[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Qemu-commits] [qemu/qemu] eae750: Revert "configure: run plugin TCG tes
|
From: |
Alex Bennée |
|
Subject: |
[Qemu-commits] [qemu/qemu] eae750: Revert "configure: run plugin TCG tests again" |
|
Date: |
Wed, 13 Mar 2024 13:43:16 -0700 |
Branch: refs/heads/staging-8.2
Home: https://github.com/qemu/qemu
Commit: eae7509be97fc3e9b5930187a9386dec5361e128
https://github.com/qemu/qemu/commit/eae7509be97fc3e9b5930187a9386dec5361e128
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: 2024-03-05 (Tue, 05 Mar 2024)
Changed paths:
M configure
Log Message:
-----------
Revert "configure: run plugin TCG tests again"
This reverts commit 6eeeb8733177db7bc23fb2e7271dea759b47e4f9.
This commit has been wrongly back-ported to 8.2.x, $config_host_mak
in master didn't include the tests/tcg/ prefix, while 8.2.0 did it.
The result of this "backport" is this message during configure:
../configure: 1679: cannot create tests/tcg/tests/tcg/config-host.mak:
Directory nonexistent
Let's revert the change and try again.
Cc: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 16f1f95ebd7de82a49d07e0377c36c48f40b194d
https://github.com/qemu/qemu/commit/16f1f95ebd7de82a49d07e0377c36c48f40b194d
Author: Paolo Bonzini <pbonzini@redhat.com>
Date: 2024-03-05 (Tue, 05 Mar 2024)
Changed paths:
M configure
Log Message:
-----------
configure: run plugin TCG tests again
Commit 39fb3cfc28b ("configure: clean up plugin option handling", 2023-10-18)
dropped the CONFIG_PLUGIN line from tests/tcg/config-host.mak, due to confusion
caused by the shadowing of $config_host_mak. However, TCG tests were still
expecting it. Oops.
Put it back, in the meanwhile the shadowing is gone so it's clear that it goes
in the tests/tcg configuration.
Cc: <alex.bennee@linaro.org>
Fixes: 39fb3cfc28b ("configure: clean up plugin option handling", 2023-10-18)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20240124115332.612162-1-pbonzini@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20240207163812.3231697-4-alex.bennee@linaro.org>
(cherry picked from commit 15cc103362499bd94c5aec5fa66543d0de3bf4b5)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
(Mjt: fixup for 8.2.x - $config_host_mak without tests/tcg/ prefix -
for before v8.2.0-142-g606c3ba7a2 "configure: remove unnecessary subshell")
Commit: 151d593c7d276bdc888956bc3eae50f757b3d0bd
https://github.com/qemu/qemu/commit/151d593c7d276bdc888956bc3eae50f757b3d0bd
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-03-05 (Tue, 05 Mar 2024)
Changed paths:
M tcg/aarch64/tcg-target.h
Log Message:
-----------
tcg/aarch64: Apple does not align __int128_t in even registers
>From
>https://developer.apple.com/documentation/xcode/writing-arm64-code-for-apple-platforms
When passing an argument with 16-byte alignment in integer registers,
Apple platforms allow the argument to start in an odd-numbered xN
register. The standard ABI requires it to begin in an even-numbered
xN register.
Cc: qemu-stable@nongnu.org
Fixes: 5427a9a7604 ("tcg: Add TCG_TARGET_CALL_{RET,ARG}_I128")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2169
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <9fc0c2c7-dd57-459e-aecb-528edb74b4a7@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit 7f89fdf8ebe6ef8df48f0a05f44e1020c713a94e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 420a8d873512c313f2122618b37c9668c420f65a
https://github.com/qemu/qemu/commit/420a8d873512c313f2122618b37c9668c420f65a
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-03-05 (Tue, 05 Mar 2024)
Changed paths:
M linux-user/elfload.c
Log Message:
-----------
linux-user: Remove pgb_dynamic alignment assertion
The assertion was never correct, because the alignment is a composite
of the image alignment and SHMLBA. Even if the image alignment didn't
match the image address, an assertion would not be correct -- more
appropriate would be an error message about an ill formed image. But
the image cannot be held to SHMLBA under any circumstances.
Fixes: ee94743034b ("linux-user: completely re-write init_guest_space")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2157
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reported-by: Alexey Sheplyakov <asheplyakov@yandex.ru>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit b816e1b5ba58a986b10cd830d6617f351979ab91)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 94b544f12764bab6ca3f548ed760a360e962a0a1
https://github.com/qemu/qemu/commit/94b544f12764bab6ca3f548ed760a360e962a0a1
Author: Daniel P. Berrangé <berrange@redhat.com>
Date: 2024-03-05 (Tue, 05 Mar 2024)
Changed paths:
M .gitlab-ci.d/cirrus.yml
Log Message:
-----------
gitlab: update FreeBSD Cirrus CI image to 13.3
The 13.2 images have been deleted from gcloud
Cc: qemu-stable@nongnu.org
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20240304144456.3825935-3-berrange@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit 9ea920dc28254cd9a363aaef01985dffd8abedd7)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 81c0ebf1072edb5f497aa1c7b49e2cdf4cb05c42
https://github.com/qemu/qemu/commit/81c0ebf1072edb5f497aa1c7b49e2cdf4cb05c42
Author: David Parsons <dave@daveparsons.net>
Date: 2024-03-09 (Sat, 09 Mar 2024)
Changed paths:
M ui/cocoa.m
Log Message:
-----------
ui/cocoa: Fix window clipping on macOS 14
macOS Sonoma changes the NSView.clipsToBounds to false by default
where it was true in earlier version of macOS. This causes the window
contents to be occluded by the frame at the top of the window. This
fixes the issue by conditionally compiling the clipping on Sonoma to
true. NSView only exposes the clipToBounds in macOS 14 and so has
to be fixed via conditional compilation.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1994
Signed-off-by: David Parsons <dave@daveparsons.net>
Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-ID: <20240224140620.39200-1-dave@daveparsons.net>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
(cherry picked from commit f5af80271aad356233b2bea2369b3b2211fa395d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: f0ae5d6d5f80fe324176c9a7c382410087dfb504
https://github.com/qemu/qemu/commit/f0ae5d6d5f80fe324176c9a7c382410087dfb504
Author: Richard Henderson <richard.henderson@linaro.org>
Date: 2024-03-09 (Sat, 09 Mar 2024)
Changed paths:
M target/arm/tcg/sme_helper.c
M tests/tcg/aarch64/Makefile.target
A tests/tcg/aarch64/sme-smopa-1.c
A tests/tcg/aarch64/sme-smopa-2.c
Log Message:
-----------
target/arm: Fix 32-bit SMOPA
While the 8-bit input elements are sequential in the input vector,
the 32-bit output elements are not sequential in the output matrix.
Do not attempt to compute 2 32-bit outputs at the same time.
Cc: qemu-stable@nongnu.org
Fixes: 23a5e3859f5 ("target/arm: Implement SME integer outer product")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2083
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20240305163931.242795-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit d572bcb222010b38b382871a23b2f38e2c3f4d2d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 4db93405e5a99fde1ec9c91f86510b12858f92d8
https://github.com/qemu/qemu/commit/4db93405e5a99fde1ec9c91f86510b12858f92d8
Author: Peter Maydell <peter.maydell@linaro.org>
Date: 2024-03-09 (Sat, 09 Mar 2024)
Changed paths:
M hw/rtc/sun4v-rtc.c
M include/hw/rtc/sun4v-rtc.h
Log Message:
-----------
hw/rtc/sun4v-rtc: Relicense to GPLv2-or-later
The sun4v RTC device model added under commit a0e893039cf2ce0 in 2016
was unfortunately added with a license of GPL-v3-or-later, which is
not compatible with other QEMU code which has a GPL-v2-only license.
Relicense the code in the .c and the .h file to GPL-v2-or-later,
to make it compatible with the rest of QEMU.
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini (for Red Hat) <pbonzini@redhat.com>
Signed-off-by: Artyom Tarasenko <atar4qemu@gmail.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20240223161300.938542-1-peter.maydell@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
(cherry picked from commit fd7f95f23d6fe485332c1d4b489eb719fcb7c225)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5dc46b3ff8d178a3498b6ad8b42ee8f93681e0e8
https://github.com/qemu/qemu/commit/5dc46b3ff8d178a3498b6ad8b42ee8f93681e0e8
Author: Dmitrii Gavrilov <ds-gavr@yandex-team.ru>
Date: 2024-03-10 (Sun, 10 Mar 2024)
Changed paths:
M system/qdev-monitor.c
Log Message:
-----------
system/qdev-monitor: move drain_call_rcu call under if (!dev) in
qmp_device_add()
Original goal of addition of drain_call_rcu to qmp_device_add was to cover
the failure case of qdev_device_add. It seems call of drain_call_rcu was
misplaced in 7bed89958bfbf40df what led to waiting for pending RCU callbacks
under happy path too. What led to overall performance degradation of
qmp_device_add.
In this patch call of drain_call_rcu moved under handling of failure of
qdev_device_add.
Signed-off-by: Dmitrii Gavrilov <ds-gavr@yandex-team.ru>
Message-ID: <20231103105602.90475-1-ds-gavr@yandex-team.ru>
Fixes: 7bed89958bf ("device_core: use drain_call_rcu in in qmp_device_add",
2020-10-12)
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 012b170173bcaa14b9bc26209e0813311ac78489)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 37a8b9205f1a6fef0893d5b5c62178ea2a6bfde3
https://github.com/qemu/qemu/commit/37a8b9205f1a6fef0893d5b5c62178ea2a6bfde3
Author: Sven Schnelle <svens@stackframe.org>
Date: 2024-03-10 (Sun, 10 Mar 2024)
Changed paths:
M hw/scsi/lsi53c895a.c
Log Message:
-----------
hw/scsi/lsi53c895a: stop script on phase mismatch
Netbsd isn't happy with qemu lsi53c895a emulation:
cd0(esiop0:0:2:0): command with tag id 0 reset
esiop0: autoconfiguration error: phase mismatch without command
esiop0: autoconfiguration error: unhandled scsi interrupt, sist=0x80 sstat1=0x0
DSA=0x23a64b1 DSP=0x50
This is because lsi_bad_phase() triggers a phase mismatch, which
stops SCRIPT processing. However, after returning to
lsi_command_complete(), SCRIPT is restarted with lsi_resume_script().
Fix this by adding a return value to lsi_bad_phase(), and only resume
script processing when lsi_bad_phase() didn't trigger a host interrupt.
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Tested-by: Helge Deller <deller@gmx.de>
Message-ID: <20240302214453.2071388-1-svens@stackframe.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit a9198b3132d81a6bfc9fdbf6f3d3a514c2864674)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 5ae5473e2e53e0d263da8c0612a8afe5e866d524
https://github.com/qemu/qemu/commit/5ae5473e2e53e0d263da8c0612a8afe5e866d524
Author: Sven Schnelle <svens@stackframe.org>
Date: 2024-03-10 (Sun, 10 Mar 2024)
Changed paths:
M hw/scsi/lsi53c895a.c
M hw/scsi/trace-events
Log Message:
-----------
hw/scsi/lsi53c895a: add timer to scripts processing
HP-UX 10.20 seems to make the lsi53c895a spinning on a memory location
under certain circumstances. As the SCSI controller and CPU are not
running at the same time this loop will never finish. After some
time, the check loop interrupts with a unexpected device disconnect.
This works, but is slow because the kernel resets the scsi controller.
Instead of signaling UDC, start a timer and exit the loop. Until the
timer fires, the CPU can process instructions which might changes the
memory location.
The limit of instructions is also reduced because scripts running on
the SCSI processor are usually very short. This keeps the time until
the loop is exit short.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Sven Schnelle <svens@stackframe.org>
Message-ID: <20240229204407.1699260-1-svens@stackframe.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
(cherry picked from commit 9876359990dd4c8a48de65cf5e1c3d13e96a7f4e)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 8f1eb52422b2a15c2630b7b457e36a3be98e7ac3
https://github.com/qemu/qemu/commit/8f1eb52422b2a15c2630b7b457e36a3be98e7ac3
Author: Michael Tokarev <mjt@tls.msk.ru>
Date: 2024-03-10 (Sun, 10 Mar 2024)
Changed paths:
M scripts/make-release
Log Message:
-----------
make-release: switch to .xz format by default
For a long time, we provide two compression formats in the
download area, .bz2 and .xz. There's absolutely no reason
to provide two in parallel, .xz compresses better, and all
the links we use points to .xz. Downstream distributions
mostly use .xz too.
For the release maintenance providing two formats is definitely
extra burden too.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
(cherry picked from commit 9bc9e95119445d7a430b0fc8b7daf22a3612bbd3)
Commit: 6ad78a085ed3bea838b741f8137d4193b44fb3dc
https://github.com/qemu/qemu/commit/6ad78a085ed3bea838b741f8137d4193b44fb3dc
Author: Yu Zhang <yu.zhang@ionos.com>
Date: 2024-03-12 (Tue, 12 Mar 2024)
Changed paths:
M migration/rdma.c
Log Message:
-----------
migration/rdma: Fix a memory issue for migration
In commit 3fa9642ff7 change was made to convert the RDMA backend to
accept MigrateAddress struct. However, the assignment of "host" leads
to data corruption on the target host and the failure of migration.
isock->host = rdma->host;
By allocating the memory explicitly for it with g_strdup_printf(), the
issue is fixed and the migration doesn't fail any more.
Fixes: 3fa9642ff7 ("migration: convert rdma backend to accept MigrateAddress")
Cc: qemu-stable <qemu-stable@nongnu.org>
Cc: Li Zhijian <lizhijian@fujitsu.com>
Link:
https://lore.kernel.org/r/CAHEcVy4L_D6tuhJ8h=xLR4WaPaprJE3nnxZAEyUnoTrxQ6CF5w@mail.gmail.com
Signed-off-by: Yu Zhang <yu.zhang@ionos.com>
[peterx: use g_strdup() instead of g_strdup_printf(), per Zhijian]
Signed-off-by: Peter Xu <peterx@redhat.com>
(cherry picked from commit 69f7b00d057f8832a841a53d5ee31eb303157398)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: c440c89ecb1e34952acea8c106f9eadfba9125f1
https://github.com/qemu/qemu/commit/c440c89ecb1e34952acea8c106f9eadfba9125f1
Author: Laurent Vivier <lvivier@redhat.com>
Date: 2024-03-12 (Tue, 12 Mar 2024)
Changed paths:
M hw/net/igb_core.c
M hw/net/igb_core.h
Log Message:
-----------
igb: fix link state on resume
On resume igb_vm_state_change() always calls igb_autoneg_resume()
that sets link_down to false, and thus activates the link even
if we have disabled it.
The problem can be reproduced starting qemu in paused state (-S) and
then set the link to down. When we resume the machine the link appears
to be up.
Reproducer:
# qemu-system-x86_64 ... -device igb,netdev=netdev0,id=net0 -S
{"execute": "qmp_capabilities" }
{"execute": "set_link", "arguments": {"name": "net0", "up": false}}
{"execute": "cont" }
To fix the problem, merge the content of igb_vm_state_change()
into igb_core_post_load() as e1000 does.
Buglink: https://issues.redhat.com/browse/RHEL-21867
Fixes: 3a977deebe6b ("Intrdocue igb device emulation")
Cc: akihiko.odaki@daynix.com
Suggested-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 65c2ab808571dcd9322020690a63df63281a67f0)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 0ba8be81f8ff9aaf7388015b16295fe1c7290c56
https://github.com/qemu/qemu/commit/0ba8be81f8ff9aaf7388015b16295fe1c7290c56
Author: Laurent Vivier <lvivier@redhat.com>
Date: 2024-03-12 (Tue, 12 Mar 2024)
Changed paths:
M hw/net/e1000e_core.c
M hw/net/e1000e_core.h
Log Message:
-----------
e1000e: fix link state on resume
On resume e1000e_vm_state_change() always calls e1000e_autoneg_resume()
that sets link_down to false, and thus activates the link even
if we have disabled it.
The problem can be reproduced starting qemu in paused state (-S) and
then set the link to down. When we resume the machine the link appears
to be up.
Reproducer:
# qemu-system-x86_64 ... -device e1000e,netdev=netdev0,id=net0 -S
{"execute": "qmp_capabilities" }
{"execute": "set_link", "arguments": {"name": "net0", "up": false}}
{"execute": "cont" }
To fix the problem, merge the content of e1000e_vm_state_change()
into e1000e_core_post_load() as e1000 does.
Buglink: https://issues.redhat.com/browse/RHEL-21867
Fixes: 6f3fbe4ed06a ("net: Introduce e1000e device emulation")
Suggested-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 4cadf10234989861398e19f3bb441d3861f3bb7c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 31e20693eaf454460f47652bfe678fe90cf92432
https://github.com/qemu/qemu/commit/31e20693eaf454460f47652bfe678fe90cf92432
Author: Nick Briggs <nicholas.h.briggs@gmail.com>
Date: 2024-03-12 (Tue, 12 Mar 2024)
Changed paths:
M hw/net/pcnet.c
Log Message:
-----------
Avoid unaligned fetch in ladr_match()
There is no guarantee that the PCNetState is allocated such that
csr[8] is allocated on an 8-byte boundary. Since not all hosts are
capable of unaligned fetches the 16-bit elements need to be fetched
individually to avoid a potential fault. Closes issue #2143
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2143
Signed-off-by: Nick Briggs <nicholas.h.briggs@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
(cherry picked from commit 6a5287ce80470bb8df95901d73ee779a64e70c3a)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 35ca0f7cbc1c541d0efcc9e41c6405200087e857
https://github.com/qemu/qemu/commit/35ca0f7cbc1c541d0efcc9e41c6405200087e857
Author: Peng Fan <peng.fan@nxp.com>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/xen/xen-mapcache.c
Log Message:
-----------
xen: Drop out of coroutine context xen_invalidate_map_cache_entry
xen_invalidate_map_cache_entry is not expected to run in a
coroutine. Without this, there is crash:
signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
threadid=<optimized out>) at pthread_kill.c:78
at /usr/src/debug/glibc/2.38+git-r0/sysdeps/posix/raise.c:26
fmt=0xffff9e1ca8a8 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n",
assertion=assertion@entry=0xaaaae0d25740 "!qemu_in_coroutine()",
file=file@entry=0xaaaae0d301a8 "../qemu-xen-dir-remote/block/graph-lock.c",
line=line@entry=260,
function=function@entry=0xaaaae0e522c0 <__PRETTY_FUNCTION__.3>
"bdrv_graph_rdlock_main_loop") at assert.c:92
assertion=assertion@entry=0xaaaae0d25740 "!qemu_in_coroutine()",
file=file@entry=0xaaaae0d301a8 "../qemu-xen-dir-remote/block/graph-lock.c",
line=line@entry=260,
function=function@entry=0xaaaae0e522c0 <__PRETTY_FUNCTION__.3>
"bdrv_graph_rdlock_main_loop") at assert.c:101
at ../qemu-xen-dir-remote/block/graph-lock.c:260
at
/home/Freenix/work/sw-stash/xen/upstream/tools/qemu-xen-dir-remote/include/block/graph-lock.h:259
host=host@entry=0xffff742c8000, size=size@entry=2097152)
at ../qemu-xen-dir-remote/block/io.c:3362
host=0xffff742c8000, size=2097152)
at ../qemu-xen-dir-remote/block/block-backend.c:2859
host=<optimized out>, size=<optimized out>, max_size=<optimized out>)
at ../qemu-xen-dir-remote/block/block-ram-registrar.c:33
size=2097152, max_size=2097152)
at ../qemu-xen-dir-remote/hw/core/numa.c:883
buffer=buffer@entry=0xffff743c5000 "")
at ../qemu-xen-dir-remote/hw/xen/xen-mapcache.c:475
buffer=buffer@entry=0xffff743c5000 "")
at ../qemu-xen-dir-remote/hw/xen/xen-mapcache.c:487
as=as@entry=0xaaaae1ca3ae8 <address_space_memory>, buffer=0xffff743c5000,
len=<optimized out>, is_write=is_write@entry=true,
access_len=access_len@entry=32768)
at ../qemu-xen-dir-remote/system/physmem.c:3199
dir=DMA_DIRECTION_FROM_DEVICE, len=<optimized out>,
buffer=<optimized out>, as=0xaaaae1ca3ae8 <address_space_memory>)
at
/home/Freenix/work/sw-stash/xen/upstream/tools/qemu-xen-dir-remote/include/sysemu/dma.h:236
elem=elem@entry=0xaaaaf620aa30, len=len@entry=32769)
at ../qemu-xen-dir-remote/hw/virtio/virtio.c:758
elem=elem@entry=0xaaaaf620aa30, len=len@entry=32769, idx=idx@entry=0)
at ../qemu-xen-dir-remote/hw/virtio/virtio.c:919
elem=elem@entry=0xaaaaf620aa30, len=32769)
at ../qemu-xen-dir-remote/hw/virtio/virtio.c:994
req=req@entry=0xaaaaf620aa30, status=status@entry=0 '\000')
at ../qemu-xen-dir-remote/hw/block/virtio-blk.c:67
ret=0) at ../qemu-xen-dir-remote/hw/block/virtio-blk.c:136
at ../qemu-xen-dir-remote/block/block-backend.c:1559
--Type <RET> for more, q to quit, c to continue without paging--
at ../qemu-xen-dir-remote/block/block-backend.c:1614
i1=<optimized out>) at ../qemu-xen-dir-remote/util/coroutine-ucontext.c:177
at ../sysdeps/unix/sysv/linux/aarch64/setcontext.S:123
Signed-off-by: Peng Fan <peng.fan@nxp.com>
Reviewed-by: Stefano Stabellini <sstabellini@kernel.org>
Message-Id: <20240124021450.21656-1-peng.fan@oss.nxp.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
(cherry picked from commit 9253d83062268209533df4b29859e5b51a2dc324)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 2d281e030d02952a4fcca984275e2e8e6cae5d5f
https://github.com/qemu/qemu/commit/2d281e030d02952a4fcca984275e2e8e6cae5d5f
Author: Minwoo Im <minwoo.im@samsung.com>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: separate 'serial' property for VFs
Currently, when a VF is created, it uses the 'params' object of the PF
as it is. In other words, the 'params.serial' string memory area is also
shared. In this situation, if the VF is removed from the system, the
PF's 'params.serial' object is released with object_finalize() followed
by object_property_del_all() which release the memory for 'serial'
property. If that happens, the next VF created will inherit a serial
from a corrupted memory area.
If this happens, an error will occur when comparing subsys->serial and
n->params.serial in the nvme_subsys_register_ctrl() function.
Cc: qemu-stable@nongnu.org
Fixes: 44c2c09488db ("hw/nvme: Add support for SR-IOV")
Signed-off-by: Minwoo Im <minwoo.im@samsung.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit 4f0a4a3d5854824e5c5eccf353d4a1f4f749a29d)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 389f6655cacef1108c08e53450cd5abc86e70142
https://github.com/qemu/qemu/commit/389f6655cacef1108c08e53450cd5abc86e70142
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: fix invalid check on mcl
The number of logical blocks within a source range is converted into a
1s based number at the time of parsing. However, when verifying the copy
length we add one again, causing the check against MCL to fail in error.
Cc: qemu-stable@nongnu.org
Fixes: 381ab99d8587 ("hw/nvme: check maximum copy length (MCL) for COPY")
Reviewed-by: Minwoo Im <minwoo.im@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit 8c78015a55d84c016da6d5e41b6b5f618ecb25ab)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 273111ca7120e504f4bae33c334b31e69f65f11e
https://github.com/qemu/qemu/commit/273111ca7120e504f4bae33c334b31e69f65f11e
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: generalize the mbar size helper
Generalize the mbar size helper such that it can handle cases where the
MSI-X table and PBA are expected to be in an exclusive bar.
Cc: qemu-stable@nongnu.org
Reviewed-by: Jesper Wendel Devantier <foss@defmacro.it>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit ee7bda4d38cda3eaf114c850a723dd12e23d3abc)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 3097bcbf37e152e848756437db0c53929bac5cda
https://github.com/qemu/qemu/commit/3097bcbf37e152e848756437db0c53929bac5cda
Author: Klaus Jensen <k.jensen@samsung.com>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/core/machine.c
M hw/nvme/ctrl.c
M hw/nvme/nvme.h
Log Message:
-----------
hw/nvme: add machine compatibility parameter to enable msix exclusive bar
Commit 1901b4967c3f ("hw/block/nvme: move msix table and pba to BAR 0")
moved the MSI-X table and PBA to BAR 0 to make room for enabling CMR and
PMR at the same time. As reported by Julien Grall in #2184, this breaks
migration through system hibernation.
Add a machine compatibility parameter and set it on machines pre 6.0 to
enable the old behavior automatically, restoring the hibernation
migration support.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2184
Fixes: 1901b4967c3f ("hw/block/nvme: move msix table and pba to BAR 0")
Reported-by: Julien Grall julien@xen.org
Tested-by: Julien Grall julien@xen.org
Reviewed-by: Jesper Wendel Devantier <foss@defmacro.it>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
(cherry picked from commit fa905f65c5549703279f68c253914799b10ada47)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 98f3488c1b6090024299f8d6362aa6aac03fe26d
https://github.com/qemu/qemu/commit/98f3488c1b6090024299f8d6362aa6aac03fe26d
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/nvme/ctrl.c
Log Message:
-----------
hw/nvme: Use pcie_sriov_num_vfs()
nvme_sriov_pre_write_ctrl() used to directly inspect SR-IOV
configurations to know the number of VFs being disabled due to SR-IOV
configuration writes, but the logic was flawed and resulted in
out-of-bound memory access.
It assumed PCI_SRIOV_NUM_VF always has the number of currently enabled
VFs, but it actually doesn't in the following cases:
- PCI_SRIOV_NUM_VF has been set but PCI_SRIOV_CTRL_VFE has never been.
- PCI_SRIOV_NUM_VF was written after PCI_SRIOV_CTRL_VFE was set.
- VFs were only partially enabled because of realization failure.
It is a responsibility of pcie_sriov to interpret SR-IOV configurations
and pcie_sriov does it correctly, so use pcie_sriov_num_vfs(), which it
provides, to get the number of enabled VFs before and after SR-IOV
configuration writes.
Cc: qemu-stable@nongnu.org
Fixes: CVE-2024-26328
Fixes: 11871f53ef8e ("hw/nvme: Add support for the Virtualization Management
command")
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20240228-reuse-v8-1-282660281e60@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 91bb64a8d2014fda33a81fcf0fce37340f0d3b0c)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 313e746958967a4b941ad4bbb80726727318edfa
https://github.com/qemu/qemu/commit/313e746958967a4b941ad4bbb80726727318edfa
Author: Akihiko Odaki <akihiko.odaki@daynix.com>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/pci/pcie_sriov.c
Log Message:
-----------
pcie_sriov: Validate NumVFs
The guest may write NumVFs greater than TotalVFs and that can lead
to buffer overflow in VF implementations.
Cc: qemu-stable@nongnu.org
Fixes: CVE-2024-26327
Fixes: 7c0fa8dff811 ("pcie: Add support for Single Root I/O Virtualization
(SR/IOV)")
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <20240228-reuse-v8-2-282660281e60@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Sriram Yagnaraman <sriram.yagnaraman@ericsson.com>
(cherry picked from commit 6081b4243cd64dff1b2cf5b0c215c71e9d7e753b)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: b5c6660ea60fa37f12b985b640b1223587e54d2c
https://github.com/qemu/qemu/commit/b5c6660ea60fa37f12b985b640b1223587e54d2c
Author: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/acpi/hmat.c
Log Message:
-----------
hmat acpi: Fix out of bounds access due to missing use of indirection
With a numa set up such as
-numa nodeid=0,cpus=0 \
-numa nodeid=1,memdev=mem \
-numa nodeid=2,cpus=1
and appropriate hmat_lb entries the initiator list is correctly
computed and writen to HMAT as 0,2 but then the LB data is accessed
using the node id (here 2), landing outside the entry_list array.
Stash the reverse lookup when writing the initiator list and use
it to get the correct array index index.
Fixes: 4586a2cb83 ("hmat acpi: Build System Locality Latency and Bandwidth
Information Structure(s)")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20240307160326.31570-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 74e2845c5f95b0c139c79233ddb65bb17f2dd679)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Commit: 7820b9b7a0b5ac594a142538ce7bf62dc7711420
https://github.com/qemu/qemu/commit/7820b9b7a0b5ac594a142538ce7bf62dc7711420
Author: Volker Rümelin <vr_qemu@t-online.de>
Date: 2024-03-13 (Wed, 13 Mar 2024)
Changed paths:
M hw/audio/virtio-snd.c
M include/hw/audio/virtio-snd.h
Log Message:
-----------
hw/audio/virtio-sound: return correct command response size
The payload size returned by command VIRTIO_SND_R_PCM_INFO is
wrong. The code in process_cmd() assumes that all commands
return only a virtio_snd_hdr payload, but some commands like
VIRTIO_SND_R_PCM_INFO may return an additional payload.
Add a zero initialized payload_size variable to struct
virtio_snd_ctrl_command to allow for additional payloads.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20240218083351.8524-1-vr_qemu@t-online.de>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
(cherry picked from commit 633487df8d303b37a88584d5a57a39dbcd91c7bf)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Compare: https://github.com/qemu/qemu/compare/11aa0b1ff115...7820b9b7a0b5
To unsubscribe from these emails, change your notification settings at
https://github.com/qemu/qemu/settings/notifications
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Qemu-commits] [qemu/qemu] eae750: Revert "configure: run plugin TCG tests again",
Alex Bennée <=