Peter Maydell [Fri, 9 Aug 2024 16:04:30 +0000 (17:04 +0100)]
target/arm: Fix usage of MMU indexes when EL3 is AArch32
Our current usage of MMU indexes when EL3 is AArch32 is confused.
Architecturally, when EL3 is AArch32, all Secure code runs under the
Secure PL1&0 translation regime:
* code at EL3, which might be Mon, or SVC, or any of the
other privileged modes (PL1)
* code at EL0 (Secure PL0)
This is different from when EL3 is AArch64, in which case EL3 is its
own translation regime, and EL1 and EL0 (whether AArch32 or AArch64)
have their own regime.
We claimed to be mapping Secure PL1 to our ARMMMUIdx_EL3, but didn't
do anything special about Secure PL0, which meant it used the same
ARMMMUIdx_EL10_0 that NonSecure PL0 does. This resulted in a bug
where arm_sctlr() incorrectly picked the NonSecure SCTLR as the
controlling register when in Secure PL0, which meant we were
spuriously generating alignment faults because we were looking at the
wrong SCTLR control bits.
The use of ARMMMUIdx_EL3 for Secure PL1 also resulted in the bug that
we wouldn't honour the PAN bit for Secure PL1, because there's no
equivalent _PAN mmu index for it.
We could fix this in one of two ways:
* The most straightforward is to add new MMU indexes EL30_0,
EL30_3, EL30_3_PAN to correspond to "Secure PL1&0 at PL0",
"Secure PL1&0 at PL1", and "Secure PL1&0 at PL1 with PAN".
This matches how we use indexes for the AArch64 regimes, and
preserves propirties like being able to determine the privilege
level from an MMU index without any other information. However
it would add two MMU indexes (we can share one with ARMMMUIdx_EL3),
and we are already using 14 of the 16 the core TLB code permits.
* The more complicated approach is the one we take here. We use
the same MMU indexes (E10_0, E10_1, E10_1_PAN) for Secure PL1&0
than we do for NonSecure PL1&0. This saves on MMU indexes, but
means we need to check in some places whether we're in the
Secure PL1&0 regime or not before we interpret an MMU index.
The changes in this commit were created by auditing all the places
where we use specific ARMMMUIdx_ values, and checking whether they
needed to be changed to handle the new index value usage.
Note for potential stable backports: taking also the previous
(comment-change-only) commit might make the backport easier.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2326
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20240809160430.
1144805-3-peter.maydell@linaro.org
Peter Maydell [Fri, 9 Aug 2024 16:04:29 +0000 (17:04 +0100)]
target/arm: Update translation regime comment for new features
We have a long comment describing the Arm architectural translation
regimes and how we map them to QEMU MMU indexes. This comment has
got a bit out of date:
* FEAT_SEL2 allows Secure EL2 and corresponding new regimes
* FEAT_RME introduces Realm state and its translation regimes
* We now model the Cortex-R52 so that is no longer a hypothetical
* We separated Secure Stage 2 and NonSecure Stage 2 MMU indexes
* We have an MMU index per physical address spacea
Add the missing pieces so that the list of architectural translation
regimes matches the Arm ARM, and the list and count of QEMU MMU
indexes in the comment matches the enum.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20240809160430.
1144805-2-peter.maydell@linaro.org
Richard Henderson [Tue, 13 Aug 2024 10:42:49 +0000 (11:42 +0100)]
target/arm: Clear high SVE elements in handle_vec_simd_wshli
AdvSIMD instructions are supposed to zero bits beyond 128.
Affects SSHLL, USHLL, SSHLL2, USHLL2.
Cc: qemu-stable@nongnu.org
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20240717060903.205098-15-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Zheyu Ma [Tue, 18 Jun 2024 13:55:50 +0000 (15:55 +0200)]
hw/misc/stm32l4x5_rcc: Add validation for MCOPRE and MCOSEL values
This commit adds validation checks for the MCOPRE and MCOSEL values in
the rcc_update_cfgr_register function. If the MCOPRE value exceeds
0b100 or the MCOSEL value exceeds 0b111, an error is logged and the
corresponding clock mux is disabled. This helps in identifying and
handling invalid configurations in the RCC registers.
Reproducer:
cat << EOF | qemu-system-aarch64 -display \
none -machine accel=qtest, -m 512M -machine b-l475e-iot01a -qtest \
stdio
writeq 0x40021008 0xffffffff
EOF
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2356
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Mon, 12 Aug 2024 21:59:32 +0000 (07:59 +1000)]
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging
Pull request
Fix for hosts with an older libblkio.
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAma6MIoACgkQnKSrs4Gr
# c8i+7gf/Q1vTYE9U1ksbmASQGVJSyCfZlKB0fNxgsGgdnhcIF2uipSxNiDTVVAgn
# rKfMXCvFrPQ7cjbKiiHe4Aj9GqjI6nY6vimnuxqxq9FCd1+RiGGZWDRBfS+6ZQjg
# 815BFB7tkc7ejoL5plMk95XHM+2uHHV0xvK/zelrZ5VOeWdot0yUgL1QLMpAvzMQ
# dY3pwarG8txlnTrMuE+Ig03hjkPf0Z6aK6kdaI5xn9G6O1+799NYXpjqKNtDbisc
# Sf9iq5hmbfASECBBUJH9iWrLdgnieADPebRbOAmDpUsM1bGV6UW9KHUE7zC0h394
# jz8fSjMOjY03rDQjOpzV1wtR8zwpDw==
# =Asvz
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 13 Aug 2024 01:55:54 AM AEST
# gpg: using RSA key
8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
block/blkio: use FUA flag on write zeroes only if supported
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 12 Aug 2024 21:59:11 +0000 (07:59 +1000)]
Merge tag 'pull-target-arm-
20240812' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
* Fix BTI versus CF_PCREL
* include: Fix typo in name of MAKE_IDENTFIER macro
* docs: Various txt-to-rST conversions
* hw/core/ptimer: fix timer zero period condition for freq > 1GHz
* arm/virt: place power button pin number on a define
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAma5+4wZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3pX3D/9UVutdg5TsB9N8y5mPaVSn
# Yx0awBgxK5SHWeVgQJBkSdqh6LiGhhukR3VHfNanDELq24s0uLqLW86thgj+iB0H
# 51rnVHJtWtT9mIt0Qq9BlXX8+j0th6hELy/z+/aYdrWI1pmKsGYgF1gRh1vXrg+I
# 0s/S7kZY5CNDBbTXoBNtJfbZRe8fzyy5gUqc/tnw6Qonp8XM1OeG6sg/qF0KwzbB
# 8R7IvnY7gaBWm3daXqrFoxYuR+9i6F8uaFflOm+CarKQc9foH6KEzmfLAYLfGkFZ
# 2ZVHg3uC4k4OicyrpYcWsgumNTzOj8RTI4kV7M8NAj5TXCr+0pO6lnhlAKVGTWiL
# nJrW62dN56w8NVOzcy0tB0xqTHnKIxioGZyU4RDVKHjD/Fy0x7LX7KVmaBEZgyxJ
# oA4zY4KOrCNFsXQlqZgx38v/1hshnIYFN7V5AmfGEfbbKpBznKBQKmuyJ9VwSfGT
# jLwlwU4VMJPsj2Rs70seEl6obgyZicAXIAbqPgtMsvt3H2kKI2jtsNPFka3WaY62
# 0jOEbbFrsKV1//ZExBZdFhqBH/CoiZMvM4jsq1Y/oxAxIWtGv5dmJJsAA3w33YE4
# kNWXfHKAAhydZKeQloMgeOdLliP5UiCfF1FltwAWkLo59GV3TkjwagDU8+pWs9OF
# plOKWaKDUzkHq6G197uaBA==
# =ftoZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 12 Aug 2024 10:09:48 PM AEST
# gpg: using RSA key
E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
* tag 'pull-target-arm-
20240812' of https://git.linaro.org/people/pmaydell/qemu-arm:
arm/virt: place power button pin number on a define
hw/core/ptimer: fix timer zero period condition for freq > 1GHz
docs: Typo fix in live disk backup
docs/interop/prl-xml.rst: Fix minor grammar nits
docs/interop/prl-xml.txt: Convert to rST
docs/interop/parallels.txt: Convert to rST
docs/interop/nbd.txt: Convert to rST
docs/specs/rocker.txt: Convert to rST
include: Fix typo in name of MAKE_IDENTFIER macro
target/arm: Fix BTI versus CF_PCREL
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Stefano Garzarella [Thu, 8 Aug 2024 08:05:45 +0000 (10:05 +0200)]
block/blkio: use FUA flag on write zeroes only if supported
libblkio supports BLKIO_REQ_FUA with write zeros requests only since
version 1.4.0, so let's inform the block layer that the blkio driver
supports it only in this case. Otherwise we can have runtime errors
as reported in https://issues.redhat.com/browse/RHEL-32878
Fixes: fd66dbd424 ("blkio: add libblkio block driver")
Cc: qemu-stable@nongnu.org
Buglink: https://issues.redhat.com/browse/RHEL-32878
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240808080545.40744-1-sgarzare@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Mauro Carvalho Chehab [Fri, 9 Aug 2024 16:37:56 +0000 (17:37 +0100)]
arm/virt: place power button pin number on a define
Having magic numbers inside the code is not a good idea, as it
is error-prone. So, instead, create a macro with the number
definition.
Link: https://lore.kernel.org/qemu-devel/CAFEAcA-PYnZ-32MRX+PgvzhnoAV80zBKMYg61j2f=oHaGfwSsg@mail.gmail.com/
Signed-off-by: Mauro Carvalho Chehab <mchehab+huawei@kernel.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id:
ef0e7f5fca6cd94eda415ecee670c3028c671b74.
1723121692.git.mchehab+huawei@kernel.org
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Jianzhou Yue [Fri, 9 Aug 2024 16:37:56 +0000 (17:37 +0100)]
hw/core/ptimer: fix timer zero period condition for freq > 1GHz
The real period is zero when both period and period_frac are zero.
Check the method ptimer_set_freq, if freq is larger than 1000 MHz,
the period is zero, but the period_frac is not, in this case, the
ptimer will work but the current code incorrectly recognizes that
the ptimer is disabled.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2306
Signed-off-by: JianZhou Yue <JianZhou.Yue@verisilicon.com>
Message-id:
3DA024AEA8B57545AF1B3CAA37077D0FB75E82C8@SHASXM03.verisilicon.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Mon, 12 Aug 2024 09:05:47 +0000 (19:05 +1000)]
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEIV1G9IJGaJ7HfzVi7wSWWzmNYhEFAma5uNkACgkQ7wSWWzmN
# YhFpLwf+J9+cBWKUze7FZkxNHU78GJ/b+oVQfLYPnrCRrVKoyTr9yiKfMDS8qf5/
# tPd+xFABwcHb8UL3EeAe9w5aB0QCqqdmZMFRkWuaZ7HEbZkYNt9cJck5iMdNaPBm
# cKiFRLb8FDVA3aegCcsBqnwCxgFW+3P3rrnHQz1C+GQAOm7FER+HiFnYucjrrLSM
# SaXZYIH/LPqL01gbZcbixQkhgL5XFWUToFXQEYECGS07uZZ1WSJkxIP6WZDchJ4+
# vYO8/fWXVdrjvDirraZQRYnurWQGpTUk0Ocn2R8MaJsF8TK031MrMRJ3YP9zXp4n
# wMe0BZO/YG5oi2gFrJpYL2AZqh2MgQ==
# =DhS+
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 12 Aug 2024 05:25:13 PM AEST
# gpg: using RSA key
215D46F48246689EC77F3562EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
net: Fix '-net nic,model=' for non-help arguments
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
David Woodhouse [Tue, 6 Aug 2024 17:21:37 +0000 (18:21 +0100)]
net: Fix '-net nic,model=' for non-help arguments
Oops, don't *delete* the model option when checking for 'help'.
Fixes: 64f75f57f9d2 ("net: Reinstate '-net nic, model=help' output as documented in man page")
Reported-by: Hans <sungdgdhtryrt@gmail.com>
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Eric Blake [Fri, 9 Aug 2024 16:37:55 +0000 (17:37 +0100)]
docs: Typo fix in live disk backup
Add in the missing space in the section header.
Fixes: 1084159b31 ("qapi: deprecate drive-backup", v6.2.0)
Signed-off-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 9 Aug 2024 16:37:55 +0000 (17:37 +0100)]
docs/interop/prl-xml.rst: Fix minor grammar nits
Fix some minor grammar nits in the prl-xml documentation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id:
20240801170131.
3977807-6-peter.maydell@linaro.org
Peter Maydell [Fri, 9 Aug 2024 16:37:55 +0000 (17:37 +0100)]
docs/interop/prl-xml.txt: Convert to rST
Convert prl-xml.txt to rST format.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id:
20240801170131.
3977807-5-peter.maydell@linaro.org
Peter Maydell [Fri, 9 Aug 2024 16:37:55 +0000 (17:37 +0100)]
docs/interop/parallels.txt: Convert to rST
Convert parallels.txt to rST format.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id:
20240801170131.
3977807-4-peter.maydell@linaro.org
Peter Maydell [Fri, 9 Aug 2024 16:37:54 +0000 (17:37 +0100)]
docs/interop/nbd.txt: Convert to rST
Convert nbd.txt to rST format.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-id:
20240801170131.
3977807-3-peter.maydell@linaro.org
Peter Maydell [Fri, 9 Aug 2024 16:37:54 +0000 (17:37 +0100)]
docs/specs/rocker.txt: Convert to rST
Convert the rocker.txt specification document to rST format. We make
extensive use of the :: marker to introduce a literal block for all
the tables and ASCII art, rather than trying to convert the tables to
rST table syntax. This produces a valid rST document without needing
a huge diff.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20240801170131.
3977807-2-peter.maydell@linaro.org
Peter Maydell [Fri, 9 Aug 2024 16:37:54 +0000 (17:37 +0100)]
include: Fix typo in name of MAKE_IDENTFIER macro
In commit
bb71846325e23 we added some macro magic to avoid
variable-shadowing when using some of our more complicated
macros. One of the internal components of this is a macro
named MAKE_IDENTFIER. Fix the typo in its name: it should
be MAKE_IDENTIFIER.
Commit created with
sed -i -e 's/MAKE_IDENTFIER/MAKE_IDENTIFIER/g' include/qemu/*.h include/qapi/qmp/qobject.h
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id:
20240801102516.
3843780-1-peter.maydell@linaro.org
Richard Henderson [Fri, 9 Aug 2024 16:37:54 +0000 (17:37 +0100)]
target/arm: Fix BTI versus CF_PCREL
With pcrel, we cannot check the guarded page bit at translation
time, as different mappings of the same physical page may or may
not have the GP bit set.
Instead, add a couple of helpers to check the page at runtime,
after all other filters that might obviate the need for the check.
The set_btype_for_br call must be moved after the gen_a64_set_pc
call to ensure the current pc can still be computed.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20240802003028.795476-1-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Richard Henderson [Thu, 8 Aug 2024 22:40:36 +0000 (08:40 +1000)]
Merge tag 'pull-nbd-2024-08-08' of https://repo.or.cz/qemu/ericb into staging
NBD patches for 2024-08-08
- plug CVE-2024-7409, a DoS attack exploiting nbd-server-stop
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAma1PVEACgkQp6FrSiUn
# Q2qdHQf/dMydqNcPYnwEI238APyljpNvHNq6p9TYb0l5aVWisXHRlhFWM117hH7T
# Aq2KUgS5ppiEpw8mxa6/OaDa74VpMGyEPgn9w6o7T1xjVBVzpMxOKp5wFa8uICLj
# mFMYXtj9i0Rb+z0iZ+X+CqIV2Wy/FyV00Wr9T4HW94IV/9EK1sWvZvfyGWyxYyBZ
# XKTQV1Co3HYX8gfq7E88SgS064DnHjtRy2no4lwNFkBbVQCSbqwbK63TRPi7kEyC
# DmSLdHCdsD7Ev9kMZ6uNJS5T/9t7hjO5mWJckLt/cXOjHgL7GkoisLH8/nGjVkyc
# 3SUGjMn4TlzqMU99STRP+a48TLCVhA==
# =kDut
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 09 Aug 2024 07:49:05 AM AEST
# gpg: using RSA key
71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
* tag 'pull-nbd-2024-08-08' of https://repo.or.cz/qemu/ericb:
nbd/server: CVE-2024-7409: Close stray clients at server-stop
nbd/server: CVE-2024-7409: Drop non-negotiating clients
nbd/server: CVE-2024-7409: Cap default max-connections to 100
nbd/server: Plumb in new args to nbd_client_add()
nbd: Minor style and typo fixes
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Eric Blake [Wed, 7 Aug 2024 17:23:13 +0000 (12:23 -0500)]
nbd/server: CVE-2024-7409: Close stray clients at server-stop
A malicious client can attempt to connect to an NBD server, and then
intentionally delay progress in the handshake, including if it does
not know the TLS secrets. Although the previous two patches reduce
this behavior by capping the default max-connections parameter and
killing slow clients, they did not eliminate the possibility of a
client waiting to close the socket until after the QMP nbd-server-stop
command is executed, at which point qemu would SEGV when trying to
dereference the NULL nbd_server global which is no longer present.
This amounts to a denial of service attack. Worse, if another NBD
server is started before the malicious client disconnects, I cannot
rule out additional adverse effects when the old client interferes
with the connection count of the new server (although the most likely
is a crash due to an assertion failure when checking
nbd_server->connections > 0).
For environments without this patch, the CVE can be mitigated by
ensuring (such as via a firewall) that only trusted clients can
connect to an NBD server. Note that using frameworks like libvirt
that ensure that TLS is used and that nbd-server-stop is not executed
while any trusted clients are still connected will only help if there
is also no possibility for an untrusted client to open a connection
but then stall on the NBD handshake.
Given the previous patches, it would be possible to guarantee that no
clients remain connected by having nbd-server-stop sleep for longer
than the default handshake deadline before finally freeing the global
nbd_server object, but that could make QMP non-responsive for a long
time. So intead, this patch fixes the problem by tracking all client
sockets opened while the server is running, and forcefully closing any
such sockets remaining without a completed handshake at the time of
nbd-server-stop, then waiting until the coroutines servicing those
sockets notice the state change. nbd-server-stop now has a second
AIO_WAIT_WHILE_UNLOCKED (the first is indirectly through the
blk_exp_close_all_type() that disconnects all clients that completed
handshakes), but forced socket shutdown is enough to progress the
coroutines and quickly tear down all clients before the server is
freed, thus finally fixing the CVE.
This patch relies heavily on the fact that nbd/server.c guarantees
that it only calls nbd_blockdev_client_closed() from the main loop
(see the assertion in nbd_client_put() and the hoops used in
nbd_client_put_nonzero() to achieve that); if we did not have that
guarantee, we would also need a mutex protecting our accesses of the
list of connections to survive re-entrancy from independent iothreads.
Although I did not actually try to test old builds, it looks like this
problem has existed since at least commit
862172f45c (v2.12.0, 2017) -
even back when that patch started using a QIONetListener to handle
listening on multiple sockets, nbd_server_free() was already unaware
that the nbd_blockdev_client_closed callback can be reached later by a
client thread that has not completed handshakes (and therefore the
client's socket never got added to the list closed in
nbd_export_close_all), despite that patch intentionally tearing down
the QIONetListener to prevent new clients.
Reported-by: Alexander Ivanov <alexander.ivanov@virtuozzo.com>
Fixes: CVE-2024-7409
CC: qemu-stable@nongnu.org
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20240807174943.771624-14-eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Eric Blake [Thu, 8 Aug 2024 21:05:08 +0000 (16:05 -0500)]
nbd/server: CVE-2024-7409: Drop non-negotiating clients
A client that opens a socket but does not negotiate is merely hogging
qemu's resources (an open fd and a small amount of memory); and a
malicious client that can access the port where NBD is listening can
attempt a denial of service attack by intentionally opening and
abandoning lots of unfinished connections. The previous patch put a
default bound on the number of such ongoing connections, but once that
limit is hit, no more clients can connect (including legitimate ones).
The solution is to insist that clients complete handshake within a
reasonable time limit, defaulting to 10 seconds. A client that has
not successfully completed NBD_OPT_GO by then (including the case of
where the client didn't know TLS credentials to even reach the point
of NBD_OPT_GO) is wasting our time and does not deserve to stay
connected. Later patches will allow fine-tuning the limit away from
the default value (including disabling it for doing integration
testing of the handshake process itself).
Note that this patch in isolation actually makes it more likely to see
qemu SEGV after nbd-server-stop, as any client socket still connected
when the server shuts down will now be closed after 10 seconds rather
than at the client's whims. That will be addressed in the next patch.
For a demo of this patch in action:
$ qemu-nbd -f raw -r -t -e 10 file &
$ nbdsh --opt-mode -c '
H = list()
for i in range(20):
print(i)
H.insert(i, nbd.NBD())
H[i].set_opt_mode(True)
H[i].connect_uri("nbd://localhost")
'
$ kill $!
where later connections get to start progressing once earlier ones are
forcefully dropped for taking too long, rather than hanging.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20240807174943.771624-13-eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[eblake: rebase to changes earlier in series, reduce scope of timer]
Signed-off-by: Eric Blake <eblake@redhat.com>
Eric Blake [Tue, 6 Aug 2024 18:53:00 +0000 (13:53 -0500)]
nbd/server: CVE-2024-7409: Cap default max-connections to 100
Allowing an unlimited number of clients to any web service is a recipe
for a rudimentary denial of service attack: the client merely needs to
open lots of sockets without closing them, until qemu no longer has
any more fds available to allocate.
For qemu-nbd, we default to allowing only 1 connection unless more are
explicitly asked for (-e or --shared); this was historically picked as
a nice default (without an explicit -t, a non-persistent qemu-nbd goes
away after a client disconnects, without needing any additional
follow-up commands), and we are not going to change that interface now
(besides, someday we want to point people towards qemu-storage-daemon
instead of qemu-nbd).
But for qemu proper, and the newer qemu-storage-daemon, the QMP
nbd-server-start command has historically had a default of unlimited
number of connections, in part because unlike qemu-nbd it is
inherently persistent until nbd-server-stop. Allowing multiple client
sockets is particularly useful for clients that can take advantage of
MULTI_CONN (creating parallel sockets to increase throughput),
although known clients that do so (such as libnbd's nbdcopy) typically
use only 8 or 16 connections (the benefits of scaling diminish once
more sockets are competing for kernel attention). Picking a number
large enough for typical use cases, but not unlimited, makes it
slightly harder for a malicious client to perform a denial of service
merely by opening lots of connections withot progressing through the
handshake.
This change does not eliminate CVE-2024-7409 on its own, but reduces
the chance for fd exhaustion or unlimited memory usage as an attack
surface. On the other hand, by itself, it makes it more obvious that
with a finite limit, we have the problem of an unauthenticated client
holding 100 fds opened as a way to block out a legitimate client from
being able to connect; thus, later patches will further add timeouts
to reject clients that are not making progress.
This is an INTENTIONAL change in behavior, and will break any client
of nbd-server-start that was not passing an explicit max-connections
parameter, yet expects more than 100 simultaneous connections. We are
not aware of any such client (as stated above, most clients aware of
MULTI_CONN get by just fine on 8 or 16 connections, and probably cope
with later connections failing by relying on the earlier connections;
libvirt has not yet been passing max-connections, but generally
creates NBD servers with the intent for a single client for the sake
of live storage migration; meanwhile, the KubeSAN project anticipates
a large cluster sharing multiple clients [up to 8 per node, and up to
100 nodes in a cluster], but it currently uses qemu-nbd with an
explicit --shared=0 rather than qemu-storage-daemon with
nbd-server-start).
We considered using a deprecation period (declare that omitting
max-parameters is deprecated, and make it mandatory in 3 releases -
then we don't need to pick an arbitrary default); that has zero risk
of breaking any apps that accidentally depended on more than 100
connections, and where such breakage might not be noticed under unit
testing but only under the larger loads of production usage. But it
does not close the denial-of-service hole until far into the future,
and requires all apps to change to add the parameter even if 100 was
good enough. It also has a drawback that any app (like libvirt) that
is accidentally relying on an unlimited default should seriously
consider their own CVE now, at which point they are going to change to
pass explicit max-connections sooner than waiting for 3 qemu releases.
Finally, if our changed default breaks an app, that app can always
pass in an explicit max-parameters with a larger value.
It is also intentional that the HMP interface to nbd-server-start is
not changed to expose max-connections (any client needing to fine-tune
things should be using QMP).
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20240807174943.771624-12-eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[ericb: Expand commit message to summarize Dan's argument for why we
break corner-case back-compat behavior without a deprecation period]
Signed-off-by: Eric Blake <eblake@redhat.com>
Eric Blake [Wed, 7 Aug 2024 13:50:01 +0000 (08:50 -0500)]
nbd/server: Plumb in new args to nbd_client_add()
Upcoming patches to fix a CVE need to track an opaque pointer passed
in by the owner of a client object, as well as request for a time
limit on how fast negotiation must complete. Prepare for that by
changing the signature of nbd_client_new() and adding an accessor to
get at the opaque pointer, although for now the two servers
(qemu-nbd.c and blockdev-nbd.c) do not change behavior even though
they pass in a new default timeout value.
Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20240807174943.771624-11-eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
[eblake: s/LIMIT/MAX_SECS/ as suggested by Dan]
Signed-off-by: Eric Blake <eblake@redhat.com>
Eric Blake [Thu, 1 Aug 2024 21:49:20 +0000 (16:49 -0500)]
nbd: Minor style and typo fixes
Touch up a comment with the wrong type name, and an over-long line,
both noticed while working on upcoming patches.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20240807174943.771624-10-eblake@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Richard Henderson [Thu, 8 Aug 2024 09:13:19 +0000 (19:13 +1000)]
Update version for v9.1.0-rc1 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Thu, 8 Aug 2024 06:08:18 +0000 (16:08 +1000)]
Merge tag 'pull-hex-
20240807' of https://github.com/quic/qemu into staging
Hexagon updates: lldb preds, v66 CPU, F2_conv* fix
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCgAdFiEEPWaq5HRZSCTIjOD4GlSvuOVkbDIFAma0PggACgkQGlSvuOVk
# bDK5wxAAnFin9dlEeoy4N0HOhF4l3+t0P47w0JhceL0ZXpyOb+aLDoVBaXCPSvys
# MOHUbBqDgtGoAE4GxfLvsPvaAE3HnvCwRQQmscALHKLB2M3ntb9uIDhxoodi+ehY
# X8fJ3+EqlKqRdp2fhOMf1hEvRn9SN2fXZ9uF9FvP2rZimrZdYC2Wc4wc8gQH4mlz
# DOibUNbRhitndpAZJaSoCPwGcse//39EG9fwR8PAsGoQf6g6abmwtvuh3HFOrSLD
# jYqX9wNfbilbntD1Mhsn9mbP/62fmgO/HO92PvSaShWkA6lOrdRm5q3EbZQA7qgM
# 95brcDqInj7pC0bLJ1fb1HwHq2QPUuGX+zuMB9finTn/87hu6uR2yf790UAQILKE
# w93FzenC+OeHJ9YytfCJMbKjW/L7eAamx0qkd+qazD1+bNERF8zBkzVfJs1u4K4A
# EbSKlW3wtlXDDm78Oz6Rk+Oq8Hz4AC6N9XSS/zhV8lrzcfyrgIdaTrr2/jYHpinh
# vENT19WSZBMthEKcsZc959igMFvM4GXUfob+3GIx8WlT0dt59fQZ8zRbizzDlKzp
# uK+Lwyds+UjgCUaDwdy9YGB1WaF14imDo79yho7EDCkDDjskMASCZxGmDgB939US
# 0ZBIU7gqqXBpzuMNF8yyCgowD61oRBwf9eVUyqS6B6hscbikSpo=
# =mizO
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 08 Aug 2024 01:39:52 PM AEST
# gpg: using RSA key
3D66AAE474594824C88CE0F81A54AFB8E5646C32
# gpg: Good signature from "Brian Cain (QUIC) <quic_bcain@quicinc.com>" [unknown]
# gpg: aka "Brian Cain <bcain@kernel.org>" [unknown]
# gpg: aka "Brian Cain (QuIC) <bcain@quicinc.com>" [unknown]
# gpg: aka "Brian Cain (CAF) <bcain@codeaurora.org>" [unknown]
# gpg: aka "bcain" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6350 20F9 67A7 7164 79EF 49E0 175C 464E 541B 6D47
# Subkey fingerprint: 3D66 AAE4 7459 4824 C88C E0F8 1A54 AFB8 E564 6C32
* tag 'pull-hex-
20240807' of https://github.com/quic/qemu:
target/hexagon: switch to dc set_props() list
target/hexagon: define a v66 CPU
MAINTAINERS: Add my hexagon git tree
target/hexagon/idef-parser: Remove self-assignment
Hexagon: lldb read/write predicate registers p0/p1/p2/p3
Hexagon: fix F2_conv_* instructions for negative zero
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Brian Cain [Wed, 31 Jul 2024 01:12:54 +0000 (18:12 -0700)]
target/hexagon: switch to dc set_props() list
Define a hexagon_cpu_properties list to match the idiom used
by other targets.
Signed-off-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Brian Cain [Wed, 31 Jul 2024 01:09:54 +0000 (18:09 -0700)]
target/hexagon: define a v66 CPU
For now, v66 behavior is the same as other CPUs.
Signed-off-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Brian Cain [Wed, 31 Jul 2024 20:39:10 +0000 (13:39 -0700)]
MAINTAINERS: Add my hexagon git tree
Add my git tree for hexagon. Note that the branch is "hex-next" and not
"hex.next" as had been used previously. But I'll keep the "hex.next" branch
in sync with "hex-next" until this commit lands to avoid confusion.
Signed-off-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Anton Johansson [Thu, 13 Jul 2023 12:08:53 +0000 (14:08 +0200)]
target/hexagon/idef-parser: Remove self-assignment
The self assignment is clearly useless, and @1.last_column does not have
to be set for an expression with only a single token, so remove it.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Anton Johansson <anjo@rev.ng>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20230713120853.27023-1-anjo@rev.ng>
Signed-off-by: Brian Cain <bcain@quicinc.com>
Taylor Simpson [Thu, 13 Jun 2024 18:22:09 +0000 (12:22 -0600)]
Hexagon: lldb read/write predicate registers p0/p1/p2/p3
hexagon-core.xml only exposes register p3_0 which is an alias that
aggregates the predicate registers. It is more convenient for users
to interact directly with the predicate registers.
Tested with lldb downloaded from this location
https://github.com/llvm/llvm-project/releases/download/llvmorg-18.1.4/clang+llvm-18.1.4-x86_64-linux-gnu-ubuntu-18.04.tar.xz
BEFORE:
(lldb) reg read p3_0
p3_0 = 0x00000000
(lldb) reg read p0
error: Invalid register name 'p0'.
(lldb) reg write p1 0xf
error: Register not found for 'p1'.
AFTER:
(lldb) reg read p3_0
p3_0 = 0x00000000
(lldb) reg read p0
p0 = 0x00
(lldb) reg read -s 1
Predicate Registers:
p0 = 0x00
p1 = 0x00
p2 = 0x00
p3 = 0x00
(lldb) reg write p1 0xf
(lldb) reg read p3_0
p3_0 = 0x00000f00
(lldb) reg write p3_0 0xff00ff00
(lldb) reg read -s 1
Predicate Registers:
p0 = 0x00
p1 = 0xff
p2 = 0x00
p3 = 0xff
Signed-off-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Message-Id: <
20240613182209.140082-1-ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>
Matheus Tavares Bernardino [Mon, 29 Jul 2024 19:24:06 +0000 (16:24 -0300)]
Hexagon: fix F2_conv_* instructions for negative zero
The implementation for these instructions handles -0 as an invalid float
point value, whereas the Hexagon hardware considers it the same as +0
(which is valid). Let's fix that and add a regression test.
Signed-off-by: Matheus Tavares Bernardino <quic_mathbern@quicinc.com>
Reviewed-by: Brian Cain <bcain@quicinc.com>
Reviewed-by: Taylor Simpson <ltaylorsimpson@gmail.com>
Signed-off-by: Brian Cain <bcain@quicinc.com>
Richard Henderson [Wed, 7 Aug 2024 23:06:59 +0000 (09:06 +1000)]
Merge tag 'pull-tcg-
20240808' of https://gitlab.com/rth7680/qemu into staging
tcg/ppc: Sync tcg_out_test and constraints
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmaz/agdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8bcAf/Y4QlUfZSmTl+68Ia
# gls2oHU1Oc085Pk78jq5vi2ctHBmcazHelc8XvGlZKR+JbJFUy6SaHT16ySfyYx3
# Qy7rP5t2AJPUEo8jVA+Y5tfboU6Q42ta8twJhAzcDjjtSEs6SNIhCL3NvRlQ5yMN
# uss2c+lj4tGZ0eeONFzoWoqIrScGp9bJt03hz8y7i5/ebK9A2muUYxg3AyF8wfnG
# HhYDJ0Yg2Sfm1GXjuo0tzGX/CrHEt5T0Os5Z1vtaULXw+NZrHigWtjIUmc+3o664
# DgwmomG7kLzRJM/N2vtUMln9lAZVci/SrOKGtilokeAtuIJ7n3whWI0UErFQzj5m
# HMUDpw==
# =EmcK
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 08 Aug 2024 09:05:12 AM AEST
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-
20240808' of https://gitlab.com/rth7680/qemu:
tcg/ppc: Sync tcg_out_test and constraints
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 7 Aug 2024 04:04:18 +0000 (04:04 +0000)]
tcg/ppc: Sync tcg_out_test and constraints
Ensure the code structure is the same for matching constraints
and emitting code, lest we allow constants that cannot be
trivially tested.
Cc: qemu-stable@nongnu.org
Fixes: ad788aebbab ("tcg/ppc: Support TCG_COND_TST{EQ,NE}")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2487
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
44328324-af73-4439-9d2b-
d414e0e13dd7@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Richard Henderson [Tue, 6 Aug 2024 21:09:37 +0000 (07:09 +1000)]
Merge tag 'for-upstream' of https://repo.or.cz/qemu/kevin into staging
Block layer patches
- scsi-block: Fix error handling with r/werror=stop
- Depend on newer clang for TSA, make WITH_GRAPH_RDLOCK_GUARD() fully
checked, fix block-copy to add missing lock
- vvfat: Fix write bugs for large files and add iotests
- Clean up blockdev-snapshot-internal-sync doc
- Fix iotests 024 for qed
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmayag4RHGt3b2xmQHJl
# ZGhhdC5jb20ACgkQfwmycsiPL9Y0yhAArDpKYNsOmJerL/abIetchJ84suuR2MHZ
# iziAsTXk1iiSNYrAfXyiGhMsovvApluW1bojB80XLjaWFeN76zCRq0bnYVhv/xeX
# bQddC4JyWkcYGmdASiFpvQ7+p37jBh+OebmxsF557s4uM6b0/QN1xnOyyjBpyJbB
# aBTNgUYaTXmD6RD8h9SscnroNqhckuv6+zm0SX2Z4wRTF2uEmVWdL2yz2I3P8G7W
# dhVfgOCYQmW0cSfTueBQJClaUoHyJeibd4TzHR12hFAKIYobXMGfcE3AhfpBvO3t
# 0SEQ5MUx3zasGVENSJA6UnzVnpHl8HRtdDIFhSWb6yZJJ6RPPGynj7UVvFOK1SXM
# iXzj1kcYzFO/AFO3JxkSr6IHZdzZr4e5wtuFbw8Je6Ai0P5prc53jBDovtbAT0Wt
# +dAP7cnntYLDcAIsJqGUdr2FJfSOh9gApH/I3kF3scDwLRpb6OlWJ60T5b98VcR4
# +J67AXuGN7OXtYEU6GupZpWTQ/nZQ63egrCfJlqL67QduuF1YvcgOo2+TdAwDYkf
# 8nU7AEUgzWox8EcTkof/BXYYabOjn0D6/1+aLc7J7vGGlnKVyQMK9Kn5MRBzkyb3
# iWOtuv8aoNfnxtuMnpwe/Uf2hhOGi8IldnoP2+Yb9urWnFQ3Jbbmnv8Ga7mDQmRs
# ue4gDS51MCc=
# =ouBM
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 07 Aug 2024 04:23:10 AM AEST
# gpg: using RSA key
DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg: issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
* tag 'for-upstream' of https://repo.or.cz/qemu/kevin:
iotests/024: exclude 'backing file format' field from the output
iotests: Add `vvfat` tests
vvfat: Fix reading files with non-continuous clusters
vvfat: Fix wrong checks for cluster mappings invariant
vvfat: Fix usage of `info.file.offset`
vvfat: Fix bug in writing to middle of file
scsi-disk: Always report RESERVATION_CONFLICT to guest
scsi-disk: Add warning comments that host_status errors take a shortcut
scsi-block: Don't skip callback for sgio error status/driver_status
scsi-disk: Use positive return value for status in dma_readv/writev
block/graph-lock: Make WITH_GRAPH_RDLOCK_GUARD() fully checked
block-copy: Fix missing graph lock
qapi-block-core: Clean up blockdev-snapshot-internal-sync doc
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Andrey Drobyshev [Tue, 30 Jul 2024 09:47:01 +0000 (12:47 +0300)]
iotests/024: exclude 'backing file format' field from the output
Apparently 'qemu-img info' doesn't report the backing file format field
for qed (as it does for qcow2):
$ qemu-img create -f qed base.qed 1M && qemu-img create -f qed -b base.qed -F qed top.qed 1M
$ qemu-img create -f qcow2 base.qcow2 1M && qemu-img create -f qcow2 -b base.qcow2 -F qcow2 top.qcow2 1M
$ qemu-img info top.qed | grep 'backing file format'
$ qemu-img info top.qcow2 | grep 'backing file format'
backing file format: qcow2
This leads to the 024 test failure with -qed. Let's just filter the
field out and exclude it from the output.
This is a fixup for the commit
f93e65ee51 ("iotests/{024, 271}: add
testcases for qemu-img rebase").
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Message-ID: <
20240730094701.790624-1-andrey.drobyshev@virtuozzo.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Amjad Alsharafi [Sat, 20 Jul 2024 10:13:34 +0000 (18:13 +0800)]
iotests: Add `vvfat` tests
Added several tests to verify the implementation of the vvfat driver.
We needed a way to interact with it, so created a basic `fat16.py` driver
that handled writing correct sectors for us.
Added `vvfat` to the non-generic formats, as its not a normal image format.
Signed-off-by: Amjad Alsharafi <amjadsharafi10@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
bb8149c945301aefbdf470a0924c07f69f9c087d.
1721470238.git.amjadsharafi10@gmail.com>
[kwolf: Made mypy and pylint happy to unbreak 297]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Amjad Alsharafi [Sat, 20 Jul 2024 10:13:33 +0000 (18:13 +0800)]
vvfat: Fix reading files with non-continuous clusters
When reading with `read_cluster` we get the `mapping` with
`find_mapping_for_cluster` and then we call `open_file` for this
mapping.
The issue appear when its the same file, but a second cluster that is
not immediately after it, imagine clusters `500 -> 503`, this will give
us 2 mappings one has the range `500..501` and another `503..504`, both
point to the same file, but different offsets.
When we don't open the file since the path is the same, we won't assign
`s->current_mapping` and thus accessing way out of bound of the file.
From our example above, after `open_file` (that didn't open anything) we
will get the offset into the file with
`s->cluster_size*(cluster_num-s->current_mapping->begin)`, which will
give us `0x2000 * (504-500)`, which is out of bound for this mapping and
will produce some issues.
Signed-off-by: Amjad Alsharafi <amjadsharafi10@gmail.com>
Message-ID: <
1f3ea115779abab62ba32c788073cdc99f9ad5dd.
1721470238.git.amjadsharafi10@gmail.com>
[kwolf: Simplified the patch based on Amjad's analysis and input]
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Amjad Alsharafi [Sat, 20 Jul 2024 10:13:32 +0000 (18:13 +0800)]
vvfat: Fix wrong checks for cluster mappings invariant
How this `abort` was intended to check for was:
- if the `mapping->first_mapping_index` is not the same as
`first_mapping_index`, which **should** happen only in one case,
when we are handling the first mapping, in that case
`mapping->first_mapping_index == -1`, in all other cases, the other
mappings after the first should have the condition `true`.
- From above, we know that this is the first mapping, so if the offset
is not `0`, then abort, since this is an invalid state.
The issue was that `first_mapping_index` is not set if we are
checking from the middle, the variable `first_mapping_index` is
only set if we passed through the check `cluster_was_modified` with the
first mapping, and in the same function call we checked the other
mappings.
One approach is to go into the loop even if `cluster_was_modified`
is not true so that we will be able to set `first_mapping_index` for the
first mapping, but since `first_mapping_index` is only used here,
another approach is to just check manually for the
`mapping->first_mapping_index != -1` since we know that this is the
value for the only entry where `offset == 0` (i.e. first mapping).
Signed-off-by: Amjad Alsharafi <amjadsharafi10@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
b0fbca3ee208c565885838f6a7deeaeb23f4f9c2.
1721470238.git.amjadsharafi10@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Amjad Alsharafi [Sat, 20 Jul 2024 10:13:31 +0000 (18:13 +0800)]
vvfat: Fix usage of `info.file.offset`
The field is marked as "the offset in the file (in clusters)", but it
was being used like this
`cluster_size*(nums)+mapping->info.file.offset`, which is incorrect.
Signed-off-by: Amjad Alsharafi <amjadsharafi10@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
72f19a7903886dda1aa78bcae0e17702ee939262.
1721470238.git.amjadsharafi10@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Amjad Alsharafi [Sat, 20 Jul 2024 10:13:30 +0000 (18:13 +0800)]
vvfat: Fix bug in writing to middle of file
Before this commit, the behavior when calling `commit_one_file` for
example with `offset=0x2000` (second cluster), what will happen is that
we won't fetch the next cluster from the fat, and instead use the first
cluster for the read operation.
This is due to off-by-one error here, where `i=0x2000 !< offset=0x2000`,
thus not fetching the next cluster.
Signed-off-by: Amjad Alsharafi <amjadsharafi10@gmail.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Tested-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
b97c1e1f1bc2f776061ae914f95d799d124fcd73.
1721470238.git.amjadsharafi10@gmail.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 31 Jul 2024 12:32:07 +0000 (14:32 +0200)]
scsi-disk: Always report RESERVATION_CONFLICT to guest
In the case of scsi-block, RESERVATION_CONFLICT is not a backend error,
but indicates that the guest tried to make a request that it isn't
allowed to execute. Pass the error to the guest so that it can decide
what to do with it.
Without this, if we stop the VM in response to a RESERVATION_CONFLICT
(as is the default policy in management software such as oVirt or
KubeVirt), it can happen that the VM cannot be resumed any more because
every attempt to resume it immediately runs into the same error and
stops the VM again.
One case that expects RESERVATION_CONFLICT errors to be visible in the
guest is running the validation tests in Windows 2019's Failover Cluster
Manager, which intentionally tries to execute invalid requests to see if
they are properly rejected.
Buglink: https://issues.redhat.com/browse/RHEL-50000
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <
20240731123207.27636-5-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 31 Jul 2024 12:32:06 +0000 (14:32 +0200)]
scsi-disk: Add warning comments that host_status errors take a shortcut
scsi_block_sgio_complete() has surprising behaviour in that there are
error cases in which it directly completes the request and never calls
the passed callback. In the current state of the code, this doesn't seem
to result in bugs, but with future code changes, we must be careful to
never rely on the callback doing some cleanup until this code smell is
fixed. For now, just add warnings to make people aware of the trap.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <
20240731123207.27636-4-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 31 Jul 2024 12:32:05 +0000 (14:32 +0200)]
scsi-block: Don't skip callback for sgio error status/driver_status
Instead of calling into scsi_handle_rw_error() directly from
scsi_block_sgio_complete() and skipping the normal callback, go through
the normal cleanup path by calling the callback with a positive error
value.
The important difference here is not only that the code path is cleaner,
but that the callbacks set r->req.aiocb = NULL. If we skip setting this
and the error action is BLOCK_ERROR_ACTION_STOP, resuming the VM runs
into an assertion failure in scsi_read_data() or scsi_write_data()
because the dangling aiocb pointer is unexpected.
Fixes: a108557bbf ("scsi: inline sg_io_sense_from_errno() into the callers.")
Buglink: https://issues.redhat.com/browse/RHEL-50000
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <
20240731123207.27636-3-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Wed, 31 Jul 2024 12:32:04 +0000 (14:32 +0200)]
scsi-disk: Use positive return value for status in dma_readv/writev
In some error cases, scsi_block_sgio_complete() never calls the passed
callback, but directly completes the request. This leads to bugs because
its error paths are not exact copies of what the callback would normally
do.
In preparation to fix this, allow passing positive return values to the
callbacks that represent the status code that should be used to complete
the request.
scsi_handle_rw_error() already handles positive values for its ret
parameter because scsi_block_sgio_complete() calls directly into it.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-ID: <
20240731123207.27636-2-kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Thu, 27 Jun 2024 18:12:45 +0000 (20:12 +0200)]
block/graph-lock: Make WITH_GRAPH_RDLOCK_GUARD() fully checked
Upstream clang 18 (and backports to clang 17 in Fedora and RHEL)
implemented support for __attribute__((cleanup())) in its Thread Safety
Analysis, so we can now actually have a proper implementation of
WITH_GRAPH_RDLOCK_GUARD() that understands when we acquire and when we
release the lock.
-Wthread-safety is now only enabled if the compiler is new enough to
understand this pattern. In theory, we could have used some #ifdefs to
keep the existing basic checks on old compilers, but as long as someone
runs a newer compiler (and our CI does), we will catch locking problems,
so it's probably not worth keeping multiple implementations for this.
The implementation can't use g_autoptr any more because the glib macros
define wrapper functions that don't have the right TSA attributes, so
the compiler would complain about them. Just use the cleanup attribute
directly instead.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20240627181245.281403-3-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Kevin Wolf [Thu, 27 Jun 2024 18:12:44 +0000 (20:12 +0200)]
block-copy: Fix missing graph lock
The graph lock needs to be held when calling bdrv_co_pdiscard(). Fix
block_copy_task_entry() to take it for the call.
WITH_GRAPH_RDLOCK_GUARD() was implemented in a weak way because of
limitations in clang's Thread Safety Analysis at the time, so that it
only asserts that the lock is held (which allows calling functions that
require the lock), but we never deal with the unlocking (so even after
the scope of the guard, the compiler assumes that the lock is still
held). This is why the compiler didn't catch this locking error.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20240627181245.281403-2-kwolf@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Markus Armbruster [Thu, 18 Jul 2024 12:36:09 +0000 (14:36 +0200)]
qapi-block-core: Clean up blockdev-snapshot-internal-sync doc
BlockdevSnapshotInternal is the arguments type of command
blockdev-snapshot-internal-sync. Its doc comment contains this note:
# .. note:: In a transaction, if @name is empty or any snapshot matching
# @name exists, the operation will fail. Only some image formats
# support it; for example, qcow2, and rbd.
"In a transaction" is misleading, and "if @name is empty or any
snapshot matching @name exists, the operation will fail" is redundant
with the command's Errors documentation. Drop.
The remainder is fine. Move it to the command's doc comment, where it
is more prominently visible, with a slight rephrasing for clarity.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <
20240718123609.
3063055-1-armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Richard Henderson [Tue, 6 Aug 2024 14:33:51 +0000 (00:33 +1000)]
Merge tag 'hw-misc-
20240806' of https://github.com/philmd/qemu into staging
Misc HW & UI patches
- Replace Loongson IPI with LoongArch IPI on LoongArch Virt machine (Bibo)
- SD card: Do not abort when reading DAT lines on invalid cmd state (Phil)
- SDHCI: Reset @data_count index on invalid ADMA transfers (Phil)
- Don't decrement PFlash counter below 0 (Peter)
- Explicit a 8bit truncate on IDE ATAPI (Peter)
- Silent Coverity warning in ISA FDC (Peter)
- Remove dead code in PCI IDE bmdma_prepare_buf (Peter)
- Improve OpenGL and related display error messages (Peter)
- Set PCI base address register write mask on GC64120 host bridge (Phil)
- List PCIe Root Port and PCIe-to-PCI bridge in QEMU PCI IDs list (George)
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmayMloACgkQ4+MsLN6t
# wN6SFQ//S0WvrFNsCeHphsbPETNwHL72j2XdX9xnt9UJZoBhFitOTCzo/EpNQHJe
# dFxCAfef9Nc9WDumyWsb7hE6IGjn/wPpVUnOnoWZZAilA6LK01J0mxgDXNRUf8ES
# iRo5x1Zd3oNBcKA9oqCuALkapXYypKCwSlRgvc42ekdYXHG95pFbJv9MmWIYy6Vn
# 0+hBWv3+Xegv7oFH4UsbjY844vsFcjupvrEm10bcH/zeYhEWVvXRylyfAQS8ww+U
# TYWj9g1i+Cfz+QxKyXovlS21ogieckiTYlr4yM7Ze7fD3Tyj5Q3KRfjC9tD0HoNb
# hjTSojfzk9m93/c5nASL7ChbjisJWqewH5J0eVLSMkqDRUsbFbsryJ4bDXIQNSYD
# HTko32P5obrDQO6l8rr6zuk1Y8lKBd0cY4fGlynXzsitp7duAqWJeMbD0s0duASW
# pqGITK/F/hKHJC6RVDaiFoyGHEa+wm4K6YqfwSFy0EOb5qYq0/d0MAEzTXPB1K1S
# mFMF6+Yk7ZfOnYwSDTDGf5hnmSvSLLdY+Ne94g9gLvuIRWCvc5rrjfBzAbnOfeif
# EMpFbofkMys5p7kxGUZhkJpRQiRjB11fZl9bplyhjGpPgQrq+E/j0G3Uc7jtkOUO
# sjB/4iA7RFvCe47EWqN3WR+rf462EGk2MD+Ebxd9FLsiciFvk1Y=
# =jOxG
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 07 Aug 2024 12:25:30 AM AEST
# gpg: using RSA key
FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
* tag 'hw-misc-
20240806' of https://github.com/philmd/qemu: (28 commits)
docs/specs/pci-ids: Fix markup
docs/specs/pci-ids: Add missing devices
hw/pci-host/gt64120: Reset config registers during RESET phase
hw/pci-host/gt64120: Set PCI base address register write mask
ui/console: Note in '-display help' that some backends support suboptions
system/vl.c: Expand OpenGL related errors
hw/display/virtio-gpu: Improve "opengl is not available" error message
hw/ide/pci: Remove dead code from bmdma_prepare_buf()
hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something
hw/ide/atapi: Be explicit that assigning to s->lcyl truncates
hw/block/pflash_cfi01: Don't decrement pfl->counter below 0
hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers
hw/sd/sdcard: Do not abort when reading DAT lines on invalid cmd state
hw/sd/sdcard: Explicit dummy byte value
hw/intc/loongson_ipi: Restrict to MIPS
hw/loongarch/virt: Replace Loongson IPI with LoongArch IPI
hw/intc/loongarch_ipi: Add loongarch IPI support
hw/intc/loongson_ipi: Move common code to loongson_ipi_common.c
hw/intc/loongson_ipi: Expose loongson_ipi_core_read/write helpers
hw/intc/loongson_ipi: Add LoongsonIPICommonClass::cpu_by_arch_id handler
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
George Matsumura [Mon, 5 Aug 2024 03:10:13 +0000 (21:10 -0600)]
docs/specs/pci-ids: Fix markup
This fixes the markup of the PCI and PCIe Expander Bridge entries to be
consistent with the rest of the file.
Signed-off-by: George Matsumura <gorg@gorgnet.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240805031012.16547-4-gorg@gorgnet.net>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
George Matsumura [Mon, 5 Aug 2024 03:10:11 +0000 (21:10 -0600)]
docs/specs/pci-ids: Add missing devices
Add the missing devices 1b36:000c (PCIe root port) and 1b36:000e
(PCIe-to-PCI bridge).
Signed-off-by: George Matsumura <gorg@gorgnet.net>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240805031012.16547-2-gorg@gorgnet.net>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Philippe Mathieu-Daudé [Thu, 1 Aug 2024 13:27:24 +0000 (15:27 +0200)]
hw/pci-host/gt64120: Reset config registers during RESET phase
Reset config values in the device RESET phase, not only once
when the device is realized, because otherwise the device can
use unknown values at reset.
Since we are adding a new reset method, use the preferred
Resettable API (for a simple leaf device reset, a
DeviceClass::reset method and a ResettableClass::reset_hold
method are essentially identical).
Reported-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20240802213122.86852-3-philmd@linaro.org>
Philippe Mathieu-Daudé [Fri, 2 Aug 2024 16:49:55 +0000 (18:49 +0200)]
hw/pci-host/gt64120: Set PCI base address register write mask
When booting Linux we see:
PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [mem 0x10000000-0x17ffffff]
pci_bus 0000:00: root bus resource [io 0x1000-0x1fffff]
pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
pci 0000:00:00.0: [11ab:4620] type 00 class 0x060000
pci 0000:00:00.0: [Firmware Bug]: reg 0x14: invalid BAR (can't size)
pci 0000:00:00.0: [Firmware Bug]: reg 0x18: invalid BAR (can't size)
pci 0000:00:00.0: [Firmware Bug]: reg 0x1c: invalid BAR (can't size)
pci 0000:00:00.0: [Firmware Bug]: reg 0x20: invalid BAR (can't size)
pci 0000:00:00.0: [Firmware Bug]: reg 0x24: invalid BAR (can't size)
This is due to missing base address register write mask.
Add it to get:
PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [mem 0x10000000-0x17ffffff]
pci_bus 0000:00: root bus resource [io 0x1000-0x1fffff]
pci_bus 0000:00: No busn resource found for root bus, will use [bus 00-ff]
pci 0000:00:00.0: [11ab:4620] type 00 class 0x060000
pci 0000:00:00.0: reg 0x10: [mem 0x00000000-0x00000fff pref]
pci 0000:00:00.0: reg 0x14: [mem 0x01000000-0x01000fff pref]
pci 0000:00:00.0: reg 0x18: [mem 0x1c000000-0x1c000fff]
pci 0000:00:00.0: reg 0x1c: [mem 0x1f000000-0x1f000fff]
pci 0000:00:00.0: reg 0x20: [mem 0x1be00000-0x1be00fff]
pci 0000:00:00.0: reg 0x24: [io 0x14000000-0x14000fff]
Since this device is only used by MIPS machines which aren't
versioned, we don't need to update migration compat machinery.
Mention the datasheet referenced. Remove the "Malta assumptions
ahead" comment since the reset values from the datasheet are used.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
Message-Id: <
20240802213122.86852-2-philmd@linaro.org>
Peter Maydell [Wed, 31 Jul 2024 15:41:36 +0000 (16:41 +0100)]
ui/console: Note in '-display help' that some backends support suboptions
Currently '-display help' only prints the available backends. Some
of those backends support suboptions (e.g. '-display gtk,gl=on').
Mention that in the help output, and point the user to where they
might be able to find more information about the suboptions.
The new output looks like this:
$ qemu-system-aarch64 -display help
Available display backend types:
none
gtk
sdl
egl-headless
curses
spice-app
dbus
Some display backends support suboptions, which can be set with
-display backend,option=value,option=value...
For a short list of the suboptions for each display, see the top-level -help output; more detail is in the documentation.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <
20240731154136.
3494621-4-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Wed, 31 Jul 2024 15:41:35 +0000 (16:41 +0100)]
system/vl.c: Expand OpenGL related errors
Expand the OpenGL related error messages we produce for various
"OpenGL not present/not supported" cases, to hopefully guide the
user towards how to fix things.
Now if the user tries to enable GL on a backend that doesn't
support it the error message is a bit more precise:
$ qemu-system-aarch64 -M virt -device virtio-gpu-gl -display curses,gl=on
qemu-system-aarch64: OpenGL is not supported by display backend 'curses'
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[AJB: Improved error report message]
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <
20240731154136.
3494621-3-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Wed, 31 Jul 2024 15:41:34 +0000 (16:41 +0100)]
hw/display/virtio-gpu: Improve "opengl is not available" error message
If the user tries to use the virtio-gpu-gl device but the display
backend doesn't have OpenGL support enabled, we currently print a
rather uninformative error message:
$ qemu-system-aarch64 -M virt -device virtio-gpu-gl
qemu-system-aarch64: -device virtio-gpu-gl: opengl is not available
Since OpenGL is not enabled on display frontends by default, users
are quite likely to run into this. Improve the error message to
be more specific and to suggest to the user a path forward.
Note that the case of "user tried to enable OpenGL but the display
backend doesn't handle it" is caught elsewhere first, so we can
assume that isn't the problem:
$ qemu-system-aarch64 -M virt -device virtio-gpu-gl -display curses,gl=on
qemu-system-aarch64: OpenGL is not supported by the display
(Use of error_append_hint() requires us to add an ERRP_GUARD() to
the function, as noted in include/qapi/error.h.)
With this commit we now produce the hopefully more helpful error:
$ ./build/x86/qemu-system-aarch64 -M virt -device virtio-gpu-gl
qemu-system-aarch64: -device virtio-gpu-gl: The display backend does not have OpenGL support enabled
It can be enabled with '-display BACKEND,gl=on' where BACKEND is the name of the display backend to use.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2443
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-ID: <
20240731154136.
3494621-2-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Wed, 31 Jul 2024 14:36:16 +0000 (15:36 +0100)]
hw/ide/pci: Remove dead code from bmdma_prepare_buf()
Coverity notes that the code at the end of the loop in
bmdma_prepare_buf() is unreachable. This is because in commit
9fbf0fa81fca8f527 ("ide: remove hardcoded 2GiB transactional limit")
we removed the only codepath in the loop which could "break" out of
it, but didn't notice that this meant we should also remove the code
at the end of the loop.
Remove the dead code.
Resolves: Coverity CID
1547772
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
[PMD: Break and return once at EOF]
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240805182419.22239-1-philmd@linaro.org>
Peter Maydell [Wed, 31 Jul 2024 14:36:15 +0000 (15:36 +0100)]
hw/block/fdc-isa: Assert that isa_fdc_get_drive_max_chs() found something
Coverity complains about an overflow in isa_fdc_get_drive_max_chs()
that can happen if the loop over fd_formats never finds a match,
because we initialize *maxc to 0 and then at the end of the
function decrement it.
This can't ever actually happen because fd_formats has at least
one entry for each FloppyDriveType, so we must at least once
find a match and update *maxc, *maxh and *maxs. Assert that we
did find a match, which should keep Coverity happy and will also
detect possible bugs in the data in fd_formats.
Resolves: Coverity CID
1547663
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240731143617.
3391947-6-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Wed, 31 Jul 2024 14:36:14 +0000 (15:36 +0100)]
hw/ide/atapi: Be explicit that assigning to s->lcyl truncates
In ide_atapi_cmd_reply_end() we calculate a 16-bit size, and then
assign its two halves to s->lcyl and s->hcyl like this:
s->lcyl = size;
s->hcyl = size >> 8;
Coverity warns that the first line here can overflow the
8-bit s->lcyl variable. This is true, and in this case we're
deliberately only after the low 8 bits of the value. The
code is clearer to both humans and Coverity if we're explicit
that we only wanted the low 8 bits, though.
Resolves: Coverity CID
1547621
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20240731143617.
3391947-5-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Wed, 31 Jul 2024 14:36:13 +0000 (15:36 +0100)]
hw/block/pflash_cfi01: Don't decrement pfl->counter below 0
In pflash_write() Coverity points out that we can decrement the
unsigned pfl->counter below zero, which makes it wrap around. In
fact this is harmless, because if pfl->counter is 0 at this point we
also increment pfl->wcycle to 3, and the wcycle == 3 handling doesn't
look at counter; the only way back into code which looks at the
counter value is via wcycle == 1, which will reinitialize the counter.
But it's arguably a little clearer to break early in the "counter ==
0" if(), to avoid the decrement-below-zero.
Resolves: Coverity CID
1547611
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Message-ID: <
20240731143617.
3391947-4-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 30 Jul 2024 08:41:25 +0000 (10:41 +0200)]
hw/sd/sdhci: Reset @data_count index on invalid ADMA transfers
We neglected to clear the @data_count index on ADMA error,
allowing to trigger assertion in sdhci_read_dataport() or
sdhci_write_dataport().
Cc: qemu-stable@nongnu.org
Fixes: d7dfca0807 ("hw/sdhci: introduce standard SD host controller")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2455
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240730092138.32443-4-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 30 Jul 2024 07:44:46 +0000 (09:44 +0200)]
hw/sd/sdcard: Do not abort when reading DAT lines on invalid cmd state
Guest should not try to read the DAT lines from invalid
command state. If it still insists to do so, return a
dummy value.
Cc: qemu-stable@nongnu.org
Fixes: e2dec2eab0 ("hw/sd/sdcard: Remove default case in read/write on DAT lines")
Reported-by: Zheyu Ma <zheyuma97@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2454
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240730092138.32443-3-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 30 Jul 2024 07:45:48 +0000 (09:45 +0200)]
hw/sd/sdcard: Explicit dummy byte value
On error the DAT lines are left unmodified to their
previous states. QEMU returns 0x00 for convenience.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240730092138.32443-2-philmd@linaro.org>
Bibo Mao [Wed, 17 Jul 2024 21:32:49 +0000 (23:32 +0200)]
hw/intc/loongson_ipi: Restrict to MIPS
Now than LoongArch target can use the TYPE_LOONGARCH_IPI
model, restrict TYPE_LOONGSON_IPI to MIPS.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-15-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 14:23:48 +0000 (16:23 +0200)]
hw/loongarch/virt: Replace Loongson IPI with LoongArch IPI
Loongarch IPI inherits from class LoongsonIPICommonClass, and it
only contains Loongarch 3A5000 virt machine specific interfaces,
rather than mix different machine implementations together.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Rebased]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-14-philmd@linaro.org>
Bibo Mao [Wed, 17 Jul 2024 21:11:30 +0000 (23:11 +0200)]
hw/intc/loongarch_ipi: Add loongarch IPI support
Loongarch IPI is added here, it inherits from class
TYPE_LOONGSON_IPI_COMMON, and two interfaces get_iocsr_as() and
cpu_by_arch_id() are added for Loongarch 3A5000 machine. It can
be used when ipi is emulated in userspace with KVM mode.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Rebased and simplified]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-13-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 16:42:13 +0000 (18:42 +0200)]
hw/intc/loongson_ipi: Move common code to loongson_ipi_common.c
Move the common code from loongson_ipi.c to loongson_ipi_common.c,
call parent_realize() instead of loongson_ipi_common_realize() in
loongson_ipi_realize().
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-12-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 16:51:31 +0000 (18:51 +0200)]
hw/intc/loongson_ipi: Expose loongson_ipi_core_read/write helpers
In order to access loongson_ipi_core_read/write helpers
from loongson_ipi_common.c in the next commit, make their
prototype declaration public.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-11-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 16:24:02 +0000 (18:24 +0200)]
hw/intc/loongson_ipi: Add LoongsonIPICommonClass::cpu_by_arch_id handler
Allow Loongson IPI implementations to have their own
cpu_by_arch_id() handler.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-10-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 15:50:05 +0000 (17:50 +0200)]
hw/intc/loongson_ipi: Add LoongsonIPICommonClass::get_iocsr_as handler
Allow Loongson IPI implementations to have their own get_iocsr_as()
handler.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-9-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 15:40:50 +0000 (17:40 +0200)]
hw/intc/loongson_ipi: Pass LoongsonIPICommonState to send_ipi_data()
In order to get LoongsonIPICommonClass in send_ipi_data()
in the next commit, propagate LoongsonIPICommonState.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-8-philmd@linaro.org>
Bibo Mao [Tue, 23 Jul 2024 09:55:41 +0000 (11:55 +0200)]
hw/intc/loongson_ipi: Move IPICore structure to loongson_ipi_common.h
Move the IPICore structure and corresponding common fields
of LoongsonIPICommonState to "hw/intc/loongson_ipi_common.h".
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-7-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 14:58:55 +0000 (16:58 +0200)]
hw/intc/loongson_ipi: Move IPICore::mmio_mem to LoongsonIPIState
It is easier to manage one array of MMIO MR rather
than one per vCPU.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-6-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 16:46:21 +0000 (18:46 +0200)]
hw/intc/loongson_ipi: Move common definitions to loongson_ipi_common.h
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-5-philmd@linaro.org>
Bibo Mao [Tue, 23 Jul 2024 09:25:53 +0000 (11:25 +0200)]
hw/intc/loongson_ipi: Add TYPE_LOONGSON_IPI_COMMON stub
Introduce LOONGSON_IPI_COMMON stubs, QDev parent of LOONGSON_IPI.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-4-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 14:57:36 +0000 (16:57 +0200)]
hw/intc/loongson_ipi: Extract loongson_ipi_common_realize()
In preparation to extract common IPI code in few commits,
extract loongson_ipi_common_realize().
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-3-philmd@linaro.org>
Bibo Mao [Mon, 15 Jul 2024 14:50:51 +0000 (16:50 +0200)]
hw/intc/loongson_ipi: Rename LoongsonIPI -> LoongsonIPIState
We'll have to add LoongsonIPIClass in few commits,
so rename LoongsonIPI as LoongsonIPIState for clarity.
Signed-off-by: Bibo Mao <maobibo@loongson.cn>
[PMD: Extracted from bigger commit, added commit description]
Co-Developed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Tested-by: Bibo Mao <maobibo@loongson.cn>
Acked-by: Song Gao <gaosong@loongson.cn>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Tested-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Message-Id: <
20240805180622.21001-2-philmd@linaro.org>
Richard Henderson [Tue, 6 Aug 2024 07:35:51 +0000 (17:35 +1000)]
Merge tag 'pull-riscv-to-apply-
20240806-2' of https://github.com/alistair23/qemu into staging
RISC-V PR for 9.1
* roms/opensbi: update to v1.5.1
* target/riscv: Add asserts for out-of-bound access
* Remove redundant insn length check for zama16b
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmaxwTwACgkQr3yVEwxT
# gBOpoQ/9EoGHvGZtd3Zio/51G+tiNok/H+LJGZxGOPl5xc12efhJk15nN/JwVCFp
# zETriTjQ8UUlx+/xvpoQhQbfNm+MtCSl+xyNcPsjAgE6le8MTn38zjroGhUI0JEB
# AuIp9FfwRx4z7nEpuzO8cYdl2Suw5Nh8gi/+0SSrX1vXLY44Ma7UZdM8BjvkGbZp
# TWSqetj236bMoBqSHIk4OddVFbAPlnCQZRo6fwslsjzV6y12PVQw/FgVKKmN7J9k
# qtBoGSuqwFgMnXgxvJXqFmOQYAipgLONRRBaQEj/sGf09UTR/MppMz8CKilAPAYy
# 9+UT0/5t+GUUpmbBN2ijWJEgYC9Ev4USIzfGe03XJSWA8uDEyTpJbnbGKDKotfrC
# /qmx2y4Lb4I/3AkJiKgHW32fNeTMURQvzs+ws8frwebWAmH8zwBVbj0EbbceH5M/
# SavAuDivbU4MLdSNKpp5yvB/pkREzCE7pwbjOr0skSLrCiT/S+t9tryt7p+iHxQl
# 1xhMbOYFPcbxq7mJvLurtkzn8fl4o1j93tBcq1BcBvRE5O3Odn5VJpje29BYPDpk
# AG82CEeUJ2N+ZVzcV/rYhJaz8WZ7ck+I/j9cK1UtMsp57zmm2awp+mMwyShpAmP3
# MPMHwROJrue9V3z4qdaimNfpaB0p9NCOl9A95J70A/59Q2vO32k=
# =bjWM
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 06 Aug 2024 04:22:52 PM AEST
# gpg: using RSA key
6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-
20240806-2' of https://github.com/alistair23/qemu:
roms/opensbi: Update to v1.5.1
target/riscv: Add asserts for out-of-bound access
target/riscv: Relax fld alignment requirement
target/riscv: Add MXLEN check for F/D/Q applies to zama16b
target/riscv: Remove redundant insn length check for zama16b
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Daniel Henrique Barboza [Sat, 3 Aug 2024 18:12:24 +0000 (15:12 -0300)]
roms/opensbi: Update to v1.5.1
A new minor version of OpenSBI was just released after our bump to
OpenSBI 1.5. It contains significant bug fixes that it's worth doing
a new update for QEMU 9.1.
Submodule roms/opensbi
455de672dd..
43cace6c36:
> lib: sbi: check result of pmp_get() in is_pmp_entry_mapped()
> lib: sbi: fwft: fix incorrect size passed to sbi_zalloc()
> lib: sbi: dbtr: fix potential NULL pointer dereferences
> include: Adjust Sscofpmf mhpmevent mask for upper 8 bits
> lib: sbi_hsm: Save/restore menvcfg only when it exists
Signed-off-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20240805120259.
1705016-2-dbarboza@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Atish Patra [Wed, 24 Jul 2024 08:31:36 +0000 (01:31 -0700)]
target/riscv: Add asserts for out-of-bound access
Coverity complained about the possible out-of-bounds access with
counter_virt/counter_virt_prev because these two arrays are
accessed with privilege mode. However, these two arrays are accessed
only when virt is enabled. Thus, the privilege mode can't be M mode.
Add the asserts anyways to detect any wrong usage of these arrays
in the future.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Atish Patra <atishp@rivosinc.com>
Fixes: Coverity CID 1558459
Fixes: Coverity CID 1558462
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-ID: <
20240724-fixes-v1-1-
4a64596b0d64@rivosinc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
LIU Zhiwei [Fri, 2 Aug 2024 07:24:17 +0000 (15:24 +0800)]
target/riscv: Relax fld alignment requirement
According to the risc-v specification:
"FLD and FSD are only guaranteed to execute atomically if the effective
address is naturally aligned and XLEN≥64."
We currently implement fld as MO_ATOM_IFALIGN when XLEN < 64, which does
not violate the rules. But it will hide some problems. So relax it to
MO_ATOM_NONE.
Signed-off-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240802072417.659-4-zhiwei_liu@linux.alibaba.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
LIU Zhiwei [Fri, 2 Aug 2024 07:24:16 +0000 (15:24 +0800)]
target/riscv: Add MXLEN check for F/D/Q applies to zama16b
Zama16b loads and stores of no more than MXLEN bits defined in the F, D, and Q
extensions.
Signed-off-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240802072417.659-3-zhiwei_liu@linux.alibaba.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
LIU Zhiwei [Fri, 2 Aug 2024 07:24:15 +0000 (15:24 +0800)]
target/riscv: Remove redundant insn length check for zama16b
Compressed encodings also applies to zama16b.
https://github.com/riscv/riscv-isa-manual/pull/1557
Suggested-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240802072417.659-2-zhiwei_liu@linux.alibaba.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Richard Henderson [Mon, 5 Aug 2024 22:02:34 +0000 (08:02 +1000)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* target/i386: SEV: fix incorrect property name
* target/i386: tcg: fix VSIB decode with XMM/YMM{4,12}
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmawwjoUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroO+kgf/SIOaF14Ozw6w33zddDiuK969ouNR
# 00hC17p0acVl3KwmbXBJp2CXtc4TcZwLEg6y2KrActEVg2CaFFjGx9wJUnTGOL/D
# 3Nhp3ipsExv+rFQuQvV9k/BeAVG0G9YoTZtQJVQvLPL/LYJ76h2JlVamjr9rsuKy
# hsVeHX6Xl6ad6mtM1hSFBonJzfGK08rKQPTnALfB0raFLmSHWleg9Xzs0r1YiuO2
# SsGVr0NF369pZA2U0Y/tcw0RIRIikXfVYTX5+o9H6RzEqbqaOh3j9upLYSWym6LN
# cedTxjNFJdxZReR/VE1kAys3s2pE8k+yiQIBGzfwo4fN6hukJZGCtwrVmw==
# =2tkB
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 05 Aug 2024 10:14:50 PM AEST
# gpg: using RSA key
F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
target/i386: Fix VSIB decode
target/i386: SEV: fix mismatch in vcek-disabled property name
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 5 Aug 2024 22:02:11 +0000 (08:02 +1000)]
Merge tag 'pull-qapi-2024-08-05' of https://repo.or.cz/qemu/armbru into staging
QAPI patches patches for 2024-08-05
# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmawhYUSHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZT5j4P/i9dh0Y8sS5qJqvEZzKWFlIkXWjYpUFW
# FThfHyz5J2MilabQUeTxF0yhM40pciGu9ULXqwhzKNAXoAZwfH4VhSkT1E01pwDE
# 9RRCOvtRHM5YDExMUn+8vfsHfpTBcfqB6EAO6eteIQ+2dMsDv2wtsrWLx3uXMjHn
# 5VfxdKPVmQndcnrQDEAm8WhUpS9qVyJz5SqXuZ2Ku14X+EWyUc5ZGFEawgN63iIG
# fDqP5AwsHBPXUGtldlrbubrvBJVgNzAMwL/vizZR04L/30q6V/3ThyqaOyVuKibQ
# r1B2hebow00+Ie2nZRz1awCapnpuefk1Ll6KMHI5MD4kfmZiXBDhPeh2RnnyCBaK
# RudigAFff2kho7Z814JSJccGKBczkniXiDRb+rOeTBbE+wWEAfrlhf7YFlwqqQv7
# 4ZfeMdv3B5bIq8RUTRUbzlf/BTx3Lao9koa/c6x/x42Gwhwc2Z8F9nuQLPfxPMC/
# MbL8+dDGNF0NiZdLUbSVATLNC5zXxkAVy2D1O8GjZfQSmHK6SeyJGEyUjrEY6AxA
# FiaJ4PduCAi+aieV7bpx0tkKVKs7hHkwbIDJcPw38GwAgXc0/tuLxAornTQ4il7y
# MIUysqtEoFryFzt7Uf510vG7URzFhHpJNsMAXeHErK53Fw1+VDpXQ7ImK56Huzy2
# lH6IAh+582Sq
# =D9S5
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 05 Aug 2024 05:55:49 PM AEST
# gpg: using RSA key
354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
* tag 'pull-qapi-2024-08-05' of https://repo.or.cz/qemu/armbru:
qmp: Fix higher half vaddrs for [p]memsave
qapi: Refill doc comments to conform to conventions
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 5 Aug 2024 00:31:24 +0000 (10:31 +1000)]
target/i386: Fix VSIB decode
With normal SIB, index == 4 indicates no index.
With VSIB, there is no exception for VR4/VR12.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2474
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Link: https://lore.kernel.org/r/20240805003130.1421051-3-richard.henderson@linaro.org
Cc: qemu-stable@nongnu.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Josh Junon [Fri, 2 Aug 2024 14:07:03 +0000 (16:07 +0200)]
qmp: Fix higher half vaddrs for [p]memsave
Fixes higher-half address parsing for QMP commands
`[p]memsave`.
Signed-off-by: Josh Junon <junon@oro.sh>
Message-ID: <
20240802140704.13591-1-junon@oro.sh>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Subject tweaked, and one PRId64 updated to PRIu64]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Markus Armbruster [Mon, 29 Jul 2024 06:52:20 +0000 (08:52 +0200)]
qapi: Refill doc comments to conform to conventions
Sweep the entire documentation again. Last done in commit
209e64d9edf (qapi: Refill doc comments to conform to current
conventions).
To check the generated documentation does not change, I compared the
generated HTML before and after this commit with "wdiff -3". Finds no
differences. Comparing with diff is not useful, as the reflown
paragraphs are visible there.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-ID: <
20240729065220.860163-1-armbru@redhat.com>
[Straightforward conflict with commit
442110bc6f3 resolved]
Richard Henderson [Mon, 5 Aug 2024 00:32:13 +0000 (10:32 +1000)]
Merge tag 'pull-misc-
20240805' of https://gitlab.com/rth7680/qemu into staging
linux-user/elfload: Fix pr_pid values in core files
util: Add qemu_close_all_open_fd
net/tap: Use qemu_close_all_open_fd
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmawHSsdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8mhQgAlNjO1eeeQmgJvKpk
# BwXx7NnXi9d8UZCA5EASK9SQVJC3eYIlMayX9byPmZZ6XJaOBRzgIzm612HkKLYn
# yIqmLb0UhUTT+VKW7Kob/wGslB/PJWSKQ3dvZFaaLMfB6L3BtpwUAFFU5hwkODU/
# TS4qici1W+eW7hInNSH5dgA68UGPcfDBEo4ITW91DbTSZRNz9RP4b2Ak+Wgv30Ux
# 2yEVsP6rBqBSxglbafcywWbYs5sX3EvSUJo4mVm8Ku4zriAf87Y9Da3irpZ4WYgi
# 02f+/GGAv9kiGbf9jPrQTD0O8tmp4Z6JMWxEOfMsCj+KCT2fHSSqcBHTU3RN0guB
# uaxx6w==
# =U5cs
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 05 Aug 2024 10:30:35 AM AEST
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-misc-
20240805' of https://gitlab.com/rth7680/qemu:
net/tap: Use qemu_close_all_open_fd()
qemu/osdep: Add excluded fd parameter to qemu_close_all_open_fd()
net/tap: Factorize fd closing after forking
qemu/osdep: Split qemu_close_all_open_fd() and add fallback
qemu/osdep: Move close_all_open_fds() to oslib-posix
linux-user/elfload: Fix pr_pid values in core files
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Clément Léger [Fri, 2 Aug 2024 14:54:21 +0000 (16:54 +0200)]
net/tap: Use qemu_close_all_open_fd()
Instead of using a slow implementation to close all open fd after
forking, use qemu_close_all_open_fd().
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240802145423.
3232974-6-cleger@rivosinc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Clément Léger [Fri, 2 Aug 2024 14:54:20 +0000 (16:54 +0200)]
qemu/osdep: Add excluded fd parameter to qemu_close_all_open_fd()
In order for this function to be usable by tap.c code, add a list of
file descriptors that should not be closed.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Message-ID: <
20240802145423.
3232974-5-cleger@rivosinc.com>
[rth: Use max_fd in qemu_close_all_open_fd_close_range]
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Clément Léger [Fri, 2 Aug 2024 14:54:19 +0000 (16:54 +0200)]
net/tap: Factorize fd closing after forking
The same code is used twice to actually close all open file descriptors
after forking. Factorize it in a single place.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240802145423.
3232974-4-cleger@rivosinc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Clément Léger [Fri, 2 Aug 2024 14:54:18 +0000 (16:54 +0200)]
qemu/osdep: Split qemu_close_all_open_fd() and add fallback
In order to make it cleaner, split qemu_close_all_open_fd() logic into
multiple subfunctions (close with close_range(), with /proc/self/fd and
fallback).
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240802145423.
3232974-3-cleger@rivosinc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Clément Léger [Fri, 2 Aug 2024 14:54:17 +0000 (16:54 +0200)]
qemu/osdep: Move close_all_open_fds() to oslib-posix
Move close_all_open_fds() in oslib-posix, rename it
qemu_close_all_open_fds() and export it.
Signed-off-by: Clément Léger <cleger@rivosinc.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240802145423.
3232974-2-cleger@rivosinc.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Ilya Leoshkevich [Thu, 1 Aug 2024 20:23:22 +0000 (22:23 +0200)]
linux-user/elfload: Fix pr_pid values in core files
Analyzing qemu-produced core dumps of multi-threaded apps runs into:
(gdb) info threads
[...]
21 Thread 0x3ff83cc0740 (LWP 9295) warning: Couldn't find general-purpose registers in core file.
<unavailable> in ?? ()
The reason is that all pr_pid values are the same, because the same
TaskState is used for all CPUs when generating NT_PRSTATUS notes.
Fix by using TaskStates associated with individual CPUs.
Cc: qemu-stable@nongnu.org
Fixes: 243c47066253 ("linux-user/elfload: Write corefile elf header in one block")
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240801202340.21845-1-iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Fri, 2 Aug 2024 21:26:26 +0000 (07:26 +1000)]
Merge tag 'migration-
20240802-pull-request' of https://gitlab.com/farosas/qemu into staging
Migration pull request
- Akihiko Odaki's fix for a memory leak on ppc migration
- Fabiano's fix for asserts during multifd error handling
# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmas698QHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxnQYFEACNaJderA8VNnyAKyAFD5hCWeZnpZj3UfvO
# l/3CLKBx2WPu+IAMQ+32b8Hpy5v1r4HRkicn0FId86dnbWflqAZJ0wilnPDrzbNG
# oJ9IgDCPobdNCI1JgGVGCddOwraKKRo6/7e7TE5ME3MPV4AZRHs0LGfYPVxGD/5L
# gbV1Zun9SvMk7u/SjE0j8ZG/L3N2rA23Ns/aNfN7KFRLWBccpJ6vKs0q9v6SQnMQ
# iAAypK3d0szCBiuD8iiawPgh6K6pwA7OZ+SmtyGanK2gfNvdJ9YZArbxM3yzqUmJ
# IAYvxXO/xy/cwdGELsjr0lrUFSH15PeQlSUKQ0WEVMv3/okd88jZv7xbyAZy2u5v
# QZXmvb4QMH3wJUZ2rGG+DuZoZIiTL20PPnujxO/kvbhmXjsp4TuDJbKkwW7nvP2Y
# ISuHCBsHcskScu0TSoZ0Fj3sSBXHV5Qw0jZiP37lgjf4eXgJzkadAUh3DCuUI62O
# lqtFxFpBODdKtYfSYR+ThZXhicZx9DOxJHJBU8bXbBi3iGpVZl9O8ywgGi8wpQzh
# cAJk9GbXp/77N94sexzTUHK9ttE00VQUvl8rad+HfZUsBE9E8MsW0zzUaZ8VAH3c
# wzjg1S08rS48c5Ju5PO8iY2Oi5apxdGy9SOyEdpxs+ZE37GbwjoY1Q7C2U+jj72E
# q4/z0NKuWw==
# =1iRF
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 03 Aug 2024 12:23:27 AM AEST
# gpg: using RSA key
AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg: issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg: aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3 64CF C798 DC74 1BEC 319D
* tag 'migration-
20240802-pull-request' of https://gitlab.com/farosas/qemu:
migration/multifd: Fix multifd_send_setup cleanup when channel creation fails
migration: Fix cleanup of iochannel in file migration
migration: Free removed SaveStateEntry
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Akihiko Odaki [Fri, 2 Aug 2024 08:37:52 +0000 (17:37 +0900)]
hvf: arm: Fix hvf_sysreg_read_cp() call
Changed val from uint64_t to a pointer to uint64_t in hvf_sysreg_read,
but didn't change its usage in hvf_sysreg_read_cp call.
Fixes: e9e640148c ("hvf: arm: Raise an exception for sysreg by default")
Reported-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240802-hvf-v1-1-
e2c0292037e5@daynix.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Fabiano Rosas [Thu, 1 Aug 2024 17:41:01 +0000 (14:41 -0300)]
migration/multifd: Fix multifd_send_setup cleanup when channel creation fails
When a channel fails to create, the code currently just returns. This
is wrong for two reasons:
1) Channel n+1 will not get to initialize it's semaphores, leading to
an assert when terminate_threads tries to post to it:
qemu-system-x86_64: ../util/qemu-thread-posix.c:92:
qemu_mutex_lock_impl: Assertion `mutex->initialized' failed.
2) (theoretical) If channel n-1 already started creation it will
defeat the purpose of the channels_created logic which is in place
to avoid migrate_fd_cleanup() to run while channels are still being
created.
This cannot really happen today because the current failure cases
for multifd_new_send_channel_create() are all synchronous,
resulting from qio_channel_file_new_path() getting a bad
filename. This would hit all channels equally.
But I don't want to set a trap for future people, so have all
channels try to create (even if failing), and only fail after the
channels_created semaphore has been posted.
While here, remove the error_report_err call. There's one already at
migrate_fd_cleanup later on.
Cc: qemu-stable@nongnu.org
Reported-by: Jim Fehlig <jfehlig@suse.com>
Fixes: b7b03eb614 ("migration/multifd: Add outgoing QIOChannelFile support")
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Fabiano Rosas [Thu, 1 Aug 2024 17:41:00 +0000 (14:41 -0300)]
migration: Fix cleanup of iochannel in file migration
The QIOChannelFile object already has its reference decremented by
g_autoptr. Trying to unref an extra time causes:
ERROR:../qom/object.c:1241:object_unref: assertion failed: (obj->ref > 0)
Fixes: a701c03dec ("migration: Drop reference to QIOChannel if file seeking fails")
Fixes: 6d3279655a ("migration: Fix file migration with fdset")
Reported-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
projects / qemu.git / log