a0bcab8175b0ed3a3327f1
https://github.com/qemu/qemu/commit/bbeeed7102c9c20565a0bcab8175b0ed3a3327f1
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M linux-user/aarch64/target_prctl.h
Log Message:
-----------
linux-user/aarch64: Choose SYNC as the preferred MTE mode
The API does not generate an error for setting ASYNC | SYNC; that merely
constrains the selection vs the per-cpu default. For qemu linux-user,
choose SYNC as the default.
Cc: qemu-stable@nongnu.org
Reported-by: Gustavo Romero <gustavo.romero@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-2-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 681dfc0d552963d4d598350d26097a692900b408)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: a978855bfc8543ab99fb1e0684181ab87fdbbfc5
https://github.com/qemu/qemu/commit/a978855bfc8543ab99fb1e0684181ab87fdbbfc5
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/translate-sve.c
Log Message:
-----------
target/arm: Fix nregs computation in do_{ld,st}_zpa
The field is encoded as [0-3], which is convenient for
indexing our array of function pointers, but the true
value is [1-4]. Adjust before calling do_mem_zpa.
Add an assert, and move the comment re passing ZT to
the helper back next to the relevant code.
Cc: qemu-stable@nongnu.org
Fixes: 206adacfb8d ("target/arm: Add mte helpers for sve scalar + int loads")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 64c6e7444dff64b42d11b836b9aec9acfbe8ecc2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3b0d905812ee81d730c32c1c08b09e43264e87d6
https://github.com/qemu/qemu/commit/3b0d905812ee81d730c32c1c08b09e43264e87d6
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/sme_helper.c
M target/arm/sve_helper.c
Log Message:
-----------
target/arm: Fix SVE/SME gross MTE suppression checks
The TBI and TCMA bits are located within mtedesc, not desc.
Cc: qemu-stable@nongnu.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-id: 20240207025210.8837-7-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 855f94eca80c85a99f459e36684ea2f98f6a3243)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 688450c4a76cedd93e1f464c3e07a573b8add411
https://github.com/qemu/qemu/commit/688450c4a76cedd93e1f464c3e07a573b8add411
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M target/arm/helper.c
Log Message:
-----------
target/arm: Don't get MDCR_EL2 in pmu_counter_enabled() before checking
ARM_FEATURE_PMU
It doesn't make sense to read the value of MDCR_EL2 on a non-A-profile
CPU, and in fact if you try to do it we will assert:
#6 0x00007ffff4b95e96 in __GI___assert_fail
(assertion=0x5555565a8c70 "!arm_feature(env, ARM_FEATURE_M)",
file=0x5555565a6e5c "../../target/arm/helper.c", line=12600,
function=0x5555565a9560 <__PRETTY_FUNCTION__.0> "arm_security_space_below_el3")
at ./assert/assert.c:101
#7 0x0000555555ebf412 in arm_security_space_below_el3 (env=0x555557bc8190) at
../../target/arm/helper.c:12600
#8 0x0000555555ea6f89 in arm_is_el2_enabled (env=0x555557bc8190) at
../../target/arm/cpu.h:2595
#9 0x0000555555ea942f in arm_mdcr_el2_eff (env=0x555557bc8190) at
../../target/arm/internals.h:1512
We might call pmu_counter_enabled() on an M-profile CPU (for example
from the migration pre/post hooks in machine.c); this should always
return false because these CPUs don't set ARM_FEATURE_PMU.
Avoid the assertion by not calling arm_mdcr_el2_eff() before we
have done the early return for "PMU not present".
This fixes an assertion failure if you try to do a loadvm or
savevm for an M-profile board.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2155
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20240208153346.970021-1-peter.maydell@linaro.org
(cherry picked from commit ac1d88e9e7ca0bed83e91e07ce6d0597f10cc77d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: fc39dc294cdf2117d7b41503d3e37960a6302068
https://github.com/qemu/qemu/commit/fc39dc294cdf2117d7b41503d3e37960a6302068
Author: Kevin Wolf <kwolf@redhat.com>
Date: 2024-02-16 (Fri, 16 Feb 2024)
Changed paths:
M tests/qemu-iotests/144
M tests/qemu-iotests/144.out
Log Message:
-----------
iotests: Make 144 deterministic again
Since commit effd60c8 changed how QMP commands are processed, the order
of the block-commit return value and job events in iotests 144 wasn't
fixed and more and caused the test to fail intermittently.
Change the test to cache events first and then print them in a
predefined order.
Waiting three times for JOB_STATUS_CHANGE is a bit uglier than just
waiting for the JOB_STATUS_CHANGE that has "status": "ready", but the
tooling we have doesn't seem to allow the latter easily.
Fixes: effd60c878176bcaf97fa7ce2b12d04bb8ead6f7
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2126
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-id: 20240209173103.239994-1-kwolf@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit cc29c12ec629ba68a4a6cb7d165c94cc8502815a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 14109f63535aa6efcf72ae84cb5beb6a15a58395
https://github.com/qemu/qemu/commit/14109f63535aa6efcf72ae84cb5beb6a15a58395
Author: Xiaoyao Li <xiaoyao.li@intel.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
i386/cpu: Clear FEAT_XSAVE_XSS_LO/HI leafs when CPUID_EXT_XSAVE is not
available
Leaf FEAT_XSAVE_XSS_LO and FEAT_XSAVE_XSS_HI also need to be cleared
when CPUID_EXT_XSAVE is not set.
Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
Message-ID: <20240115091325.1904229-2-xiaoyao.li@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 81f5cad3858f27623b1b14467926032d229b76cc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f18b0189076a1dbf37cfcd4d8e8e60ccc2dccb67
https://github.com/qemu/qemu/commit/f18b0189076a1dbf37cfcd4d8e8e60ccc2dccb67
Author: Xiaoyao Li <xiaoyao.li@intel.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/cpu.c
Log Message:
-----------
i386/cpu: Mask with XCR0/XSS mask for FEAT_XSAVE_XCR0_HI and
FEAT_XSAVE_XSS_HI leafs
The value of FEAT_XSAVE_XCR0_HI leaf and FEAT_XSAVE_XSS_HI leaf also
need to be masked by XCR0 and XSS mask respectively, to make it
logically correct.
Fixes: 301e90675c3f ("target/i386: Enable support for XSAVES based features")
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by: Yang Weijiang <weijiang.yang@intel.com>
Message-ID: <20240115091325.1904229-3-xiaoyao.li@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit a11a365159b944e05be76f3ec3b98c8b38cb70fd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 46f701c44d82e467c2932480811d7f2dc818dee6
https://github.com/qemu/qemu/commit/46f701c44d82e467c2932480811d7f2dc818dee6
Author: Xiaoyao Li <xiaoyao.li@intel.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/kvm/kvm.c
Log Message:
-----------
i386/cpuid: Decrease cpuid_i when skipping CPUID leaf 1F
Existing code misses a decrement of cpuid_i when skip leaf 0x1F.
There's a blank CPUID entry(with leaf, subleaf as 0, and all fields
stuffed 0s) left in the CPUID array.
It conflicts with correct CPUID leaf 0.
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Reviewed-by:Yang Weijiang <weijiang.yang@intel.com>
Message-ID: <20240125024016.2521244-2-xiaoyao.li@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 10f92799af8ba3c3cef2352adcd4780f13fbab31)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3c819d9717956c416b31aed56105190263da6a2d
https://github.com/qemu/qemu/commit/3c819d9717956c416b31aed56105190263da6a2d
Author: Xiaoyao Li <xiaoyao.li@intel.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/kvm/kvm.c
Log Message:
-----------
i386/cpuid: Move leaf 7 to correct group
CPUID leaf 7 was grouped together with SGX leaf 0x12 by commit
b9edbadefb9e ("i386: Propagate SGX CPUID sub-leafs to KVM") by mistake.
SGX leaf 0x12 has its specific logic to check if subleaf (starting from 2)
is valid or not by checking the bit 0:3 of corresponding EAX is 1 or
not.
Leaf 7 follows the logic that EAX of subleaf 0 enumerates the maximum
valid subleaf.
Fixes: b9edbadefb9e ("i386: Propagate SGX CPUID sub-leafs to KVM")
Signed-off-by: Xiaoyao Li <xiaoyao.li@intel.com>
Message-ID: <20240125024016.2521244-4-xiaoyao.li@intel.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 0729857c707535847d7fe31d3d91eb8b2a118e3c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 373c7193dc36c38bf85df3087fd9bc461b1435d2
https://github.com/qemu/qemu/commit/373c7193dc36c38bf85df3087fd9bc461b1435d2
Author: Ziqiao Kong <ziqiaokong@gmail.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M target/i386/tcg/translate.c
Log Message:
-----------
target/i386: Generate an illegal opcode exception on cmp instructions with
lock prefix
target/i386: As specified by Intel Manual Vol2 3-180, cmp instructions
are not allowed to have lock prefix and a `UD` should be raised. Without
this patch, s1->T0 will be uninitialized and used in the case OP_CMPL.
Signed-off-by: Ziqiao Kong <ziqiaokong@gmail.com>
Message-ID: <20240215095015.570748-2-ziqiaokong@gmail.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 99d0dcd7f102c07a510200d768cae65e5db25d23)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7e86bd83fdfbcce90982a53f7156f44190301c2c
https://github.com/qemu/qemu/commit/7e86bd83fdfbcce90982a53f7156f44190301c2c
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/vnc.c
Log Message:
-----------
ui: reject extended clipboard message if not activated
The extended clipboard message protocol requires that the client
activate the extension by requesting a psuedo encoding. If this
is not done, then any extended clipboard messages from the client
should be considered invalid and the client dropped.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240115095119.654271-1-berrange@redhat.com>
(cherry picked from commit 4cba8388968b70fe20e290221dc421c717051fdd)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d8d6e6b9043a09f70d914c81dcdd4f8f62cf55f6
https://github.com/qemu/qemu/commit/d8d6e6b9043a09f70d914c81dcdd4f8f62cf55f6
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/clipboard.c
Log Message:
-----------
ui/clipboard: mark type as not available when there is no data
With VNC, a client can send a non-extended VNC_MSG_CLIENT_CUT_TEXT
message with len=0. In qemu_clipboard_set_data(), the clipboard info
will be updated setting data to NULL (because g_memdup(data, size)
returns NULL when size is 0). If the client does not set the
VNC_ENCODING_CLIPBOARD_EXT feature when setting up the encodings, then
the 'request' callback for the clipboard peer is not initialized.
Later, because data is NULL, qemu_clipboard_request() can be reached
via vdagent_chr_write() and vdagent_clipboard_recv_request() and
there, the clipboard owner's 'request' callback will be attempted to
be called, but that is a NULL pointer.
In particular, this can happen when using the KRDC (22.12.3) VNC
client.
Another scenario leading to the same issue is with two clients (say
noVNC and KRDC):
The noVNC client sets the extension VNC_FEATURE_CLIPBOARD_EXT and
initializes its cbpeer.
The KRDC client does not, but triggers a vnc_client_cut_text() (note
it's not the _ext variant)). There, a new clipboard info with it as
the 'owner' is created and via qemu_clipboard_set_data() is called,
which in turn calls qemu_clipboard_update() with that info.
In qemu_clipboard_update(), the notifier for the noVNC client will be
called, i.e. vnc_clipboard_notify() and also set vs->cbinfo for the
noVNC client. The 'owner' in that clipboard info is the clipboard peer
for the KRDC client, which did not initialize the 'request' function.
That sounds correct to me, it is the owner of that clipboard info.
Then when noVNC sends a VNC_MSG_CLIENT_CUT_TEXT message (it did set
the VNC_FEATURE_CLIPBOARD_EXT feature correctly, so a check for it
passes), that clipboard info is passed to qemu_clipboard_request() and
the original segfault still happens.
Fix the issue by handling updates with size 0 differently. In
particular, mark in the clipboard info that the type is not available.
While at it, switch to g_memdup2(), because g_memdup() is deprecated.
Cc: qemu-stable@nongnu.org
Fixes: CVE-2023-6683
Reported-by: Markus Frank <m.frank@proxmox.com>
Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Markus Frank <m.frank@proxmox.com>
Message-ID: <20240124105749.204610-1-f.ebner@proxmox.com>
(cherry picked from commit 405484b29f6548c7b86549b0f961b906337aa68a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: ee316aafa5f6d4c8fa3ec4e58471e8c02a8696f6
https://github.com/qemu/qemu/commit/ee316aafa5f6d4c8fa3ec4e58471e8c02a8696f6
Author: Fiona Ebner <f.ebner@proxmox.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/clipboard.c
Log Message:
-----------
ui/clipboard: add asserts for update and request
Should an issue like CVE-2023-6683 ever appear again in the future,
it will be more obvious which assumption was violated.
Suggested-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20240124105749.204610-2-f.ebner@proxmox.com>
(cherry picked from commit 9c416582611b7495bdddb4c5456c7acb64b78938)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 086850aa807151364ff6cccdadba77c0860a93b5
https://github.com/qemu/qemu/commit/086850aa807151364ff6cccdadba77c0860a93b5
Author: Tianlan Zhou <bobby825@126.com>
Date: 2024-02-20 (Tue, 20 Feb 2024)
Changed paths:
M ui/console.c
Log Message:
-----------
ui/console: Fix console resize with placeholder surface
In `qemu_console_resize()`, the old surface of the console is keeped if the new
console size is the same as the old one. If the old surface is a placeholder,
and the new size of console is the same as the placeholder surface (640*480),
the surface won't be replace.
In this situation, the surface's `QEMU_PLACEHOLDER_FLAG` flag is still set, so
the console won't be displayed in SDL display mode.
This patch fixes this problem by forcing a new surface if the old one is a
placeholder.
Signed-off-by: Tianlan Zhou <bobby825@126.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20240207172024.8-1-bobby825@126.com>
(cherry picked from commit 95b08fee8f68d284a5028d37fd28be7a70c8e92b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c172136ea3320fa285c39bfb07298bbe1a14ba5e
https://github.com/qemu/qemu/commit/c172136ea3320fa285c39bfb07298bbe1a14ba5e
Author: Marc-André Lureau <marcandre.lureau@redhat.com>
Date: 2024-02-21 (Wed, 21 Feb 2024)
Changed paths:
M ui/meson.build
Log Message:
-----------
meson: ensure dbus-display generated code is built before other units
It's simply by luck that dbus-display header is built first before the
other units using it.
With sourceset, I can't find an easier way out than declaring an extra
dependency for dbus-display1 generate code.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
(cherry picked from commit 1222070e772833c6875e0ca63565db12c22df39e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b3edbda64a6c3f1bff162bd8e724551f7f6a638a
https://github.com/qemu/qemu/commit/b3edbda64a6c3f1bff162bd8e724551f7f6a638a
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-02-21 (Wed, 21 Feb 2024)
Changed paths:
M audio/meson.build
Log Message:
-----------
audio: Depend on dbus_display1_dep
dbusaudio needs dbus_display1_dep.
Fixes: 739362d4205c ("audio: add "dbus" audio backend")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20240214-dbus-v7-1-7eff29f04c34@daynix.com>
(cherry picked from commit d67611907590a1e6c998b7c5a5cb4394acf84329)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup in audio/meson.build due to missing v8.0.0-2306-ga95a464777
"audio: dbus requires pixman")
Commit: 181d92d03419a34f53eedf15517e9ec3200a98b2
https://github.com/qemu/qemu/commit/181d92d03419a34f53eedf15517e9ec3200a98b2
Author: Tianlan Zhou <bobby825@126.com>
Date: 2024-02-22 (Thu, 22 Feb 2024)
Changed paths:
M docs/system/keys.rst.inc
Log Message:
-----------
docs/system: Update description for input grab key
Input grab key should be Ctrl-Alt-g, not just Ctrl-Alt.
Fixes: f8d2c9369b ("sdl: use ctrl-alt-g as grab hotkey")
Signed-off-by: Tianlan Zhou <bobby825@126.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 4a20ac400ff0753f159071764826b20e5320cde9)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7f368bccd6d94b1f841c13b987efac39b7d1d37c
https://github.com/qemu/qemu/commit/7f368bccd6d94b1f841c13b987efac39b7d1d37c
Author: Tianlan Zhou <bobby825@126.com>
Date: 2024-02-22 (Thu, 22 Feb 2024)
Changed paths:
M softmmu/vl.c
Log Message:
-----------
system/vl: Update description for input grab key
Input grab key should be Ctrl-Alt-g, not just Ctrl-Alt.
Fixes: f8d2c9369b ("sdl: use ctrl-alt-g as grab hotkey")
Signed-off-by: Tianlan Zhou <bobby825@126.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(cherry picked from commit 185311130f54ead75c407cdf83004d575829b5d2)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1bdf3f4ba0c961f35eb50bf4fa7a3ad4da716c68
https://github.com/qemu/qemu/commit/1bdf3f4ba0c961f35eb50bf4fa7a3ad4da716c68
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-02-22 (Thu, 22 Feb 2024)
Changed paths:
M .gitlab-ci.d/windows.yml
Log Message:
-----------
.gitlab-ci.d/windows.yml: Drop msys2-32bit job
MSYS2 is dropping support for 32-bit Windows. This shows up for us
as various packages we were using in our CI job no longer being
available to install, which causes the job to fail. In commit
8e31b744fdf we dropped the dependency on libusb and spice, but the
dtc package has also now been removed.
For us as QEMU upstream, "32 bit x86 hosts for system emulation" have
already been deprecated as of QEMU 8.0, so we are ready to drop them
anyway.
Drop the msys2-32bit CI job, as the first step in doing this.
This is cc'd to stable, because this job will also be broken for CI
on the stable branches. We can't drop 32-bit support entirely there,
but we will still be covering at least compilation for 32-bit Windows
via the cross-win32-system job.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20240220165602.135695-1-peter.maydell@linaro.org
(cherry picked from commit 5cd3ae4903e33982e7a9bbd04674af517e796d6e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: in 7.2 the piece being removed is different but the job has to go anyway)
Commit: a15b7df35bf279b1328ee6b7939c8384aa1d364c
https://github.com/qemu/qemu/commit/a15b7df35bf279b1328ee6b7939c8384aa1d364c
Author: Nicholas Piggin <npiggin@gmail.com>
Date: 2024-02-24 (Sat, 24 Feb 2024)
Changed paths:
M target/ppc/translate/vsx-impl.c.inc
Log Message:
-----------
target/ppc: Fix lxv/stxv MSR facility check
The move to decodetree flipped the inequality test for the VEC / VSX
MSR facility check.
This caused application crashes under Linux, where these facility
unavailable interrupts are used for lazy-switching of VEC/VSX register
sets. Getting the incorrect interrupt would result in wrong registers
being loaded, potentially overwriting live values and/or exposing
stale ones.
Cc: qemu-stable@nongnu.org
Reported-by: Joel Stanley <joel@jms.id.au>
Fixes: 70426b5bb738 ("target/ppc: moved stxvx and lxvx from legacy to
decodtree")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1769
Reviewed-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Tested-by: Harsh Prateek Bora <harshpb@linux.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Tested-by: Cédric Le Goater <clg@kaod.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
(cherry picked from commit 2cc0e449d17310877fb28a942d4627ad22bb68ea)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: d3c3bc7a9c9700a9dfcaa3266ea830d73744fa9d
https://github.com/qemu/qemu/commit/d3c3bc7a9c9700a9dfcaa3266ea830d73744fa9d
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: fix invalid endian conversion
numcntl is one byte and so is max_vfs. Using cpu_to_le16 on big endian
hosts results in numcntl being set to 0.
Fix by dropping the endian conversion.
Fixes: 99f48ae7ae ("hw/nvme: Add support for Secondary Controller List")
Reported-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Minwoo Im <minwoo.im@samsung.com>
Message-ID: <20240222-fix-sriov-numcntl-v1-1-d60bea5e72d0@samsung.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit d2b5bb860e6c17442ad95cc275feb07c1665be5c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 77f7beb8cfe6266a5823737028809f749be608f3
https://github.com/qemu/qemu/commit/77f7beb8cfe6266a5823737028809f749be608f3
Author: Jessica Clarke <jrtc27@jrtc27.com>
Date: 2024-02-27 (Tue, 27 Feb 2024)
Changed paths:
M hw/rtc/pl031.c
Log Message:
-----------
pl031: Update last RTCLR value on write in case it's read back
The PL031 allows you to read RTCLR, which is meant to give you the last
value written. PL031State has an lr field which is used when reading
from RTCLR, and is present in the VM migration state, but we never
actually update it, so it always reads as its initial 0 value.
Cc: qemu-stable@nongnu.org
Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20240222000341.1562443-1-jrtc27@jrtc27.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 4d28d57c9f2eb1cdf70b29cea6e50282e010075b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 6156ca0da12c545cf6be0a964ebdac4b8eb50f2b
https://github.com/qemu/qemu/commit/6156ca0da12c545cf6be0a964ebdac4b8eb50f2b
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M target/i386/tcg/sysemu/excp_helper.c
Log Message:
-----------
target/i386: mask high bits of CR3 in 32-bit mode
CR3 bits 63:32 are ignored in 32-bit mode (either legacy 2-level
paging or PAE paging). Do this in mmu_translate() to remove
the last where get_physical_address() meaningfully drops the high
bits of the address.
Cc: qemu-stable@nongnu.org
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates",
2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 68fb78d7d5723066ec2cacee7d25d67a4143b42f)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5eba614159d17a6916f33ff9a088e8fb230181c2
https://github.com/qemu/qemu/commit/5eba614159d17a6916f33ff9a088e8fb230181c2
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M target/i386/tcg/sysemu/misc_helper.c
M target/i386/tcg/sysemu/svm_helper.c
Log Message:
-----------
target/i386: check validity of VMCB addresses
MSR_VM_HSAVE_PA bits 0-11 are reserved, as are the bits above the
maximum physical address width of the processor. Setting them to
1 causes a #GP (see "15.30.4 VM_HSAVE_PA MSR" in the AMD manual).
The same is true of VMCB addresses passed to VMRUN/VMLOAD/VMSAVE,
even though the manual is not clear on that.
Cc: qemu-stable@nongnu.org
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates",
2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit d09c79010ffd880dc69e7a21e3cfdef90b928fb8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1c15f97b4f1957e75f1ef6638ca6772d21f86ec4
https://github.com/qemu/qemu/commit/1c15f97b4f1957e75f1ef6638ca6772d21f86ec4
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M target/i386/cpu.h
M target/i386/tcg/sysemu/excp_helper.c
Log Message:
-----------
target/i386: Fix physical address truncation
The address translation logic in get_physical_address() will currently
truncate physical addresses to 32 bits unless long mode is enabled.
This is incorrect when using physical address extensions (PAE) outside
of long mode, with the result that a 32-bit operating system using PAE
to access memory above 4G will experience undefined behaviour.
The truncation code was originally introduced in commit 33dfdb5 ("x86:
only allow real mode to access 32bit without LMA"), where it applied
only to translations performed while paging is disabled (and so cannot
affect guests using PAE).
Commit 9828198 ("target/i386: Add MMU_PHYS_IDX and MMU_NESTED_IDX")
rearranged the code such that the truncation also applied to the use
of MMU_PHYS_IDX and MMU_NESTED_IDX. Commit 4a1e9d4 ("target/i386: Use
atomic operations for pte updates") brought this truncation into scope
for page table entry accesses, and is the first commit for which a
Windows 10 32-bit guest will reliably fail to boot if memory above 4G
is present.
The truncation code however is not completely redundant. Even though the
maximum address size for any executed instruction is 32 bits, helpers for
operations such as BOUND, FSAVE or XSAVE may ask get_physical_address()
to translate an address outside of the 32-bit range, if invoked with an
argument that is close to the 4G boundary. Likewise for processor
accesses, for example TSS or IDT accesses, when EFER.LMA==0.
So, move the address truncation in get_physical_address() so that it
applies to 32-bit MMU indexes, but not to MMU_PHYS_IDX and MMU_NESTED_IDX.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2040
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates",
2022-10-18)
Cc: qemu-stable@nongnu.org
Co-developed-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Michael Brown <mcb30@ipxe.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b1661801c184119a10ad6cbc3b80330fc22e7b2c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: drop unrelated change in target/i386/cpu.c)
Commit: 91ad0d26e1e8e780a2b5c2d464c1f05ef2a7f7f5
https://github.com/qemu/qemu/commit/91ad0d26e1e8e780a2b5c2d464c1f05ef2a7f7f5
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M target/i386/tcg/sysemu/excp_helper.c
Log Message:
-----------
target/i386: remove unnecessary/wrong application of the A20 mask
If ptw_translate() does a MMU_PHYS_IDX access, the A20 mask is already
applied in get_physical_address(), which is called via probe_access_full()
and x86_cpu_tlb_fill().
If ptw_translate() on the other hand does a MMU_NESTED_IDX access,
the A20 mask must not be applied to the address that is looked up in
the nested page tables; it must be applied only to the addresses that
hold the NPT entries (which is achieved via MMU_PHYS_IDX, per the
previous paragraph).
Therefore, we can remove A20 masking from the computation of the page
table entry's address, and let get_physical_address() or mmu_translate()
apply it when they know they are returning a host-physical address.
Cc: qemu-stable@nongnu.org
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates",
2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit a28fe7dc1939333c81b895cdced81c69eb7c5ad0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 1165d9601def8120c4b5c9f10b7fb28f28e77135
https://github.com/qemu/qemu/commit/1165d9601def8120c4b5c9f10b7fb28f28e77135
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M target/i386/tcg/sysemu/excp_helper.c
Log Message:
-----------
target/i386: leave the A20 bit set in the final NPT walk
The A20 mask is only applied to the final memory access. Nested
page tables are always walked with the raw guest-physical address.
Unlike the previous patch, in this one the masking must be kept, but
it was done too early.
Cc: qemu-stable@nongnu.org
Fixes: 4a1e9d4d11c ("target/i386: Use atomic operations for pte updates",
2022-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit b5a9de3259f4c791bde2faff086dd5737625e41e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2bd4d27aa5c45f67437545789c9f7a4976f58853
https://github.com/qemu/qemu/commit/2bd4d27aa5c45f67437545789c9f7a4976f58853
Author: Alex Bennée <alex.bennee@linaro.org>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M tests/vm/openbsd
Log Message:
-----------
tests/vm: update openbsd image to 7.4
The old links are dead so even if we have the ISO cached we can't
finish the install. Update to the current stable and tweak the install
strings.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2192
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-5-alex.bennee@linaro.org>
(cherry picked from commit 8467ac75b3b7207a49a1c6c7b87f0f7d2d0cea18)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4934f922ac7eaa12cb340a9abeaa6b819332235f
https://github.com/qemu/qemu/commit/4934f922ac7eaa12cb340a9abeaa6b819332235f
Author: Alex Bennée <alex.bennee@linaro.org>
Date: 2024-02-28 (Wed, 28 Feb 2024)
Changed paths:
M tests/vm/Makefile.include
M tests/vm/basevm.py
Log Message:
-----------
tests/vm: avoid re-building the VM images all the time
The main problem is that "check-venv" is a .PHONY target will always
evaluate and trigger a full re-build of the VM images. While its
tempting to drop it from the dependencies that does introduce a
breakage on freshly configured builds.
Fortunately we do have the otherwise redundant --force flag for the
script which up until now was always on. If we make the usage of
--force conditional on dependencies other than check-venv triggering
the update we can avoid the costly rebuild and still run cleanly on a
fresh checkout.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2118
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240227144335.1196131-4-alex.bennee@linaro.org>
(cherry picked from commit 151b7dba391fab64cc008a1fdba6ddcf6f8c39c8)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 9b89d02d8b44c259f2ed7b089c7c3489f19e41c7
https://github.com/qemu/qemu/commit/9b89d02d8b44c259f2ed7b089c7c3489f19e41c7
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-02-29 (Thu, 29 Feb 2024)
Changed paths:
M .gitlab-ci.d/cirrus/build.yml
Log Message:
-----------
gitlab: force allow use of pip in Cirrus jobs
Python is transitioning to a world where you're not allowed to use 'pip
install' outside of a virutal env by default. The rationale is to stop
use of pip clashing with distro provided python packages, which creates
a major headache on distro upgrades.
All our CI environments, however, are 100% disposable so the upgrade
headaches don't exist. Thus we can undo the python defaults to allow
pip to work.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Thomas Huth <thuth@redhat.com>
Message-id: 20240222114038.2348718-1-berrange@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit a8bf9de2f4f398315ac5340e4b88c478d5457731)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8dd9165e7c0bf5e108d443b73a36cb602982bd62
https://github.com/qemu/qemu/commit/8dd9165e7c0bf5e108d443b73a36cb602982bd62
Author: Benjamin David Lunt <benlunt@fysnet.net>
Date: 2024-03-01 (Fri, 01 Mar 2024)
Changed paths:
M hw/usb/bus.c
Log Message:
-----------
hw/usb/bus.c: PCAP adding 0xA in Windows version
Since Windows text files use CRLFs for all \n, the Windows version of QEMU
inserts a CR in the PCAP stream when a LF is encountered when using USB PCAP
files. This is due to the fact that the PCAP file is opened as TEXT instead
of BINARY.
To show an example, when using a very common protocol to USB disks, the BBB
protocol uses a 10-byte command packet. For example, the READ_CAPACITY(10)
command will have a command block length of 10 (0xA). When this 10-byte
command (part of the 31-byte CBW) is placed into the PCAP file, the Windows
file manager inserts a 0xD before the 0xA, turning the 31-byte CBW into a
32-byte CBW.
Actual CBW:
0040 55 53 42 43 01 00 00 00 08 00 00 00 80 00 0a 25 USBC...........%
0050 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ...............
PCAP CBW
0040 55 53 42 43 01 00 00 00 08 00 00 00 80 00 0d 0a USBC............
0050 25 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 %..............
I believe simply opening the PCAP file as BINARY instead of TEXT will fix
this issue.
Resolves: https://bugs.launchpad.net/qemu/+bug/2054889
Signed-off-by: Benjamin David Lunt <benlunt@fysnet.net>
Message-ID: <000101da6823$ce1bbf80$6a533e80$@fysnet.net>
[thuth: Break long line to avoid checkpatch.pl error]
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit 5e02a4fdebc442e34c5bb05e4540f85cc6e802f0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 72e2a246385c0162df948824f1cc19e0b37548e9
https://github.com/qemu/qemu/commit/72e2a246385c0162df948824f1cc19e0b37548e9
Author: Thomas Huth <thuth@redhat.com>
Date: 2024-03-01 (Fri, 01 Mar 2024)
Changed paths:
M tests/unit/test-util-sockets.c
Log Message:
-----------
tests/unit/test-util-sockets: Remove temporary file after test
test-util-sockets leaves the temporary socket files around in the
temporary files folder. Let's better remove them at the end of the
testing.
Fixes: 4d3a329af5 ("tests/util-sockets: add abstract unix socket cases")
Message-ID: <20240226082728.249753-1-thuth@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit f0cb6828ae34fb56fbb869bb3147a636d1c984ce)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 73bf928177b6e3c894de9fe3796161219a4e1412
https://github.com/qemu/qemu/commit/73bf928177b6e3c894de9fe3796161219a4e1412
Author: Eric Auger <eric.auger@redhat.com>
Date: 2024-03-01 (Fri, 01 Mar 2024)
Changed paths:
M tests/unit/test-vmstate.c
Log Message:
-----------
test-vmstate: fix bad GTree usage, use-after-free
According to g_tree_foreach() documentation:
"The tree may not be modified while iterating over it (you can't
add/remove items)."
compare_trees()/diff_tree() fail to respect this rule.
Historically GLib2 used a slice allocator for the GTree APIs
which did not immediately release the memory back to the system
allocator. As a result QEMU's use-after-free bug was not visible.
With GLib > 2.75.3 however, GLib2 has switched to using malloc
and now a SIGSEGV can be observed while running test-vmstate.
Get rid of the node removal within the tree traversal. Also
check the trees have the same number of nodes before the actual
diff.
Fixes: 9a85e4b8f6 ("migration: Support gtree migration")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1518
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Juan Quintela <quintela@redhat.com>
(cherry picked from commit abe2c4bdb65e8dd9cb2f01c355baa394bf49a8af)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b0ed25ee07a0d6e427b3b22629ee1f3e9af7f304
https://github.com/qemu/qemu/commit/b0ed25ee07a0d6e427b3b22629ee1f3e9af7f304
Author: Thomas Huth <thuth@redhat.com>
Date: 2024-03-01 (Fri, 01 Mar 2024)
Changed paths:
M tests/qtest/display-vga-test.c
Log Message:
-----------
tests/qtest/display-vga-test: Add proper checks if a device is available
display-vga-test currently tries to guess the usable VGA devices
according to the target architecture that is used for the test.
This of course does not work if QEMU has been built with the
"--without-default-devices" configure switch. To fix this, use the
qtest_has_device() function for the decision instead. This way
we can also consolidate most of the test functions into one single
function (that takes a parameter with the device name now), except
for the multihead test that tries to instantiate two devices and
thus is a little bit different.
Message-Id: <20230130104446.1286773-4-thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit f2e57851b831922625f9d364d78c11a0258331a6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 90b1b8e0d6c41d3806d98542c6e14697d534adf5
https://github.com/qemu/qemu/commit/90b1b8e0d6c41d3806d98542c6e14697d534adf5
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-03-01 (Fri, 01 Mar 2024)
Changed paths:
M tests/unit/test-blockjob.c
Log Message:
-----------
tests/unit/test-blockjob: Disable complete_in_standby test
The blockjob/complete_in_standby test is flaky and fails
intermittently in CI:
172/621 qemu:unit / test-blockjob
ERROR 0.26s killed by signal 6 SIGABRT
11:03:46 MALLOC_PERTURB_=176
G_TEST_SRCDIR=/Users/pm215/src/qemu-for-merges/tests/unit
G_TEST_BUILDDIR=/Users/pm215/src/qemu-for-merges/build/all/tests/unit
/Users/pm215/src/qemu-for-merges/build/all/tests/unit/test-blockjob
--tap -k
----------------------------------- output -----------------------------------
stdout:
# random seed: R02S8c79d6e1c01ce0b25475b2210a253242
1..9
# Start of blockjob tests
ok 1 /blockjob/ids
stderr:
Assertion failed: (job->status == JOB_STATUS_STANDBY), function
test_complete_in_standby, file ../../tests/unit/test-blockjob.c, line
499.
Seen on macOS/x86_64, FreeBSD 13/x86_64, msys2-64bit, eg:
https://gitlab.com/qemu-project/qemu/-/jobs/3872508803
https://gitlab.com/qemu-project/qemu/-/jobs/3950667240
Disable this subtest until somebody has time to investigate.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230317143534.1481947-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
(cherry picked from commit b6903cbe3a2e3feb7204636209b5607e70fee998)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0ee0f9d8227ee6467807c4e9e549c0e166164dcb
https://github.com/qemu/qemu/commit/0ee0f9d8227ee6467807c4e9e549c0e166164dcb
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2024-03-01 (Fri, 01 Mar 2024)
Changed paths:
M hw/i386/sgx-stub.c
Log Message:
-----------
target/i386: the sgx_epc_get_section stub is reachable
The sgx_epc_get_section stub is reachable from cpu_x86_cpuid. It
should not assert, instead it should just return true just like
the "real" sgx_epc_get_section does when SGX is disabled.
Reported-by: Vladimír Beneš <vbenes@redhat.com>
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <20220201190941.106001-1-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 219615740425d9683588207b40a365e6741691a6)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: eee83fae9d31efb4e1698c07c6de6bf564f363f6
https://github.com/qemu/qemu/commit/eee83fae9d31efb4e1698c07c6de6bf564f363f6
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: 2024-03-04 (Mon, 04 Mar 2024)
Changed paths:
M VERSION
Log Message:
-----------
Update version for 7.2.10 release
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/0c918cb0abd1...eee83fae9d31
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] 18c776: migration: Fix use-after-free of migration state o...,
Alex Bennée <=