Peter Maydell [Tue, 3 Sep 2024 16:22:16 +0000 (17:22 +0100)]
accel/tcg: Remove dead code from rr_cpu_thread_fn()
The main loop in rr_cpu_thread_fn() can never terminate, so the
code at the end of the function to clean up the RCU subsystem is
dead code. Replace it with g_assert_not_reached().
(This is different from the other cpu_thread_fn for e.g. MTTCG or
for the KVM accelerator -- those can exit, if the vCPU they
are responsible for is unplugged. But the RR cpu thread fn
handles all CPUs in the system in a round-robin way, so even
if one is unplugged it keeps looping.)
Resolves: Coverity CID
1547782
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id:
20240815143634.
3413679-1-peter.maydell@linaro.org
Peter Maydell [Tue, 3 Sep 2024 16:22:16 +0000 (17:22 +0100)]
target/arm: Enable FEAT_EBF16 in the "max" CPU
Now that we've implemented the required behaviour for FEAT_EBF16, we
can enable it for the "max" CPU type, list it in our documentation,
and delete a TODO comment about it being missing.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 3 Sep 2024 16:22:16 +0000 (17:22 +0100)]
target/arm: Implement FPCR.EBF=1 semantics for bfdotadd()
Implement the FPCR.EBF=1 semantics for bfdotadd() operations:
* is_ebf() sets up fpst and fpst_odd
* bfdotadd_ebf() implements the fused paired-multiply-and-add
operation that we need
The paired-multiply-and-add is similar to f16_dotadd() and
we use the same trick here as in that function, but the inputs
here are bfloat16 rather than float16.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 3 Sep 2024 16:22:15 +0000 (17:22 +0100)]
target/arm: Prepare bfdotadd() callers for FEAT_EBF support
We use bfdotadd() in four callsites for various helper functions. Currently
this all assumes that we have the FPCR.EBF=0 semantics. For FPCR.EBF=1
we will need to:
* call a different routine to bfdotadd() because we need to do a
fused multiply-add rather than separate multiply and add steps
* use a different float_status that honours the FPCR rounding mode
and denormal-flushing fields
* pass in an extra float_status that has been set up to perform
round-to-odd rounding
To prepare for this, refactor all the callsites so that instead of
for (...) {
x = bfdotadd(...);
}
they are:
float_status fpst, fpst_odd;
if (is_ebf(env, &fpst, &fpst_odd)) {
for (...) {
x = bfdotadd_ebf(..., &fpst, &fpst_odd);
}
} else {
for (...) {
x = bfdotadd(..., &fpst);
}
}
For the moment the is_ebf() function always returns false, sets up
fpst for EBF=0 semantics and never sets up fpst_odd; bfdotadd_ebf()
will assert if called. We'll fill in the handling for EBF=1 in the
next commit.
This change should be a zero-behaviour-change refactor.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 3 Sep 2024 16:22:15 +0000 (17:22 +0100)]
target/arm: Pass env pointer through to gvec_bfmmla helper
Pass the env pointer through to the gvec_bfmmla helper,
so we can use it to add support for FEAT_EBF16.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 3 Sep 2024 16:22:15 +0000 (17:22 +0100)]
target/arm: Pass env pointer through to gvec_bfdot_idx helper
Pass the env pointer through to the gvec_bfdot_idx helper,
so we can use it to add support for FEAT_EBF16.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 3 Sep 2024 16:22:14 +0000 (17:22 +0100)]
target/arm: Pass env pointer through to gvec_bfdot helper
Pass the env pointer through to the gvec_bfdot helper,
so we can use it to add support for FEAT_EBF16.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 3 Sep 2024 16:22:14 +0000 (17:22 +0100)]
target/arm: Pass env pointer through to sme_bfmopa helper
To implement the FEAT_EBF16 semantics, we are going to need
the CPUARMState env pointer in every helper function which calls
bfdotadd().
Pass the env pointer through from generated code to the sme_bfmopa
helper. (We'll add the code that uses it when we've adjusted
all the helpers to have access to the env pointer.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 3 Sep 2024 16:22:14 +0000 (17:22 +0100)]
target/arm: Allow setting the FPCR.EBF bit for FEAT_EBF16
FEAT_EBF16 adds one new bit to the FPCR floating point control
register. Allow this bit to be read and written when the ID
registers indicate the presence of the feature.
Note that because this new bit is not in FPSCR_FPCR_MASK the bit is
not visible in the AArch32 FPSCR, and FPSCR writes do not affect it.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Wed, 4 Sep 2024 12:20:17 +0000 (13:20 +0100)]
Merge tag 'hppa-v9.1-fixes-pull-request' of https://github.com/hdeller/qemu-hppa into staging
hppa target fixes
Two important patches for the hppa target which missed qemu-v9.1:
- One fix for random linux-user crashes
- One fix for random issues due to loosing the division V-bit
during delivery of hardware interrupts. This triggers all sorts
of random faults when running in system mode.
Helge
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZtgy9AAKCRD3ErUQojoP
# X068AQCDCwbzsoQpFX/6Kx2lm3UsW4wrESh/CYcP+epd+X59dAD+LxNwN0ol5Gvl
# kPzM+7QdKC7geIXvBxIG6UuggTscJgM=
# =9roy
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 04 Sep 2024 11:14:12 BST
# gpg: using EDDSA key
BCE9123E1AD29F07C049BBDEF712B510A23A0F5F
# gpg: Good signature from "Helge Deller <deller@gmx.de>" [unknown]
# gpg: aka "Helge Deller <deller@kernel.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603
# Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F
* tag 'hppa-v9.1-fixes-pull-request' of https://github.com/hdeller/qemu-hppa:
target/hppa: Fix random 32-bit linux-user crashes
target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for hppa64
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Helge Deller [Tue, 3 Sep 2024 16:21:28 +0000 (18:21 +0200)]
target/hppa: Fix random 32-bit linux-user crashes
The linux-user hppa target crashes randomly for me since commit
081a0ed188d8 ("target/hppa: Do not mask in copy_iaoq_entry").
That commit dropped the masking of the IAOQ addresses while copying them
from other registers and instead keeps them with all 64 bits up until
the full gva is formed with the help of hppa_form_gva_psw().
So, when running in linux-user mode on an emulated 64-bit CPU, we need
to mask to a 32-bit address space at the very end in hppa_form_gva_psw()
if the PSW-W flag isn't set (which is the case for linux-user on hppa).
Fixes: 081a0ed188d8 ("target/hppa: Do not mask in copy_iaoq_entry")
Cc: qemu-stable@nongnu.org # v9.1+
Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Helge Deller [Tue, 3 Sep 2024 15:22:10 +0000 (17:22 +0200)]
target/hppa: Fix PSW V-bit packaging in cpu_hppa_get for hppa64
While adding hppa64 support, the psw_v variable got extended from 32 to 64
bits. So, when packaging the PSW-V bit from the psw_v variable for interrupt
processing, check bit 31 instead the 63th (sign) bit.
This fixes a hard to find Linux kernel boot issue where the loss of the PSW-V
bit due to an ITLB interruption in the middle of a series of ds/addc
instructions (from the divU milicode library) generated the wrong division
result and thus triggered a Linux kernel crash.
Link: https://lore.kernel.org/lkml/718b8afe-222f-4b3a-96d3-93af0e4ceff1@roeck-us.net/
Reported-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Helge Deller <deller@gmx.de>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Fixes: 931adff31478 ("target/hppa: Update cpu_hppa_get/put_psw for hppa64")
Cc: qemu-stable@nongnu.org # v8.2+
Richard Henderson [Tue, 3 Sep 2024 16:18:43 +0000 (09:18 -0700)]
Open 9.2 development tree
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 3 Sep 2024 16:18:26 +0000 (09:18 -0700)]
Update version for v9.1.0 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 28 Aug 2024 12:28:42 +0000 (22:28 +1000)]
Update version for v9.1.0-rc4 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 27 Aug 2024 21:16:03 +0000 (07:16 +1000)]
Merge tag 'pull-qapi-2024-08-27' of https://repo.or.cz/qemu/armbru into staging
QAPI patches patches for 2024-08-27
# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmbNnv8SHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZTnfsP+gNO5z7mSHypAD/oGIfYD+HnBrpMK1bL
# WIOH9hLiHEZmMH978WBuKH0Ry8mhEoSNi0jQBB67IzGD4qItSYOSUEfsNBL/VpOG
# lfR8hIt/akdXshrAXB7zJ0D0phnXh93asUIjNpSQkItYxHkO+OphDBPU+anQy2oi
# 71F8z1GSb8DP6rGgcSA7UXq0WUUERdLMrDz8++UAO2hQq9tvQvfNdRh3kTHWZMIP
# urha0Qo6HEGsucQboLaBdJVDdJpkr+offr13CpOrNMFLxZWsnXnsJb3ym+svL4JV
# 8jLp+QAcfomwvaWpNMlFBlgXoHMDkl8T0qhhp598aGdloc6iv9lHipeQOmi541QD
# O/j6sEU4uQ6W3LjPodg/nfHhAyxJ/fI9dKbCVLcSLWHCXbc/yvV623EEWasJIFNE
# lRykAWcZlUvX7UwKfkmqPUutZu1IFhPhSYKOdvw8NZ/llqUOgHcPA50q6wGdkMWC
# wPlhkijo7VGOJf1XJqA9xWuUYikCoBg5mLituzyaCBYlkOv2QBLnj0Yogi2dv79L
# x/tn5/2vDW6tlerCfvF/q5piwXzkDp7KS3i1YRuxnWvbD+b8VAjb7y/7QETpVWXU
# 7fWDIWm5Op7c5KBcj5i/NbI8/guVnvBWsVWXtrJZU9E8vqivC7v93riFOUx3y/Qr
# oBnbTwGgdilh
# =GPSn
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 27 Aug 2024 07:40:15 PM AEST
# gpg: using RSA key
354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
* tag 'pull-qapi-2024-08-27' of https://repo.or.cz/qemu/armbru:
docs/sphinx: fix extra stuff in TOC after freeform QMP sections
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
John Snow [Thu, 22 Aug 2024 20:48:03 +0000 (16:48 -0400)]
docs/sphinx: fix extra stuff in TOC after freeform QMP sections
Freeform sections with titles are currently generating a TOC entry for
the first paragraph in the section after the header, which is not what
we want.
(Easiest to observe directly in the QMP reference manual's
"Introduction" section.)
When freeform sections are parsed, we create both a section header *and*
an empty, title-less section. This causes some problems with sphinx's
post-parse tree transforms, see also
2664f317 - this is a similar issue:
Sphinx doesn't like section-less titles and it also doesn't like
title-less sections.
Modify qapidoc.py to parse text directly into the preceding section
title as child nodes, eliminating the section duplication. This removes
the extra text from the TOC.
Only very, very lightly tested: "it looks right at a glance" :tm:. I am
still in the process of rewriting qapidoc, so I didn't give it much
deeper thought.
Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
Message-ID: <
20240822204803.
1649762-1-jsnow@redhat.com>
Richard Henderson [Mon, 26 Aug 2024 21:06:42 +0000 (07:06 +1000)]
Merge tag 'pull-nbd-2024-08-26' of https://repo.or.cz/qemu/ericb into staging
NBD patches for 2024-08-26
- One more patch for CVE-2024-7409 (use-after-free on nbd-server-stop)
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmbMh9MACgkQp6FrSiUn
# Q2ovfAf/TyHYtJUwSAQ3dgn4PlTym4FqN8CXa+EJQR9xSLJ5jAX3QgLBieUiIT31
# AFr9W6eqWNz4NksbeoHdwZVqUlkGJFsfiyTOK93k4/fYQdTbqSHPwo2FYlOXqdJB
# bZN10zEvd7YRMrxTjGyPxNFCm2iIMZy8uEerOrY9hV1PVULHg6u3Pu8a6El4BK8k
# k5S0SwluTkUkBLbqtEC6fHjdfFFr/dC8IB11Ly8FdxKHixIaUTVsZ20guNM0Q5Ca
# kU2em2PcroDq3B0x3linD3xh3pVmlHdb4H+9runmGPnpJj5wjPL35aDzlU7GCT3B
# kEGX5VzOJOJUXoHVyYrvJCD4I7YgMw==
# =ZDYx
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 26 Aug 2024 11:49:07 PM AEST
# gpg: using RSA key
71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
* tag 'pull-nbd-2024-08-26' of https://repo.or.cz/qemu/ericb:
nbd/server: CVE-2024-7409: Avoid use-after-free when closing server
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Eric Blake [Thu, 22 Aug 2024 14:35:29 +0000 (09:35 -0500)]
nbd/server: CVE-2024-7409: Avoid use-after-free when closing server
Commit
3e7ef738 plugged the use-after-free of the global nbd_server
object, but overlooked a use-after-free of nbd_server->listener.
Although this race is harder to hit, notice that our shutdown path
first drops the reference count of nbd_server->listener, then triggers
actions that can result in a pending client reaching the
nbd_blockdev_client_closed() callback, which in turn calls
qio_net_listener_set_client_func on a potentially stale object.
If we know we don't want any more clients to connect, and have already
told the listener socket to shut down, then we should not be trying to
update the listener socket's associated function.
Reproducer:
> #!/usr/bin/python3
>
> import os
> from threading import Thread
>
> def start_stop():
> while 1:
> os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-start",
+"arguments":{"addr":{"type":"unix","data":{"path":"/tmp/nbd-sock"}}}}\'')
> os.system('virsh qemu-monitor-command VM \'{"execute": "nbd-server-stop"}\'')
>
> def nbd_list():
> while 1:
> os.system('/path/to/build/qemu-nbd -L -k /tmp/nbd-sock')
>
> def test():
> sst = Thread(target=start_stop)
> sst.start()
> nlt = Thread(target=nbd_list)
> nlt.start()
>
> sst.join()
> nlt.join()
>
> test()
Fixes: CVE-2024-7409
Fixes: 3e7ef738c8 ("nbd/server: CVE-2024-7409: Close stray clients at server-stop")
CC: qemu-stable@nongnu.org
Reported-by: Andrey Drobyshev <andrey.drobyshev@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <
20240822143617.800419-2-eblake@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Richard Henderson [Mon, 26 Aug 2024 11:13:46 +0000 (21:13 +1000)]
Merge tag 'pull-request-2024-08-26' of https://gitlab.com/thuth/qemu into staging
* Disable the broken qtests in the MSYS2 CI job
* Replace deprecated keyword in the Cirrus-CI scripts
* Fix a simple leak in the migration-test qtest
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmbMTQ4RHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbWLcA//eRd0MWEZNsDO712KKf6PErd+zY9pI5Wg
# 0Vc74ggY1HkID2blsnqmPWgjlgsXoEC0HaDSfvKkF9F64Wmqv1EciYsTCVOqJFAw
# WPzUhdchLKSIgIDR/W8GFJgUZ7kaK5pk5PNZBJK5/3Febrd/TQK0hGcWHRqQoelY
# moNDuSs2T49wSk1ODbNAkMXJ1xl/nBp6+rCM6ao6dSyHc5wbwEMv954XciyA4Sfy
# 3lRwH33CED3wyNFxebqYBiEpF+UVGy1aK9TeSIgjQJ06lS458sm7flozZ+BQD3u9
# wRdtlPi/YTQKbzru0dsIDqzq//M3OfxAcnVZ6R8ThNN6vaj99PdgGCEuy/QWVCth
# MKy0CiqtF/RDTgA8I6JPlNOFhS0bq4jXzDbGfZwQJpU5ZyYlSZnWc1I87BV8TdzJ
# TNT+rej15NwcsYzr1N4o83FRfJz7snFJjV9fxU49SixNQbl+UKfcZMuwgqpa6NaH
# LqL7ocI3QL4TUFk1wqlzQZ9H8iIrCQQCE2Tu7PFgRsfGw7y38Csq101NL/6ABElN
# chMTjTHubmi6+VEy4E2t1jpXd1kjoZWTigCFyLet3zIgZQAlz9RELEyYGO9r5h3f
# T1KmkC10ANknd3DTNV3WH51WSlDonVHWycQUq1pvdr2HBLsVsekxIIWM8HZCK7aj
# 9abyOkdKcpE=
# =EjoS
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 26 Aug 2024 07:38:22 PM AEST
# gpg: using RSA key
27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
* tag 'pull-request-2024-08-26' of https://gitlab.com/thuth/qemu:
tests/qtest: Delete previous boot file
.gitlab-ci.d/windows.yml: Disable the qtests in the MSYS2 job
gitlab-ci: Replace build_script -> step_script in Cirrus jobs
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Akihiko Odaki [Fri, 23 Aug 2024 06:13:12 +0000 (15:13 +0900)]
tests/qtest: Delete previous boot file
A test run may create boot files several times. Delete the previous boot
file before creating a new one.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Message-ID: <
20240823-san-v4-7-
a24c6dfa4ceb@daynix.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Tue, 20 Aug 2024 17:01:42 +0000 (19:01 +0200)]
.gitlab-ci.d/windows.yml: Disable the qtests in the MSYS2 job
The qtests are broken since a while in the MSYS2 job in the gitlab-CI,
likely due to some changes in the MSYS2 environment. So far nobody has
neither a clue what's going wrong here, nor an idea how to fix this
(in fact most QEMU developers even don't have a Windows environment
available for properly analyzing this problem), so we should disable the
qtests here for the time being to get at least test coverage again
for the remaining tests that are run here.
Since we already get compile-test coverage for the system emulation
in the cross-win64-system job, and since the MSYS2 job is one of the
longest running jobs in our CI (it takes more than 1 hour to complete),
let's seize the opportunity and also cut the run time by disabling
the system emulation completely here, including the libraries that
are only useful for system emulation. In case somebody ever figures
out the failure of the qtests on MSYS2, we can revert this patch
to get everything back.
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240820170142.55324-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Philippe Mathieu-Daudé [Fri, 16 Aug 2024 21:32:03 +0000 (23:32 +0200)]
gitlab-ci: Replace build_script -> step_script in Cirrus jobs
Long due upgrade, see [1]:
In GitLab Runner 13.2 a translation for step_script to
build_script was added to the custom executor. In 14.0
the build_script stage will be replaced with step_script.
We are using GitLab 17 [2]!
This removes the following warning:
WARNING: Starting with version 17.0 the 'build_script'
stage will be replaced with 'step_script':
https://gitlab.com/groups/gitlab-org/-/epics/6112
[1] https://about.gitlab.com/releases/2021/05/22/gitlab-13-12-released/#remove-translation-from-stepscript-to-buildscript-in-custom-executor
[2] https://about.gitlab.com/releases/2024/05/16/gitlab-17-0-released/
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240816213203.18350-1-philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Richard Henderson [Fri, 23 Aug 2024 22:09:26 +0000 (08:09 +1000)]
Merge tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu into staging
trivial patches for 2024-08-23
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmbImVIACgkQcBtPaxpp
# PllP3wf/TaYAQs0HkQRQ62/2wqnfABpZYft/g6EhHveZ/04pJ/eNIIiVqqUg4DGs
# i8fENABRlRPoeK5HtGVhHYbOg6tzje7MR0qdSmWaKb2R5pPqkLHZ6NTtQlINLpOb
# O8Nh1c5/qDW/pDPCWVLkEMTqKhtGfINr0pHSlTfOr0W9FrU1I6srvr6AZtrTORlL
# 5b79j5IZGQSj5zR3ViuKyEPdA5NRSeTOewg8WCKGSxZGk4OlVPevrEAGOyQReOuN
# HTfNi8KQH/pPzl6+f+THkgKmYYfUAlPvzkJDndV9vcPFLPI8ZncZ1o1Kmog6UERc
# s5J2vTcir/ReEukApRRsZkKHLAoYdQ==
# =Srl8
# -----END PGP SIGNATURE-----
# gpg: Signature made Sat 24 Aug 2024 12:14:42 AM AEST
# gpg: using RSA key
7B73BAD68BE7A2C289314B22701B4F6B1A693E59
# gpg: Good signature from "Michael Tokarev <mjt@tls.msk.ru>" [full]
# gpg: aka "Michael Tokarev <mjt@debian.org>" [full]
# gpg: aka "Michael Tokarev <mjt@corpit.ru>" [full]
* tag 'pull-trivial-patches' of https://gitlab.com/mjt0k/qemu:
hw/display/vhost-user-gpu.c: fix vhost_user_gpu_chr_read()
system/vl.c: Print machine name, not "(null)", for unknown machine types
hw/x86: add a couple of comments explaining how the kernel image is parsed
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Haoran Zhang [Thu, 22 Aug 2024 03:07:58 +0000 (11:07 +0800)]
hw/display/vhost-user-gpu.c: fix vhost_user_gpu_chr_read()
fix vhost_user_gpu_chr_read() where `size` was incorrectly passed to `msg->flags`.
Fixes: 267f664658 ("hw/display: add vhost-user-vga & gpu-pci")
Signed-off-by: Haoran Zhang <wh1sper@zju.edu.cn>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Peter Maydell [Thu, 22 Aug 2024 12:23:10 +0000 (13:23 +0100)]
system/vl.c: Print machine name, not "(null)", for unknown machine types
In commit
412d294ffdc we tried to improve the error message printed when
the machine type is unknown, but we used the wrong variable, resulting in:
$ ./build/x86/qemu-system-aarch64 -M bang
qemu-system-aarch64: unsupported machine type: "(null)"
Use -machine help to list supported machines
Use the right variable, so we produce more helpful output:
$ ./build/x86/qemu-system-aarch64 -M bang
qemu-system-aarch64: unsupported machine type: "bang"
Use -machine help to list supported machines
Note that we must move the qdict_del() to below the error_setg(),
because machine_type points into the value of that qdict entry,
and deleting it will make the pointer invalid.
Cc: qemu-stable@nongnu.org
Fixes: 412d294ffdc ("vl.c: select_machine(): add selected machine type to error message")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Ani Sinha [Fri, 19 Jul 2024 13:49:37 +0000 (19:19 +0530)]
hw/x86: add a couple of comments explaining how the kernel image is parsed
Cosmetic: add comments in x86_load_linux() pointing to the kernel documentation
so that users can better understand the code.
CC: qemu-trivial@nongnu.org
Signed-off-by: Ani Sinha <anisinha@redhat.com>
Reviewed-by: Zhao Liu <zhao1.liu@intel.com>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Richard Henderson [Thu, 22 Aug 2024 05:07:32 +0000 (15:07 +1000)]
Update version for v9.1.0-rc3 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 21 Aug 2024 05:09:00 +0000 (15:09 +1000)]
Merge tag 'pull-loongarch-
20240821' of https://gitlab.com/gaosong/qemu into staging
Fix for 9.1
# -----BEGIN PGP SIGNATURE-----
#
# iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZsVYjgAKCRBAov/yOSY+
# 306ZA/9/DFdJB5WbVtv8ZNaRKT2jj6N9o5YlLbO1HsdMGpJbDWNJAIrOIdfBCYzF
# oEvjuYItBI9DXcSUE748ucBkct/x4WkBwfL5mxfTRXOhvx3iKFeC2ZKyKPtsciRO
# QE4UDmrFbQ9IrW33Vw0+CRMlN/U8xBO7lPDfbk2MA7fM74ns8A==
# =EbRt
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Aug 2024 01:01:34 PM AEST
# gpg: using RSA key
B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF
# gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF
* tag 'pull-loongarch-
20240821' of https://gitlab.com/gaosong/qemu:
hw/loongarch: Fix length for lowram in ACPI SRAT
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Jiaxun Yang [Tue, 20 Aug 2024 18:42:33 +0000 (19:42 +0100)]
hw/loongarch: Fix length for lowram in ACPI SRAT
The size of lowram should be "gap" instead of the whole node.
This is failing kernel's sanity check:
[ 0.000000] ACPI: SRAT: Node 0 PXM 0 [mem 0x00000000-0xffffffff]
[ 0.000000] ACPI: SRAT: Node 0 PXM 0 [mem 0x80000000-0x16fffffff]
[ 0.000000] ACPI: SRAT: Node 1 PXM 1 [mem 0x170000000-0x26fffffff]
[ 0.000000] Warning: node 0 [mem 0x00000000-0xffffffff] overlaps with itself [mem 0x80000000-0x16fffffff]
Fixes: fc100011f38d ("hw/loongarch: Refine acpi srat table for numa memory")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Signed-off-by: Song Gao <gaosong@loongson.cn>
Richard Henderson [Wed, 21 Aug 2024 02:26:24 +0000 (12:26 +1000)]
Merge tag 'pull-misc-
20240821' of https://gitlab.com/rth7680/qemu into staging
target/i386: Fix carry flag for BLSI
target/i386: Fix tss access size in switch_tss_ra
linux-user: Handle short reads in mmap_h_gt_g
bsd-user: Handle short reads in mmap_h_gt_g
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmbFTzUdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/9+Qf9GiXgmZU51Rk9LaNz
# zlaUPIJy/ER+lCpkaeIqMzJ3EysuWa5tZFOrg21rqmfMr19AIuPSRmCFXuwkF6s+
# DnCiToloM/EvczmVQALE/KhOOm0dwvoAwSFBFTCPfg/IKjb9OcOWHGJVSgFV/1u6
# vrTqUc6xny6QhMjTuVWziE/VAH0V9wRjToii2qN9k/5e2oF1hzDGjHx7T9d//4j5
# hbRyzH0luexvob7JCpxHDELlarkoyR5a7cJQHTj0VTfmR5g6yEMLn+z7ocBcUF09
# pJzcRu2BHUYjzQgV6wqdj5aw8N26c+e8pm1XIA8S1CwBnLRnkuuCKKD7I0tdYvFA
# VgDntQ==
# =XyeR
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Aug 2024 12:21:41 PM AEST
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-misc-
20240821' of https://gitlab.com/rth7680/qemu:
target/i386: Fix tss access size in switch_tss_ra
target/i386: Fix carry flag for BLSI
target/i386: Split out gen_prepare_val_nz
bsd-user: Handle short reads in mmap_h_gt_g
linux-user: Handle short reads in mmap_h_gt_g
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Mon, 19 Aug 2024 07:39:55 +0000 (17:39 +1000)]
target/i386: Fix tss access size in switch_tss_ra
The two limit_max variables represent size - 1, just like the
encoding in the GDT, thus the 'old' access was off by one.
Access the minimal size of the new tss: the complete tss contains
the iopb, which may be a larger block than the access api expects,
and irrelevant because the iopb is not accessed during the
switch itself.
Fixes: 8b131065080a ("target/i386/tcg: use X86Access for TSS access")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2511
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240819074052.207783-1-richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Richard Henderson [Thu, 1 Aug 2024 07:57:45 +0000 (17:57 +1000)]
target/i386: Fix carry flag for BLSI
BLSI has inverted semantics for C as compared to the other two
BMI1 instructions, BLSMSK and BLSR. Introduce CC_OP_BLSI* for
this purpose.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2175
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20240801075845.573075-3-richard.henderson@linaro.org>
Richard Henderson [Thu, 1 Aug 2024 07:42:36 +0000 (17:42 +1000)]
target/i386: Split out gen_prepare_val_nz
Split out the TCG_COND_TSTEQ logic from gen_prepare_eflags_z,
and use it for CC_OP_BMILG* as well. Prepare for requiring
both zero and non-zero senses.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240801075845.573075-2-richard.henderson@linaro.org>
Richard Henderson [Mon, 19 Aug 2024 23:41:34 +0000 (09:41 +1000)]
bsd-user: Handle short reads in mmap_h_gt_g
In particular, if an image has a large bss, we can hit EOF before reading
all bytes of the mapping. Mirror the similar change to linux-user.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <
20240820050848.165253-3-richard.henderson@linaro.org>
Richard Henderson [Thu, 15 Aug 2024 21:13:31 +0000 (07:13 +1000)]
linux-user: Handle short reads in mmap_h_gt_g
In particular, if an image has a large bss, we can hit
EOF before reading all host_len bytes of the mapping.
Create a helper, mmap_pread to handle the job for both
the larger block in mmap_h_gt_g itself, as well as the
smaller block in mmap_frag.
Cc: qemu-stable@nongnu.org
Fixes: eb5027ac618 ("linux-user: Split out mmap_h_gt_g")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2504
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240820050848.165253-2-richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Richard Henderson [Tue, 20 Aug 2024 22:46:45 +0000 (08:46 +1000)]
Merge tag 'migration-
20240820-pull-request' of https://gitlab.com/farosas/qemu into staging
Migration pull request
- Peter's fix for a leak in multifd recv side
# -----BEGIN PGP SIGNATURE-----
#
# iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmbEzJcQHGZhcm9zYXNA
# c3VzZS5kZQAKCRDHmNx0G+wxnVc4D/9WJ5AhBxgyYvjRD/X3rKryL1oz7C5/WI8i
# M4Q0Mo+JFeuFjSGvAOrOU8qbI2SdOyFFpvBItmvRgyfFePaFVJrsuD4trHj7s2a+
# 6QwXAR7z5emhUFOneb7AaFDDruKGJ/dRsLK6C5ukJQm162l8vqc+YExmx/snQwFY
# M0KusPfdv/M2JjFiN+XCJM7Yrqosajju+Kyc3KwLzXCEyXGmKBN5O+DzxGU5iXG8
# CqrSllJpjiQyTp297LLjKZCDpIk+U/BlA3XXhF7kuCAFjCB1NORuHVn47Ka9EuwV
# iffEYw9i7ZiJXF9XdKrXRE5tj92tl+RIcgF6LLILdIuvfUa5IZ624ZjHxvQTNSEi
# dwWI1RSX/XbXYloz4hJ/3rdxtkS+2IzjP5bN8q+x3XkT37Qb7dm76ePwCLxxZ/nq
# 45DSQlgtZGsB+eH5Ac8v/5hLkxqKVg1zFa7W/J445Ckwv4GQyLCKP6hJInrkjYPJ
# qBKTj1Q+cmWfoUpYiVA90eUHHnQqkOehvYutFo4GZ3/vsQOJ7QNIJChBnsDaKwXF
# 9soKEbQhgj3YuBrZd8CsSR6ugPw6u111Y3Kw5ZssfbOf2703/R1GmB1YZBBUvyNm
# KEjLeOz2/IBUvNVTqO7OXfHbayjzA26Gi0T/roOmdOItg/GQ4T8/FhPOfVoKuCOr
# 6BCeefzxoQ==
# =CPa0
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 21 Aug 2024 03:04:23 AM AEST
# gpg: using RSA key
AA1B48B0A22326A5A4C364CFC798DC741BEC319D
# gpg: issuer "farosas@suse.de"
# gpg: Good signature from "Fabiano Rosas <farosas@suse.de>" [unknown]
# gpg: aka "Fabiano Almeida Rosas <fabiano.rosas@suse.com>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3 64CF C798 DC74 1BEC 319D
* tag 'migration-
20240820-pull-request' of https://gitlab.com/farosas/qemu:
migration/multifd: Free MultiFDRecvParams::data
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Tue, 20 Aug 2024 14:44:29 +0000 (15:44 +0100)]
migration/multifd: Free MultiFDRecvParams::data
In multifd_recv_setup() we allocate (among other things)
* a MultiFDRecvData struct to multifd_recv_state::data
* a MultiFDRecvData struct to each multfd_recv_state->params[i].data
(Then during execution we might swap these pointers around.)
But in multifd_recv_cleanup() we free multifd_recv_state->data
in multifd_recv_cleanup_state() but we don't ever free the
multifd_recv_state->params[i].data. This results in a memory
leak reported by LeakSanitizer:
(cd build/asan && \
ASAN_OPTIONS="fast_unwind_on_malloc=0:strip_path_prefix=/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../" \
QTEST_QEMU_BINARY=./qemu-system-x86_64 \
./tests/qtest/migration-test --tap -k -p /x86_64/migration/multifd/file/mapped-ram )
[...]
Direct leak of 72 byte(s) in 3 object(s) allocated from:
#0 0x561cc0afcfd8 in __interceptor_calloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x218efd8) (BuildId:
be72e086d4e47b172b0a72779972213fd9916466)
#1 0x7f89d37acc50 in g_malloc0 debian/build/deb/../../../glib/gmem.c:161:13
#2 0x561cc1e9c83c in multifd_recv_setup migration/multifd.c:1606:19
#3 0x561cc1e68618 in migration_ioc_process_incoming migration/migration.c:972:9
#4 0x561cc1e3ac59 in migration_channel_process_incoming migration/channel.c:45:9
#5 0x561cc1e4fa0b in file_accept_incoming_migration migration/file.c:132:5
#6 0x561cc30f2c0c in qio_channel_fd_source_dispatch io/channel-watch.c:84:12
#7 0x7f89d37a3c43 in g_main_dispatch debian/build/deb/../../../glib/gmain.c:3419:28
#8 0x7f89d37a3c43 in g_main_context_dispatch debian/build/deb/../../../glib/gmain.c:4137:7
#9 0x561cc3b21659 in glib_pollfds_poll util/main-loop.c:287:9
#10 0x561cc3b1ff93 in os_host_main_loop_wait util/main-loop.c:310:5
#11 0x561cc3b1fb5c in main_loop_wait util/main-loop.c:589:11
#12 0x561cc1da2917 in qemu_main_loop system/runstate.c:801:9
#13 0x561cc3796c1c in qemu_default_main system/main.c:37:14
#14 0x561cc3796c67 in main system/main.c:48:12
#15 0x7f89d163bd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#16 0x7f89d163be3f in __libc_start_main csu/../csu/libc-start.c:392:3
#17 0x561cc0a79fa4 in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x210bfa4) (BuildId:
be72e086d4e47b172b0a72779972213fd9916466)
Direct leak of 24 byte(s) in 1 object(s) allocated from:
#0 0x561cc0afcfd8 in __interceptor_calloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x218efd8) (BuildId:
be72e086d4e47b172b0a72779972213fd9916466)
#1 0x7f89d37acc50 in g_malloc0 debian/build/deb/../../../glib/gmem.c:161:13
#2 0x561cc1e9bed9 in multifd_recv_setup migration/multifd.c:1588:32
#3 0x561cc1e68618 in migration_ioc_process_incoming migration/migration.c:972:9
#4 0x561cc1e3ac59 in migration_channel_process_incoming migration/channel.c:45:9
#5 0x561cc1e4fa0b in file_accept_incoming_migration migration/file.c:132:5
#6 0x561cc30f2c0c in qio_channel_fd_source_dispatch io/channel-watch.c:84:12
#7 0x7f89d37a3c43 in g_main_dispatch debian/build/deb/../../../glib/gmain.c:3419:28
#8 0x7f89d37a3c43 in g_main_context_dispatch debian/build/deb/../../../glib/gmain.c:4137:7
#9 0x561cc3b21659 in glib_pollfds_poll util/main-loop.c:287:9
#10 0x561cc3b1ff93 in os_host_main_loop_wait util/main-loop.c:310:5
#11 0x561cc3b1fb5c in main_loop_wait util/main-loop.c:589:11
#12 0x561cc1da2917 in qemu_main_loop system/runstate.c:801:9
#13 0x561cc3796c1c in qemu_default_main system/main.c:37:14
#14 0x561cc3796c67 in main system/main.c:48:12
#15 0x7f89d163bd8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#16 0x7f89d163be3f in __libc_start_main csu/../csu/libc-start.c:392:3
#17 0x561cc0a79fa4 in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x210bfa4) (BuildId:
be72e086d4e47b172b0a72779972213fd9916466)
SUMMARY: AddressSanitizer: 96 byte(s) leaked in 4 allocation(s).
Free the params[i].data too.
Cc: qemu-stable@nongnu.org
Fixes: d117ed0699d41 ("migration/multifd: Allow receiving pages without packets")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Richard Henderson [Tue, 20 Aug 2024 11:29:52 +0000 (21:29 +1000)]
Merge tag 'for_upstream' of https://git./virt/kvm/mst/qemu into staging
virtio: regression fixes
3 small patches to make sure we don't ship regressions.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmbEdw8PHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRp0dsIAKTzhmBR3IviFQVo223RgcDfthxoKejTB5tv
# EhGVUi4ddrViIIHsKFZ0pTHXnRcwHpPRokg6GrbqNhrAM6K7ptP8pkEK1DDkbGtq
# HaeceK55nNZ/wM1O5xHpRLVc2WtxmBrliDTFHGB2HjURO/kpjoHqWbE6Sn4GILc1
# EYU2T3Wn1UFgj+H4L7yF4SzmQSmyzq+7Tml6Z2GzpsatdwCoFQz2nA28piCnRMCq
# lusMo2YdE6js9JS/h+zMqgKValuCyuU7S7ZbSO2dvYQwt/hgk07BegBrdsAENNh6
# 0IWRHrojwAg+4U6ULzbrBG6/hW2A8Q5065D8Nf9Bjy4eAU7QSbU=
# =K6xx
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Aug 2024 08:59:27 PM AEST
# gpg: using RSA key
5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
virtio-pci: Fix the use of an uninitialized irqfd
hw/audio/virtio-snd: fix invalid param check
vhost: Add VIRTIO_NET_F_RSC_EXT to vhost feature bits
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Cindy Lu [Tue, 6 Aug 2024 09:37:12 +0000 (17:37 +0800)]
virtio-pci: Fix the use of an uninitialized irqfd
The crash was reported in MAC OS and NixOS, here is the link for this bug
https://gitlab.com/qemu-project/qemu/-/issues/2334
https://gitlab.com/qemu-project/qemu/-/issues/2321
In this bug, they are using the virtio_input device. The guest notifier was
not supported for this device, The function virtio_pci_set_guest_notifiers()
was not called, and the vector_irqfd was not initialized.
So the fix is adding the check for vector_irqfd in virtio_pci_get_notifier()
The function virtio_pci_get_notifier() can be used in various devices.
It could also be called when VIRTIO_CONFIG_S_DRIVER_OK is not set. In this situation,
the vector_irqfd being NULL is acceptable. We can allow the device continue to boot
If the vector_irqfd still hasn't been initialized after VIRTIO_CONFIG_S_DRIVER_OK
is set, it means that the function set_guest_notifiers was not called before the
driver started. This indicates that the device is not using the notifier.
At this point, we will let the check fail.
This fix is verified in vyatta,MacOS,NixOS,fedora system.
The bt tree for this bug is:
Thread 6 "CPU 0/KVM" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7c817be006c0 (LWP
1269146)]
kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
817 if (irqfd->users == 0) {
(gdb) thread apply all bt
...
Thread 6 (Thread 0x7c817be006c0 (LWP
1269146) "CPU 0/KVM"):
0 kvm_virtio_pci_vq_vector_use () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:817
1 kvm_virtio_pci_vector_use_one () at ../qemu-9.0.0/hw/virtio/virtio-pci.c:893
2 0x00005983657045e2 in memory_region_write_accessor () at ../qemu-9.0.0/system/memory.c:497
3 0x0000598365704ba6 in access_with_adjusted_size () at ../qemu-9.0.0/system/memory.c:573
4 0x0000598365705059 in memory_region_dispatch_write () at ../qemu-9.0.0/system/memory.c:1528
5 0x00005983659b8e1f in flatview_write_continue_step.isra.0 () at ../qemu-9.0.0/system/physmem.c:2713
6 0x000059836570ba7d in flatview_write_continue () at ../qemu-9.0.0/system/physmem.c:2743
7 flatview_write () at ../qemu-9.0.0/system/physmem.c:2774
8 0x000059836570bb76 in address_space_write () at ../qemu-9.0.0/system/physmem.c:2894
9 0x0000598365763afe in address_space_rw () at ../qemu-9.0.0/system/physmem.c:2904
10 kvm_cpu_exec () at ../qemu-9.0.0/accel/kvm/kvm-all.c:2917
11 0x000059836576656e in kvm_vcpu_thread_fn () at ../qemu-9.0.0/accel/kvm/kvm-accel-ops.c:50
12 0x0000598365926ca8 in qemu_thread_start () at ../qemu-9.0.0/util/qemu-thread-posix.c:541
13 0x00007c8185bcd1cf in ??? () at /usr/lib/libc.so.6
14 0x00007c8185c4e504 in clone () at /usr/lib/libc.so.6
Fixes: 2ce6cff94d ("virtio-pci: fix use of a released vector")
Cc: qemu-stable@nongnu.org
Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <
20240806093715.65105-1-lulu@redhat.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Volker Rümelin [Fri, 2 Aug 2024 07:18:05 +0000 (09:18 +0200)]
hw/audio/virtio-snd: fix invalid param check
Commit
9b6083465f ("virtio-snd: check for invalid param shift
operands") tries to prevent invalid parameters specified by the
guest. However, the code is not correct.
Change the code so that the parameters format and rate, which are
a bit numbers, are compared with the bit size of the data type.
Fixes: 9b6083465f ("virtio-snd: check for invalid param shift operands")
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <
20240802071805.7123-1-vr_qemu@t-online.de>
Reviewed-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Akihiko Odaki [Fri, 2 Aug 2024 05:38:19 +0000 (14:38 +0900)]
vhost: Add VIRTIO_NET_F_RSC_EXT to vhost feature bits
VIRTIO_NET_F_RSC_EXT is implemented in the rx data path, which vhost
implements, so vhost needs to support the feature if it is ever to be
enabled with vhost. The feature must be disabled otherwise.
Fixes: 2974e916df87 ("virtio-net: support RSC v4/v6 tcp traffic for Windows HCK")
Reported-by: Jason Wang <jasowang@redhat.com>
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-Id: <
20240802-rsc-v1-1-
2b607bd2f555@daynix.com>
Acked-by: Jason Wang <jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Richard Henderson [Tue, 20 Aug 2024 06:51:15 +0000 (16:51 +1000)]
Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu into staging
hw/nvme late fix
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmbEHsUACgkQTeGvMW1P
# DenlQgf/dzz4B5pzdD0HsjNVNulxygAJEnYitiF/50LRj564hQDoisNYPvHeKMA7
# wfk8jSSimTM6YkETksiR2DvnXlZ3wXn/HAhqE15GSW8vtRK2/RO9vNn51gyoFvl3
# z/Wm8ahoFaNpygQQkQMIJ9QHVD3GheZH4OxMhqI1523+s7dGcUNetoZiyoBAdJ6m
# 7KOa/zUTPBmvpKMOEa25Ss+nZIPp9eFuCwQxhToV0gEuJFHolRZYv7GA4UjnodvJ
# HrBrbsB8W4vh65FmC7WLAG9XFvNMgC0h8qtzWyKhNcxf478E7FckLvnAzSZExitj
# fJzrSJV0bJHlQEM2q0yHYpL0urh5XA==
# =ZeRF
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Aug 2024 02:42:45 PM AEST
# gpg: using RSA key
522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg: aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838
# Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9
* tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu:
hw/nvme: fix leak of uninitialized memory in io_mgmt_recv
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Klaus Jensen [Tue, 20 Aug 2024 04:16:48 +0000 (06:16 +0200)]
hw/nvme: fix leak of uninitialized memory in io_mgmt_recv
Yutaro Shimizu from the Cyber Defense Institute discovered a bug in the
NVMe emulation that leaks contents of an uninitialized heap buffer if
subsystem and FDP emulation are enabled.
Cc: qemu-stable@nongnu.org
Reported-by: Yutaro Shimizu <shimizu@cyberdefense.jp>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Richard Henderson [Mon, 19 Aug 2024 23:17:41 +0000 (09:17 +1000)]
Merge tag 'hw-misc-
20240820' of https://github.com/philmd/qemu into staging
Various fixes
- Null pointer dereference in IPI IOCSR (Jiaxun)
- Correct '-smbios type=4' in man page (Heinrich)
- Use correct MMU index in MIPS get_pte (Phil)
- Reset MPQEMU remote message using device_cold_reset (Peter)
- Update linux-user MIPS CPU list (Phil)
- Do not let exec_command read console if no pattern to wait for (Nick)
- Remove shadowed declaration warning (Pierrick)
- Restrict STQF opcode to SPARC V9 (Richard)
- Add missing Kconfig dependency for POWERNV ISA serial port (Bernhard)
- Do not allow vmport device without i8042 PS/2 controller (Kamil)
- Fix QCryptoTLSCredsPSK leak (Peter)
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmbDzAsACgkQ4+MsLN6t
# wN7SvBAAwM0Frtg4ZKDZQu8XgMjLq1xVoSWjC3YJZKTpyGap5gO+7StvHg0sf9iB
# YyGqocCO+qdj9a7pTSasfGDyufpwoIZkOqkwGUWKBos76cOcHWt4e/gkl9O65Lf1
# VVKX4/xdY+a5w2eVAAdWWrYdaPWkKLm0ZZXKoeSIvN4R9A41j7J4kANhE2SweczF
# NnTt2gBnSlpRzghlVWPJKhnq+aYbvLeR7ApdNGUJDpSI1ZTh9gH1GtZFwBN7aeDo
# PvDucoui0EmuyHTVdOYOH3zihTfzKlNZECcT3Y6/6i8y5p7jLHyINHHexsKw6T56
# i5RidJMPTfM0EO6LU1GvUN5FzZy24zXOf298Fe/GMYczQsOznQd4+aFHYPb3d4hZ
# 8Vc1wB1s8XF5WGj+7bchBAUdynUnbwUqfMOb2pMXLIm21pSDnOTVgmYMnp1Kt4AA
# 9WbHiS6tUJf/HjQsep8BBNGUiVSsUPDNNhL8QN43u2C0NgNRPgtRuIV+ytgVXS1G
# 2t1QiRX0lX4ACHmw88agUCU3OhorumuDOpoitQK5jn2VutT7TqbGgibkQMFSgn9E
# Xwrmtlf7nYU9MVgXYJjH2bBh7wbOmQCqbHniEj0targkxccAMJoswG4vtKsP9zkd
# tBs6qMiZ8qSj5eoq8JBRF8bF4tONmboPZjRlboACJ0kTD5wCElA=
# =lPMG
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 20 Aug 2024 08:49:47 AM AEST
# gpg: using RSA key
FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
* tag 'hw-misc-
20240820' of https://github.com/philmd/qemu:
crypto/tlscredspsk: Free username on finalize
hw/i386/pc: Ensure vmport prerequisites are fulfilled
hw/i386/pc: Unify vmport=auto handling
hw/ppc/Kconfig: Add missing SERIAL_ISA dependency to POWERNV machine
target/sparc: Restrict STQF to sparcv9
contrib/plugins/execlog: Fix shadowed declaration warning
tests/avocado: Mark ppc_hv_tests.py as non-flaky after fixed console interaction
tests/avocado: exec_command should not consume console output
linux-user/mips: Select Loongson CPU for Loongson binaries
linux-user/mips: Select MIPS64R2-generic for Rel2 binaries
linux-user/mips: Select Octeon68XX CPU for Octeon binaries
linux-user/mips: Do not try to use removed R5900 CPU
hw/remote/message.c: Don't directly invoke DeviceClass:reset
hw/dma/xilinx_axidma: Use semicolon at end of statement, not comma
target/mips: Load PTE as DATA
target/mips: Use correct MMU index in get_pte()
target/mips: Pass page table entry size as MemOp to get_pte()
qemu-options.hx: correct formatting -smbios type=4
hw/mips/loongson3_virt: Fix condition of IPI IOCSR connection
hw/mips/loongson3_virt: Store core_iocsr into LoongsonMachineState
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Mon, 19 Aug 2024 14:50:21 +0000 (15:50 +0100)]
crypto/tlscredspsk: Free username on finalize
When the creds->username property is set we allocate memory
for it in qcrypto_tls_creds_psk_prop_set_username(), but
we never free this when the QCryptoTLSCredsPSK is destroyed.
Free the memory in finalize.
This fixes a LeakSanitizer complaint in migration-test:
$ (cd build/asan; ASAN_OPTIONS="fast_unwind_on_malloc=0" QTEST_QEMU_BINARY=./qemu-system-x86_64 ./tests/qtest/migration-test --tap -k -p /x86_64/migration/precopy/unix/tls/psk)
=================================================================
==
3867512==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 5 byte(s) in 1 object(s) allocated from:
#0 0x5624e5c99dee in malloc (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x218edee) (BuildId:
a9e623fa1009a9435c0142c037cd7b8c1ad04ce3)
#1 0x7fb199ae9738 in g_malloc debian/build/deb/../../../glib/gmem.c:128:13
#2 0x7fb199afe583 in g_strdup debian/build/deb/../../../glib/gstrfuncs.c:361:17
#3 0x5624e82ea919 in qcrypto_tls_creds_psk_prop_set_username /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../crypto/tlscredspsk.c:255:23
#4 0x5624e812c6b5 in property_set_str /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:2277:5
#5 0x5624e8125ce5 in object_property_set /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object.c:1463:5
#6 0x5624e8136e7c in object_set_properties_from_qdict /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:55:14
#7 0x5624e81372d2 in user_creatable_add_type /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:112:5
#8 0x5624e8137964 in user_creatable_add_qapi /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/object_interfaces.c:157:11
#9 0x5624e891ba3c in qmp_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qom/qom-qmp-cmds.c:227:5
#10 0x5624e8af9118 in qmp_marshal_object_add /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qapi/qapi-commands-qom.c:337:5
#11 0x5624e8bd1d49 in do_qmp_dispatch_bh /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../qapi/qmp-dispatch.c:128:5
#12 0x5624e8cb2531 in aio_bh_call /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:171:5
#13 0x5624e8cb340c in aio_bh_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:218:13
#14 0x5624e8c0be98 in aio_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/aio-posix.c:423:5
#15 0x5624e8cba3ce in aio_ctx_dispatch /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/async.c:360:5
#16 0x7fb199ae0d3a in g_main_dispatch debian/build/deb/../../../glib/gmain.c:3419:28
#17 0x7fb199ae0d3a in g_main_context_dispatch debian/build/deb/../../../glib/gmain.c:4137:7
#18 0x5624e8cbe1d9 in glib_pollfds_poll /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:287:9
#19 0x5624e8cbcb13 in os_host_main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:310:5
#20 0x5624e8cbc6dc in main_loop_wait /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../util/main-loop.c:589:11
#21 0x5624e6f3f917 in qemu_main_loop /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/runstate.c:801:9
#22 0x5624e893379c in qemu_default_main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:37:14
#23 0x5624e89337e7 in main /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/../../system/main.c:48:12
#24 0x7fb197972d8f in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16
#25 0x7fb197972e3f in __libc_start_main csu/../csu/libc-start.c:392:3
#26 0x5624e5c16fa4 in _start (/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/asan/qemu-system-x86_64+0x210bfa4) (BuildId:
a9e623fa1009a9435c0142c037cd7b8c1ad04ce3)
SUMMARY: AddressSanitizer: 5 byte(s) leaked in 1 allocation(s).
Cc: qemu-stable@nongnu.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <
20240819145021.38524-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Kamil Szczęk [Sat, 17 Aug 2024 15:26:15 +0000 (15:26 +0000)]
hw/i386/pc: Ensure vmport prerequisites are fulfilled
Since commit
4ccd5fe22feb95137d325f422016a6473541fe9f ('pc: add option
to disable PS/2 mouse/keyboard'), the vmport will not be created unless
the i8042 PS/2 controller is enabled. To avoid confusion, let's fail if
vmport was explicitly requested, but the i8042 controller is disabled.
This also changes the behavior of vmport=auto to take i8042 controller
availability into account.
Signed-off-by: Kamil Szczęk <kamil@szczek.dev>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Message-ID: <0MS3y5E-hHqODIhiuFxmCnIrXd612JIGq31UuMsz4KGCKZ_wWuF-PHGKTRSGS0nWaPEddOdF4YOczHdgorulECPo792OhWov7O9BBF6UMX4=@szczek.dev>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Kamil Szczęk [Sat, 17 Aug 2024 15:25:31 +0000 (15:25 +0000)]
hw/i386/pc: Unify vmport=auto handling
The code which translates vmport=auto to on/off is currently separate
for each PC machine variant, while being functionally equivalent.
This moves the translation into a shared initialization function, while
also tightening the enum assertion.
Signed-off-by: Kamil Szczęk <kamil@szczek.dev>
Reviewed-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <v8pz1uwgIYWkidgZK-o8H-qJvnSyl0641XVmNO43Qls307AA3QRPuad_py6xGe0JAxB6yDEe76oZ8tau_n-2Y6sJBCKzCujNbEUUFhd-ahI=@szczek.dev>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Bernhard Beschow [Wed, 14 Aug 2024 18:15:32 +0000 (20:15 +0200)]
hw/ppc/Kconfig: Add missing SERIAL_ISA dependency to POWERNV machine
The machine calls serial_hds_isa_init() which is provided by serial-isa.c,
guarded by SERIAL_ISA.
Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240814181534.218964-4-shentey@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Richard Henderson [Fri, 16 Aug 2024 07:23:06 +0000 (17:23 +1000)]
target/sparc: Restrict STQF to sparcv9
Prior to sparcv9, the same encoding was STDFQ.
Cc: qemu-stable@nongnu.org
Fixes: 06c060d9e5b ("target/sparc: Move simple fp load/store to decodetree")
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240816072311.353234-2-richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Pierrick Bouvier [Wed, 14 Aug 2024 23:36:40 +0000 (16:36 -0700)]
contrib/plugins/execlog: Fix shadowed declaration warning
Found on debian stable.
../contrib/plugins/execlog.c: In function ‘vcpu_tb_trans’:
../contrib/plugins/execlog.c:236:22: error: declaration of ‘n’ shadows a previous local [-Werror=shadow=local]
236 | for (int n = 0; n < all_reg_names->len; n++) {
| ^
../contrib/plugins/execlog.c:184:12: note: shadowed declaration is here
184 | size_t n = qemu_plugin_tb_n_insns(tb);
|
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240814233645.944327-2-pierrick.bouvier@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Nicholas Piggin [Mon, 5 Aug 2024 23:28:13 +0000 (09:28 +1000)]
tests/avocado: Mark ppc_hv_tests.py as non-flaky after fixed console interaction
Now that exec_command doesn't incorrectly consume console output,
and guest time is set correctly, ppc_hv_tests.py is working more
reliably. Try marking it non-flaky.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-ID: <
20240805232814.267843-3-npiggin@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Nicholas Piggin [Mon, 5 Aug 2024 23:28:12 +0000 (09:28 +1000)]
tests/avocado: exec_command should not consume console output
_console_interaction reads data from the console even when there is only
an input string to send, and no output data to wait on. This can cause
lines to be missed by wait_for_console_pattern calls that follows an
exec_command. Fix this by not reading the console if there is no pattern
to wait for.
This solves occasional hangs in ppc_hv_tests.py, usually when run on KVM
hosts that are fast enough to output important lines quickly enough to be
consumed by exec_command, so they get missed by subsequent wait for
pattern calls.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240805232814.267843-2-npiggin@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Philippe Mathieu-Daudé [Wed, 14 Aug 2024 10:16:39 +0000 (12:16 +0200)]
linux-user/mips: Select Loongson CPU for Loongson binaries
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240814133928.6746-5-philmd@linaro.org>
Philippe Mathieu-Daudé [Wed, 14 Aug 2024 10:17:26 +0000 (12:17 +0200)]
linux-user/mips: Select MIPS64R2-generic for Rel2 binaries
Cc: YunQiang Su <syq@debian.org>
Reported-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240814133928.6746-4-philmd@linaro.org>
Philippe Mathieu-Daudé [Wed, 14 Aug 2024 09:14:49 +0000 (11:14 +0200)]
linux-user/mips: Select Octeon68XX CPU for Octeon binaries
The Octeon68XX CPU is available since commit
9a6046a655
("target/mips: introduce Cavium Octeon CPU model").
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1722
Reported-by: Johnathan Hữu Trí <nhtri2003@gmail.com>
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240814133928.6746-3-philmd@linaro.org>
Philippe Mathieu-Daudé [Wed, 14 Aug 2024 10:01:18 +0000 (12:01 +0200)]
linux-user/mips: Do not try to use removed R5900 CPU
R5900 emulation was removed in commit
823f2897bd.
Remove it from ELF parsing in order to avoid:
$ qemu-mipsn32 ./test5900
qemu-mipsn32: unable to find CPU model 'R5900'
This reverts commit
4d9e5a0eb7df6e98ac6cf5e16029f35dd05b9537.
Fixes: 823f2897bd ("target/mips: Disable R5900 support")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240814133928.6746-2-philmd@linaro.org>
Peter Maydell [Tue, 13 Aug 2024 16:52:46 +0000 (17:52 +0100)]
hw/remote/message.c: Don't directly invoke DeviceClass:reset
Directly invoking the DeviceClass::reset method is a bad idea,
because if the device is using three-phase reset then it relies on
transitional reset machinery which is likely to disappear at some
point.
Reset the device in the standard way, by calling device_cold_reset().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240813165250.
2717650-7-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Tue, 13 Aug 2024 16:52:45 +0000 (17:52 +0100)]
hw/dma/xilinx_axidma: Use semicolon at end of statement, not comma
In axidma_class_init() we accidentally used a comma at the end of
a statement rather than a semicolon. This has no ill effects, but
it's obviously not intended and it means that Coccinelle scripts
for instance will fail to match on the two statements. Use a
semicolon instead.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240813165250.
2717650-6-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 13 Aug 2024 15:22:37 +0000 (17:22 +0200)]
target/mips: Load PTE as DATA
PTE is not CODE so load it as normal DATA access.
Fixes: 074cfcb4da ("Implement hardware page table walker for MIPS32")
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240814090452.2591-4-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 13 Aug 2024 10:05:42 +0000 (12:05 +0200)]
target/mips: Use correct MMU index in get_pte()
When refactoring page_table_walk_refill() in commit
4e999bf419
we missed the indirect call to cpu_mmu_index() in get_pte():
page_table_walk_refill()
-> get_pte()
-> cpu_ld[lq]_code()
-> cpu_mmu_index()
Since we don't mask anymore the modes in hflags, cpu_mmu_index()
can return UM or SM, while we only expect KM or ERL.
Fix by propagating ptw_mmu_idx to get_pte(), and use the
cpu_ld/st_code_mmu() API with the correct MemOpIdx.
Reported-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reported-by: Waldemar Brodkorb <wbx@uclibc-ng.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2470
Fixes: 4e999bf419 ("target/mips: Pass ptw_mmu_idx down from mips_cpu_tlb_fill")
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-ID: <
20240814090452.2591-3-philmd@linaro.org>
Philippe Mathieu-Daudé [Tue, 13 Aug 2024 13:30:31 +0000 (15:30 +0200)]
target/mips: Pass page table entry size as MemOp to get_pte()
In order to simplify the next commit, pass the PTE size as MemOp.
Rename:
native_shift -> native_op
directory_shift -> directory_mop
leaf_shift -> leaf_mop
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240814090452.2591-2-philmd@linaro.org>
Heinrich Schuchardt [Mon, 29 Jul 2024 20:48:15 +0000 (22:48 +0200)]
qemu-options.hx: correct formatting -smbios type=4
processor-family and processor-id can be assigned independently.
Add missing brackets.
Fixes: b5831d79671c ("smbios: add processor-family option")
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240729204816.11905-1-heinrich.schuchardt@canonical.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jiaxun Yang [Fri, 21 Jun 2024 13:11:14 +0000 (14:11 +0100)]
hw/mips/loongson3_virt: Fix condition of IPI IOCSR connection
>>> CID
1547264: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "ipi" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
Resolves: Coverity CID
1547264
Link: https://lore.kernel.org/qemu-devel/752417ad-ab72-4fed-8d1f-af41f15bc225@app.fastmail.com/
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240621-loongson3-ipi-follow-v2-2-
848eafcbb67e@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jiaxun Yang [Fri, 21 Jun 2024 13:11:13 +0000 (14:11 +0100)]
hw/mips/loongson3_virt: Store core_iocsr into LoongsonMachineState
Link: https://lore.kernel.org/qemu-devel/972034d6-23b3-415a-b401-b8bc1cc515c9@linaro.org/
Suggested-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <
20240621-loongson3-ipi-follow-v2-1-
848eafcbb67e@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Richard Henderson [Mon, 19 Aug 2024 04:55:23 +0000 (14:55 +1000)]
Merge tag 'pull-riscv-to-apply-
20240819-1' of https://github.com/alistair23/qemu into staging
RISC-V PR for 9.1
This reverts a commit adding `#msi-cells=<0>` to the virt machine
as that commit results in PCI devices unable to us MSIs. Even though
it's a kernel bug, we don't want to break existing users.
* Revert adding #msi-cells to virt machine
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmbCzDEACgkQr3yVEwxT
# gBP2Jw/+Phcb9tw8vv3kHyjXaH5JuqMvRvE0DZi3Zub9cdwIygXEC8/o0q4Szh+4
# FGZbxSsQ6XdfOW87qY66kTlM8yxVJf2RoQcQ27QTs0kCM3TR/1nzRbc2wWPMYRmH
# FvOL926Nr+ysxtVd84HZc82GwQpEIG1qdWpy5VECMZXW8mtOTQjgltKuiH9Jl+ZX
# N0uqWc4/lp+x+UIZqS9b76AiZ8l1G5nRFdXgmKKU7J8iVeWLRRzV1NRu+cZP4WEv
# kjpMODdedScEcvqb122SVTTJcpdvhuB+bWH6mITajbt2G4YxsNYJ9594nef/sKBH
# hf3oSfXUnwDqTldnrkFonO9OhdO3ZCdtqw5Lzi1E/D2zny2CnMMIAcs8hbenVGkW
# NW0J/z84J+X1qf5gmt07l2BlUhBooCS8TJsbO8PX/lR2iCL/BxuKHEjxCnCZ6f5z
# 3FxhqO3Shk9FnfAsTxtY00RLmRo4t+ESTsBsZPiSXB3EmCo/BmgR/0Grm7UKZbbL
# /9lzUHyUYj09Mvk7IJc4KGjihfQ9TwjNdlmq2MlRHWdVT09+Bu7DRhHvNzuVYMb9
# 1iktWv4Fnit6Xe6rPOvNXF5ilmUu2fm3p6z2ogG8cRbPHPPQ7NLx8BQSqPvBHdfx
# KIV6f1xBJSSQcTdIq/ySnN1SF1h2YVPLIlv1Aap3kN/J71kkpLY=
# =C6id
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 19 Aug 2024 02:38:09 PM AEST
# gpg: using RSA key
6AE902B6A7CA877D6D659296AF7C95130C538013
# gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013
* tag 'pull-riscv-to-apply-
20240819-1' of https://github.com/alistair23/qemu:
Revert "hw/riscv/virt.c: imsics DT: add '#msi-cells'"
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Andrew Jones [Fri, 16 Aug 2024 16:07:45 +0000 (18:07 +0200)]
Revert "hw/riscv/virt.c: imsics DT: add '#msi-cells'"
This reverts commit
f42cdf2ea5b3a1dc369792d7acbf9cd3e5c90815.
Linux does not properly handle '#msi-cells=<0>' when searching for
MSI controllers for PCI devices which results in the devices being
unable to use MSIs. A patch for Linux has been sent[1] but until it,
or something like it, is merged and in distro kernels we should stop
adding the property. It's harmless to stop adding it since the
absence of the property and a value of zero for the property mean
the same thing according to the DT binding definition.
Link: https://lore.kernel.org/all/20240816124957.130017-2-ajones@ventanamicro.com/
Signed-off-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Daniel Henrique Barboza <dbarboza@ventanamicro.com>
Message-ID: <
20240816160743.220374-5-ajones@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Richard Henderson [Sat, 17 Aug 2024 06:46:45 +0000 (16:46 +1000)]
Merge tag 'pull-maintainer-9.1-rc3-160824-1' of https://gitlab.com/stsquad/qemu into staging
Some fixes for 9.1-rc3 (build, replay, docs, plugins)
- re-enable gdbsim-r5f562n8 test
- ensure updates to python deps re-trigger configure
- tweak configure detection of GDB MTE support
- make checkpatch emit more warnings on updating headers
- allow i386 access_ptr to force slow path for plugins
- fixe some replay regressions
- update the replay-dump tool
- better handle muxed chardev during replay
- clean up TCG plugins docs to mention scoreboards
- fix plugin scoreboard race condition
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAma/UJcACgkQ+9DbCVqe
# KkT51gf/buOo0leJnBkYDTPWOOsDupW/nUUqOlTStvpKGEVNZgmxH0V4ffdCNO8E
# P4xQpD8WrpFKZHu2zE7EmXJ6/wkSp2BeSPcZ8lhld8jKNY3ksBlsCwb26/D9WsWK
# /JaqAegdg3fwCgbcQ057dRlKJV2ojjWD/JqPWa5G9AIlSqiHEfvcTj9t33BpJKXC
# xV7Yt1TZExkfkCAny54Sx4O6oiDhvSgJmWCUGIVE2W39+g3jUKf2tvbggR5MEIH3
# fJ/F2vmcnllmK21awiRa9/WVZ55+Cbgj6PlLf/Qh6rhzooTMy+x0G+5BkNtZwNCs
# 8qFu8vFkuJM9YwDw9btaz3b+nG8Mzg==
# =HUN1
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 16 Aug 2024 11:13:59 PM AEST
# gpg: using RSA key
6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
* tag 'pull-maintainer-9.1-rc3-160824-1' of https://gitlab.com/stsquad/qemu: (21 commits)
plugins: fix race condition with scoreboards
docs/devel: update tcg-plugins page
docs: Fix some typos (found by typos) and grammar issues
savevm: Fix load_snapshot error path crash
virtio-net: Use virtual time for RSC timers
virtio-net: Use replay_schedule_bh_event for bhs that affect machine state
chardev: set record/replay on the base device of a muxed device
tests/avocado: replay_kernel.py add x86-64 q35 machine test
Revert "replay: stop us hanging in rr_wait_io_event"
replay: allow runstate shutdown->running when replaying trace
tests/avocado: excercise scripts/replay-dump.py in replay tests
scripts/replay-dump.py: rejig decoders in event number order
scripts/replay-dump.py: Update to current rr record format
buildsys: Fix building without plugins on Darwin
target/i386: allow access_ptr to force slow path on failed probe
scripts/checkpatch: more checks on files imported from Linux
configure: Fix GDB version detection for GDB_HAS_MTE
configure: Avoid use of param. expansion when using gdb_version
configure: Fix arch detection for GDB_HAS_MTE
Makefile: trigger re-configure on updated pythondeps
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Pierrick Bouvier [Tue, 13 Aug 2024 20:23:29 +0000 (21:23 +0100)]
plugins: fix race condition with scoreboards
A deadlock can be created if a new vcpu (a) triggers a scoreboard
reallocation, and another vcpu (b) wants to create a new scoreboard at
the same time.
In this case, (a) holds the plugin lock, and starts an exclusive
section, waiting for (b). But at the same time, (b) is waiting for
plugin lock.
The solution is to drop the lock before entering the exclusive section.
This bug can be easily reproduced by creating a callback for any tb
exec, that allocates a new scoreboard. In this case, as soon as we reach
more than 16 vcpus, the deadlock occurs.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2344
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20240812220748.95167-2-pierrick.bouvier@linaro.org>
[AJB: tweak var position to meet coding style]
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240813202329.
1237572-22-alex.bennee@linaro.org>
Pierrick Bouvier [Tue, 13 Aug 2024 20:23:28 +0000 (21:23 +0100)]
docs/devel: update tcg-plugins page
Reflect recent changes on API (inline ops) and new plugins.
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Message-Id: <
20240812231945.169310-1-pierrick.bouvier@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-21-alex.bennee@linaro.org>
Stefan Weil [Tue, 13 Aug 2024 20:23:27 +0000 (21:23 +0100)]
docs: Fix some typos (found by typos) and grammar issues
Fix the misspellings of "overriden" also in code comments.
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <
20240813125638.395461-1-sw@weilnetz.de>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-20-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:26 +0000 (21:23 +0100)]
savevm: Fix load_snapshot error path crash
An error path missed setting *errp, which can cause a NULL deref.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-11-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-19-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:25 +0000 (21:23 +0100)]
virtio-net: Use virtual time for RSC timers
Receive coalescing is visible to the target machine, so its timers
should use virtual time like other timers in virtio-net, to be
compatible with record-replay.
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-10-npiggin@gmail.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-18-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:24 +0000 (21:23 +0100)]
virtio-net: Use replay_schedule_bh_event for bhs that affect machine state
The regular qemu_bh_schedule() calls result in non-deterministic
execution of the bh in record-replay mode, which causes replay failure.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-9-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-17-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:23 +0000 (21:23 +0100)]
chardev: set record/replay on the base device of a muxed device
chardev events to a muxed device don't get recorded because e.g.,
qemu_chr_be_write() checks whether the base device has the record flag
set.
This can be seen when replaying a trace that has characters typed into
the console, an examination of the log shows they are not recorded.
Setting QEMU_CHAR_FEATURE_REPLAY on the base chardev fixes the problem.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-8-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-16-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:22 +0000 (21:23 +0100)]
tests/avocado: replay_kernel.py add x86-64 q35 machine test
The x86-64 pc machine is flaky with record/replay, but q35 is more
stable. Add a q35 test to replay_kernel.py.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-7-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-15-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:21 +0000 (21:23 +0100)]
Revert "replay: stop us hanging in rr_wait_io_event"
This reverts commit
1f881ea4a444ef36a8b6907b0b82be4b3af253a2.
That commit causes reverse_debugging.py test failures, and does
not seem to solve the root cause of the problem x86-64 still
hangs in record/replay tests.
The problem with short-cutting the iowait that was taken during
record phase is that related events will not get consumed at the
same points (e.g., reading the clock).
A hang with zero icount always seems to be a symptom of an earlier
problem that has caused the recording to become out of synch with
the execution and consumption of events by replay.
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-6-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-14-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:20 +0000 (21:23 +0100)]
replay: allow runstate shutdown->running when replaying trace
When replaying a trace, it is possible to go from shutdown to running
with a reverse-debugging step. This can be useful if the problem being
debugged triggers a reset or shutdown.
This can be tested by making a recording of a machine that shuts down,
then using -action shutdown=pause when replaying it. Continuing to the
end of the trace then reverse-stepping in gdb crashes due to invalid
runstate transition.
Just permitting the transition seems to be all that's necessary for
reverse-debugging to work well in such a state.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-5-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-13-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:19 +0000 (21:23 +0100)]
tests/avocado: excercise scripts/replay-dump.py in replay tests
This runs replay-dump.py after recording a trace, and fails the test if
the script fails.
replay-dump.py is modified to exit with non-zero if an error is
encountered while parsing, to support this.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
gitlab with this change
v5: Update timeout to 180s because x86 was just exceeding 120s in
Message-Id: <
20240813050638.446172-4-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-12-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:18 +0000 (21:23 +0100)]
scripts/replay-dump.py: rejig decoders in event number order
Sort decoder functions to be ascending in order of event number,
same as the decoder tables.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-3-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-11-alex.bennee@linaro.org>
Nicholas Piggin [Tue, 13 Aug 2024 20:23:17 +0000 (21:23 +0100)]
scripts/replay-dump.py: Update to current rr record format
The v12 format support for replay-dump has a few issues still. This
fixes async decoding; adds event, shutdown, and end decoding; fixes
audio in / out events, fixes checkpoint checking of following async
events.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <
20240813050638.446172-2-npiggin@gmail.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-10-alex.bennee@linaro.org>
Philippe Mathieu-Daudé [Tue, 13 Aug 2024 20:23:16 +0000 (21:23 +0100)]
buildsys: Fix building without plugins on Darwin
Since commit
0082475e26 the plugin symbol list is unconditionally
added to the linker flags, leading to a build failure:
Undefined symbols for architecture arm64:
"_qemu_plugin_entry_code", referenced from:
<initial-undefines>
...
ld: symbol(s) not found for architecture arm64
clang: error: linker command failed with exit code 1 (use -v to see invocation)
ninja: build stopped: subcommand failed.
Fix by restricting the whole meson file to the --enable-plugins
configure argument.
Fixes: 0082475e26 ("meson: merge plugin_ldflags into emulator_link_args")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2476
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <
20240813112457.92560-1-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-9-alex.bennee@linaro.org>
Alex Bennée [Tue, 13 Aug 2024 20:23:15 +0000 (21:23 +0100)]
target/i386: allow access_ptr to force slow path on failed probe
When we are using TCG plugin memory callbacks probe_access_internal
will return TLB_MMIO to force the slow path for memory access. This
results in probe_access returning NULL but the x86 access_ptr function
happily accepts an empty haddr resulting in segfault hilarity.
Check for an empty haddr to prevent the segfault and enable plugins to
track all the memory operations for the x86 save/restore helpers. As
we also want to run the slow path when instrumenting *-user we should
also not have the short cutting test_ptr macro.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2489
Fixes: 6d03226b42 (plugins: force slow path when plugins instrument memory ops)
Reviewed-by: Alexandre Iooss <erdnaxe@crans.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-8-alex.bennee@linaro.org>
Stefano Garzarella [Tue, 13 Aug 2024 20:23:14 +0000 (21:23 +0100)]
scripts/checkpatch: more checks on files imported from Linux
If a file imported from Linux is touched, emit a warning and suggest
using scripts/update-linux-headers.sh.
Also check that updating imported files from Linux are not mixed with
other changes, in which case emit an error.
Signed-off-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <
20240718072050.9503-1-sgarzare@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-7-alex.bennee@linaro.org>
Gustavo Romero [Tue, 13 Aug 2024 20:23:13 +0000 (21:23 +0100)]
configure: Fix GDB version detection for GDB_HAS_MTE
The test gdbstub/test-mte.py requires a GDB version that supports the
qIsAddressTagged packet. According to GDB NEWS [0], this packet was
first made available in the GDB 15.1 release, not in 15.0, so this
commit fixes it in configure.
[0] https://www.sourceware.org/gdb/news/
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2477
Message-Id: <
20240804161850.
2646299-4-gustavo.romero@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-6-alex.bennee@linaro.org>
Gustavo Romero [Tue, 13 Aug 2024 20:23:12 +0000 (21:23 +0100)]
configure: Avoid use of param. expansion when using gdb_version
$gdb_version is now used in more than one conditional case and its usage
in such cases may increase in the future. Therefore, avoid using shell
parameter expansion when using it by setting gdb_version to its final
form.
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-Id: <
20240804161850.
2646299-3-gustavo.romero@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-5-alex.bennee@linaro.org>
Gustavo Romero [Tue, 13 Aug 2024 20:23:11 +0000 (21:23 +0100)]
configure: Fix arch detection for GDB_HAS_MTE
GDB_HAS_MTE must only be set if GDB supports the aarch64 arch, so the
test if "aarch64" string is present must be against GDB-related
'$gdb_arches' variable and not against '$arch' variable.
Signed-off-by: Gustavo Romero <gustavo.romero@linaro.org>
Message-Id: <
20240804161850.
2646299-2-gustavo.romero@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-4-alex.bennee@linaro.org>
Alex Bennée [Tue, 13 Aug 2024 20:23:10 +0000 (21:23 +0100)]
Makefile: trigger re-configure on updated pythondeps
If we add additional deps for meson we need to ensure we trigger a
reconfigure to make sure everything is set up.
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-3-alex.bennee@linaro.org>
Philippe Mathieu-Daudé [Tue, 13 Aug 2024 20:23:09 +0000 (21:23 +0100)]
tests/avocado: Re-enable gdbsim-r5f562n8 testing U-Boot
We disabled all RX tests on commit
9b45cc9931 ("docs/devel:
rationalise unstable gitlab tests under FLAKY_TESTS") for
being flaky. However I don't recall the U-Boot test to fail
(the problematic line checking the 'version' string is already
commented out), and I'm running this test reliably, so re-enable
it.
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <
20240801172332.65701-1-philmd@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <
20240813202329.
1237572-2-alex.bennee@linaro.org>
Richard Henderson [Fri, 16 Aug 2024 08:18:27 +0000 (18:18 +1000)]
Merge tag 'pull-request-2024-08-16' of https://gitlab.com/thuth/qemu into staging
* Fix a potential build warning in the s390x target code
* Check for the availability of __attribute__((gcc_struct)) on MSYS2
* Fix skipUnless decorators in Avocado tests
* Add missing gtk-vnc package to the CI jobs
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAma+/YURHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbXdGhAAm5Dnm2y5WA3Cq4oFlFNvSbX41z9TKNoj
# PbxeQdw2y+zMZ2C1KQX032uA2lL047SjuEv6ONLchWkQk8Dv8xukWlUXZjMr0zWi
# HeVSpzGGJ2y8WzO+eN3sL1TDxs4Lhv3Wer/PZ8XFcIbZi3TWsYIJOxJ3sU7JLOOx
# t6BJiBh52UKVmQ0XruZ/YPBQJVHJMqcbRI+GTGCfVTsFXDAXnn4dOpA60q6/JA1i
# 1rUDSAjTY7y5rkon7PSP+JQindbD5i1IwUSG0b8jLFV5t9+DOX1Ot8l0DWSjOStP
# 0GigoVtOuohv0fv5dZjaaZlynbkWzZqSaUiaRcp6Ksl4RUzYFvk9ViWrOT2Dp3H1
# G4OEk8XDOI74VpzCoxWDjNHkRFCNf+EcbbKrq0UW7JeBbQo8cW7a6SpHA2HhRO0D
# ycg+BST3uEuIeU6oSZRwDfywJopWJawsqb3zEWLL3sn4ghCdYouNfVf5n24HaZpA
# 1K0zQpNtNR1lv6LDWRehheC3KzKHARgFfOHrvBnuyTwxDtxboI3NfrPEZOPwZsZS
# fkDWBG762ECbY6BLH1f/fqB3051qZnbau/i13f7WSl3nH/x52yz0UQFFHkVs2ljJ
# eRj2tOA7moxSkpXB0f+prIk7ewv5+6BOO2zdzUz+xmloHHOIDjwwfzWppSuD2bRq
# XVhd19De6Tg=
# =Z9dn
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 16 Aug 2024 05:19:33 PM AEST
# gpg: using RSA key
27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
* tag 'pull-request-2024-08-16' of https://gitlab.com/thuth/qemu:
ci: refresh package lists with lcitool
ci: add gtk-vnc to the deps
tests/avocado: apply proper skipUnless decorator
meson.build: Check for the availability of __attribute__((gcc_struct)) on MSYS2
target/s390x: fix build warning (gcc-12 -fsanitize=thread)
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Daniel P. Berrangé [Thu, 18 Jul 2024 09:41:59 +0000 (10:41 +0100)]
ci: refresh package lists with lcitool
Refresh with the newly added gtk-vnc package
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-ID: <
20240718094159.902024-3-berrange@redhat.com>
[thuth: fixed conflicts in .gitlab-ci.d/cirrus/*.vars]
Signed-off-by: Thomas Huth <thuth@redhat.com>
Daniel P. Berrangé [Thu, 18 Jul 2024 09:41:58 +0000 (10:41 +0100)]
ci: add gtk-vnc to the deps
The gtk-vnc package is used by the vnc-display-test qtest
program. Technically only gvnc is needed, but since we
already pull in the gtk3 dep, it is harmless to depend
on gtk-vnc.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <
20240718094159.902024-2-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Cleber Rosa [Tue, 6 Aug 2024 17:31:12 +0000 (13:31 -0400)]
tests/avocado: apply proper skipUnless decorator
Commit
9b45cc993 added many cases of skipUnless for the sake of
organizing flaky tests. But, Python decorators *must* follow what
they decorate, so the newlines added should *not* exist there.
Signed-off-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-ID: <
20240806173119.582857-3-crosa@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Thu, 15 Aug 2024 12:27:19 +0000 (14:27 +0200)]
meson.build: Check for the availability of __attribute__((gcc_struct)) on MSYS2
Since quite a while MSYS2 now supports Clang as a compiler, too.
Unfortunately, this compiler is lacking the __attribute__((gcc_struct))
that we need for compiling on Windows. But since the compiler is
available now, some people started to use it to compile QEMU on MSYS2,
apparently ignoring the compiler warnings (see for example the ticket at
https://gitlab.com/qemu-project/qemu/-/issues/2476 ). These builds are
likely broken in a couple of spots, so let's make sure that we rather
bail out early in the configuration phase instead of allowing the build
to succeed with warnings.
Message-ID: <
20240815122719.727639-1-thuth@redhat.com>
Tested-by: Stefan Weil <sw@weilnetz.de>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Pierrick Bouvier [Wed, 14 Aug 2024 22:41:31 +0000 (15:41 -0700)]
target/s390x: fix build warning (gcc-12 -fsanitize=thread)
Found on debian stable.
../target/s390x/tcg/translate.c: In function ‘get_mem_index’:
../target/s390x/tcg/translate.c:398:1: error: control reaches end of non-void function [-Werror=return-type]
398 | }
Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org>
Acked-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-ID: <
20240814224132.897098-4-pierrick.bouvier@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Richard Henderson [Thu, 15 Aug 2024 10:32:37 +0000 (20:32 +1000)]
Update version for v9.1.0-rc2 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Thu, 15 Aug 2024 01:06:38 +0000 (11:06 +1000)]
Merge tag 'pull-lu-
20240815' of https://gitlab.com/rth7680/qemu into staging
linux-user: Preserve NULL hit in target_mmap subroutines
# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAma9VDodHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/d+Af7B51RZ0KQGrOO/psY
# UQZBYOa7WDLuv3cRdhPhXsRxs4bQtc4suF+2mrKQ5ODS6gh2SRJqMFqmlNvzF1QP
# k0D7qia3pfzsQ2YZjWq0ccZC0WSEbvABConulNydZR2tSORLXZSPmj8h0bWQjDnO
# fGVY0I1DdRCWjpfcy12PDo7F+uNKYacQUcrkPl9XvBJe8Ev9vCWqgGMU/rINKFSF
# +Z3YNpcF8tqeGvp72/Kr20XHtlX7XGz4OLgsBjnG897UVRV1UMdIRP7fd7Y9BJaZ
# YgCAjfJrgEWvUd5ICQvkX03xOfZ1Nx3iRS7rIgPJxdN0svgzPGQyrqi9O9TUsFWD
# 0eJdeQ==
# =nOnV
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 15 Aug 2024 11:04:58 AM AEST
# gpg: using RSA key
7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-lu-
20240815' of https://gitlab.com/rth7680/qemu:
linux-user: Preserve NULL hit in target_mmap subroutines
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Tue, 13 Aug 2024 06:33:58 +0000 (16:33 +1000)]
linux-user: Preserve NULL hit in target_mmap subroutines
Do not pass guest_base to the host mmap instead of zero hint.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2353
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 14 Aug 2024 21:41:16 +0000 (07:41 +1000)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* fix RAPL computations
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAma83sIUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroO4OAf/SCiETP35wStOQ1MDfQoW9BUltlyS
# 0bHJ9fiVPUs8iVXoUOY83P33dBYLpkAutmdw38pxD9JDH99wM5e4Etgks1GxLjtj
# aDWMyxskguVKxR0iT92jcM7kFZKYqzssIoXrPFq7cC4LYw9t5wOEUnPxRXBphlao
# 1lLdkJlDzHsU/K+VSAdB81T/Og+E6BpcBZTLD9EONUvcqHSiGp65omNf+dPporkO
# U2egOFqcbhH6+jdQoRwBeXvGnIny8nHLVyOEbZWygeZqfo2PWR5PQ3DqOR7sj5RT
# w9DIxtkpMdHWT1D/+8etDnb3XWYRnZNLhK5B3w4HpZUcBecyxmcXj6nxXA==
# =Uvzx
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 15 Aug 2024 02:43:46 AM AEST
# gpg: using RSA key
F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
target/i386: Fix arguments for vmsr_read_thread_stat()
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Anthony Harivel [Wed, 7 Aug 2024 12:43:20 +0000 (14:43 +0200)]
target/i386: Fix arguments for vmsr_read_thread_stat()
Snapshot of the stat utime and stime for each thread, taken before and
after the pause, must be stored in separate locations
Signed-off-by: Anthony Harivel <aharivel@redhat.com>
Link: https://lore.kernel.org/r/20240807124320.1741124-2-aharivel@redhat.com
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
projects / qemu.git / log