From 93eae3583256896dd91a4c2ca38dcbb8d4051cff Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 4 Nov 2021 14:45:20 +0100 Subject: [PATCH 01/10] target-i386: mmu: use pg_mode instead of HF_LMA_MASK Correctly look up the paging mode of the hypervisor when it is using 64-bit mode but the guest is not. Fixes: 68746930ae ("target/i386: use mmu_translate for NPT walk", 2021-05-11) Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini --- target/i386/tcg/sysemu/excp_helper.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c index 7af887be4d..492b777de9 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -90,7 +90,7 @@ static int mmu_translate(CPUState *cs, hwaddr addr, MMUTranslateFunc get_hphys_f target_ulong pdpe_addr; #ifdef TARGET_X86_64 - if (env->hflags & HF_LMA_MASK) { + if (pg_mode & PG_MODE_LMA) { bool la57 = pg_mode & PG_MODE_LA57; uint64_t pml5e_addr, pml5e; uint64_t pml4e_addr, pml4e; @@ -287,7 +287,7 @@ do_check_protect_pse36: *prot |= PAGE_EXEC; } - if (!(env->hflags & HF_LMA_MASK)) { + if (!(pg_mode & PG_MODE_LMA)) { pkr = 0; } else if (ptep & PG_USER_MASK) { pkr = pg_mode & PG_MODE_PKE ? env->pkru : 0; From b04dc92e013d55c9ac8082caefff45dcfb1310e7 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 4 Nov 2021 14:47:46 +0100 Subject: [PATCH 02/10] target-i386: mmu: fix handling of noncanonical virtual addresses mmu_translate is supposed to return an error code for page faults; it is not able to handle other exceptions. The #GP case for noncanonical virtual addresses is not handled correctly, and incorrectly raised as a page fault with error code 1. Since it cannot happen for nested page tables, move it directly to handle_mmu_fault, even before the invocation of mmu_translate. Fixes: #676 Fixes: 661ff4879e ("target/i386: extract mmu_translate", 2021-05-11) Cc: qemu-stable@nongnu.org Tested-by: Mark Cave-Ayland Signed-off-by: Paolo Bonzini --- target/i386/tcg/sysemu/excp_helper.c | 21 ++++++++++++--------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/target/i386/tcg/sysemu/excp_helper.c b/target/i386/tcg/sysemu/excp_helper.c index 492b777de9..5ba739fbed 100644 --- a/target/i386/tcg/sysemu/excp_helper.c +++ b/target/i386/tcg/sysemu/excp_helper.c @@ -94,15 +94,6 @@ static int mmu_translate(CPUState *cs, hwaddr addr, MMUTranslateFunc get_hphys_f bool la57 = pg_mode & PG_MODE_LA57; uint64_t pml5e_addr, pml5e; uint64_t pml4e_addr, pml4e; - int32_t sext; - - /* test virtual address sign extension */ - sext = la57 ? (int64_t)addr >> 56 : (int64_t)addr >> 47; - if (get_hphys_func && sext != 0 && sext != -1) { - env->error_code = 0; - cs->exception_index = EXCP0D_GPF; - return 1; - } if (la57) { pml5e_addr = ((cr3 & ~0xfff) + @@ -423,6 +414,18 @@ static int handle_mmu_fault(CPUState *cs, vaddr addr, int size, page_size = 4096; } else { pg_mode = get_pg_mode(env); + if (pg_mode & PG_MODE_LMA) { + int32_t sext; + + /* test virtual address sign extension */ + sext = (int64_t)addr >> (pg_mode & PG_MODE_LA57 ? 56 : 47); + if (sext != 0 && sext != -1) { + env->error_code = 0; + cs->exception_index = EXCP0D_GPF; + return 1; + } + } + error_code = mmu_translate(cs, addr, get_hphys, env->cr[3], is_write1, mmu_idx, pg_mode, &paddr, &page_size, &prot); From b3af7fdf9cc537f8f0dd3e2423d83f5c99a457e8 Mon Sep 17 00:00:00 2001 From: Mauro Matteo Cascella Date: Thu, 4 Nov 2021 17:31:38 +0100 Subject: [PATCH 03/10] hw/scsi/scsi-disk: MODE_PAGE_ALLS not allowed in MODE SELECT commands This avoids an off-by-one read of 'mode_sense_valid' buffer in hw/scsi/scsi-disk.c:mode_sense_page(). Fixes: CVE-2021-3930 Cc: qemu-stable@nongnu.org Reported-by: Alexander Bulekov Fixes: a8f4bbe2900 ("scsi-disk: store valid mode pages in a table") Fixes: #546 Reported-by: Qiuhao Li Signed-off-by: Mauro Matteo Cascella Signed-off-by: Paolo Bonzini --- hw/scsi/scsi-disk.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/scsi/scsi-disk.c b/hw/scsi/scsi-disk.c index e8a547dbb7..d4914178ea 100644 --- a/hw/scsi/scsi-disk.c +++ b/hw/scsi/scsi-disk.c @@ -1087,6 +1087,7 @@ static int mode_sense_page(SCSIDiskState *s, int page, uint8_t **p_outbuf, uint8_t *p = *p_outbuf + 2; int length; + assert(page < ARRAY_SIZE(mode_sense_valid)); if ((mode_sense_valid[page] & (1 << s->qdev.type)) == 0) { return -1; } @@ -1428,6 +1429,11 @@ static int scsi_disk_check_mode_select(SCSIDiskState *s, int page, return -1; } + /* MODE_PAGE_ALLS is only valid for MODE SENSE commands */ + if (page == MODE_PAGE_ALLS) { + return -1; + } + p = mode_current; memset(mode_current, 0, inlen + 2); len = mode_sense_page(s, page, &p, 0); From 565174d08ed34a849f8420f0d9c97d08be3835aa Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Thu, 4 Nov 2021 14:35:14 +0100 Subject: [PATCH 04/10] meson: perform snappy test with the C++ compiler if used Snappy is written in C++ and as such needs to link against libstdc++. When linking statically, this means that the compile test cannot succeed unless performed with a C++ compiler. Do so if link_language is set to C++; if it is C, the test will usually fail and snappy will be disabled. Signed-off-by: Paolo Bonzini --- meson.build | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/meson.build b/meson.build index 47df10afc2..6bfed294d0 100644 --- a/meson.build +++ b/meson.build @@ -197,6 +197,10 @@ add_project_arguments('-iquote', '.', link_language = meson.get_external_property('link_language', 'cpp') if link_language == 'cpp' add_languages('cpp', required: true, native: false) + cxx = meson.get_compiler('cpp') + linker = cxx +else + linker = cc endif if host_machine.system() == 'darwin' add_languages('objc', required: false, native: false) @@ -1109,7 +1113,7 @@ if not get_option('snappy').auto() or have_system required: get_option('snappy'), kwargs: static_kwargs) endif -if snappy.found() and not cc.links(''' +if snappy.found() and not linker.links(''' #include int main(void) { snappy_max_compressed_length(4096); return 0; }''', dependencies: snappy) snappy = not_found From 4933436f6a13fb585d8b2e2f625bf52301e98f11 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 5 Nov 2021 13:45:40 +0100 Subject: [PATCH 05/10] docs: adjust for demise of scripts/create_config The config-host.h, $TARGET_NAME-config-target.h, $TARGET_NAME-config-devices.h files are now generated by configure_file() rather than scripts/create_config. Adjust he relevant paragraph in docs/devel/build-system.rst, and take the occasion to fix a preexisting confusion of *.h vs *.mak. Reported-by: Markus Armbruster Reviewed-by: Markus Armbruster Signed-off-by: Paolo Bonzini --- docs/devel/build-system.rst | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/docs/devel/build-system.rst b/docs/devel/build-system.rst index 7f106d2f1c..3c05032438 100644 --- a/docs/devel/build-system.rst +++ b/docs/devel/build-system.rst @@ -464,11 +464,10 @@ Built by Meson: scripts/make_device_config.sh program, feeding it the default-configs/$TARGET-NAME file as input. -``config-host.h``, ``$TARGET-NAME/config-target.h``, ``$TARGET-NAME/config-devices.h`` - These files are used by source code to determine what features - are enabled. They are generated from the contents of the corresponding - ``*.h`` files using the scripts/create_config program. This extracts - relevant variables and formats them as C preprocessor macros. +``config-host.h``, ``$TARGET_NAME-config-target.h``, ``$TARGET_NAME-config-devices.h`` + These files are used by source code to determine what features are + enabled. They are generated from the contents of the corresponding + ``*.mak`` files using Meson's ``configure_file()`` function. ``build.ninja`` The build rules. From ac7ebcc589757af7de0a7cba68126a80224fb989 Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 5 Nov 2021 10:07:37 +0100 Subject: [PATCH 06/10] configure: simplify calls to meson_quote meson_quote assumes a non-empty argument list, and incorrectly returns a one-entry array if passed nothing. Move the check for an empty argument list from the invocations to the function itself. Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini --- configure | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/configure b/configure index 33682cb971..369b5455b6 100755 --- a/configure +++ b/configure @@ -3894,6 +3894,7 @@ echo "TOPSRC_DIR=$source_path" >> $config_mak if test "$skip_meson" = no; then cross="config-meson.cross.new" meson_quote() { + test $# = 0 && return echo "'$(echo $* | sed "s/ /','/g")'" } @@ -3908,10 +3909,10 @@ if test "$skip_meson" = no; then test -z "$cxx" && echo "link_language = 'c'" >> $cross echo "[built-in options]" >> $cross - echo "c_args = [${CFLAGS:+$(meson_quote $CFLAGS)}]" >> $cross - echo "cpp_args = [${CXXFLAGS:+$(meson_quote $CXXFLAGS)}]" >> $cross - echo "c_link_args = [${LDFLAGS:+$(meson_quote $LDFLAGS)}]" >> $cross - echo "cpp_link_args = [${LDFLAGS:+$(meson_quote $LDFLAGS)}]" >> $cross + echo "c_args = [$(meson_quote $CFLAGS)]" >> $cross + echo "cpp_args = [$(meson_quote $CXXFLAGS)]" >> $cross + echo "c_link_args = [$(meson_quote $LDFLAGS)]" >> $cross + echo "cpp_link_args = [$(meson_quote $LDFLAGS)]" >> $cross echo "[binaries]" >> $cross echo "c = [$(meson_quote $cc $CPU_CFLAGS)]" >> $cross test -n "$cxx" && echo "cpp = [$(meson_quote $cxx $CPU_CFLAGS)]" >> $cross From 8009da037418d454d4833e7d3c3367f2f4d7244a Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 5 Nov 2021 10:08:43 +0100 Subject: [PATCH 07/10] configure: preserve CFLAGS, CXXFLAGS and LDFLAGS in config.status CFLAGS, CXXFLAGS and LDFLAGS influence the tests (for example if they include -L or -I options), so they should be kept from the invocation of configure to the subsequent reinvocations via config.status. Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini --- configure | 3 +++ 1 file changed, 3 insertions(+) diff --git a/configure b/configure index 369b5455b6..d268f59246 100755 --- a/configure +++ b/configure @@ -4057,9 +4057,12 @@ preserve_env AR preserve_env AS preserve_env CC preserve_env CPP +preserve_env CFLAGS preserve_env CXX +preserve_env CXXFLAGS preserve_env INSTALL preserve_env LD +preserve_env LDFLAGS preserve_env LD_LIBRARY_PATH preserve_env LIBTOOL preserve_env MAKE From a2866660441f114188b7d1025a4a19cbb6188fef Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Fri, 5 Nov 2021 10:09:26 +0100 Subject: [PATCH 08/10] configure: propagate --extra-cflags and --extra-ldflags to meson compile tests Meson (intentionally) does not add QEMU_CFLAGS to cc.compiles/cc.links tests, as they are supposed to be independent of the specific sets of compilation flags used to build the programs. However, the user can still use CFLAGS or the toolchain file's LANG_args/LANG_link_args option to specify -I or -L options that apply to cc.compiles/cc.links as well. This is also the intended use of configure's --extra-cflags, --extra-cxxflags and --extra-ldflags options. For example, if one has netmap's header in a nonstandard directory, up to commit 837b84b1c078bf3e909 it used to work fine to do: .../configure --enable-netmap \ --extra-cflags=-I/path/to/netmap/sys but since the test was converted to meson, this does not work anymore. Pass these options to meson via the toolchain file instead of via config-host.mak, since both have the same purpose. Reported-by: Owen LaGarde Reported-by: Thomas Huth Fixes: 47b30835e4 ("configure: consistently pass CFLAGS/CXXFLAGS/LDFLAGS to meson", 2020-10-06) Signed-off-by: Paolo Bonzini --- configure | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/configure b/configure index d268f59246..9f1641e79c 100755 --- a/configure +++ b/configure @@ -174,14 +174,14 @@ update_cxxflags() { compile_object() { local_cflags="$1" - do_cc $CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -c -o $TMPO $TMPC + do_cc $CFLAGS $EXTRA_CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -c -o $TMPO $TMPC } compile_prog() { local_cflags="$1" local_ldflags="$2" - do_cc $CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -o $TMPE $TMPC \ - $LDFLAGS $CONFIGURE_LDFLAGS $QEMU_LDFLAGS $local_ldflags + do_cc $CFLAGS $EXTRA_CFLAGS $CONFIGURE_CFLAGS $QEMU_CFLAGS $local_cflags -o $TMPE $TMPC \ + $LDFLAGS $EXTRA_LDFLAGS $CONFIGURE_LDFLAGS $QEMU_LDFLAGS $local_ldflags } # symbolically link $1 to $2. Portable version of "ln -sf". @@ -286,6 +286,10 @@ for opt do esac done +EXTRA_CFLAGS="" +EXTRA_CXXFLAGS="" +EXTRA_LDFLAGS="" + xen_ctrl_version="$default_feature" xfs="$default_feature" membarrier="$default_feature" @@ -394,13 +398,13 @@ for opt do ;; --cpu=*) cpu="$optarg" ;; - --extra-cflags=*) QEMU_CFLAGS="$QEMU_CFLAGS $optarg" - QEMU_LDFLAGS="$QEMU_LDFLAGS $optarg" + --extra-cflags=*) + EXTRA_CFLAGS="$EXTRA_CFLAGS $optarg" + EXTRA_CXXFLAGS="$EXTRA_CXXFLAGS $optarg" + ;; + --extra-cxxflags=*) EXTRA_CXXFLAGS="$EXTRA_CXXFLAGS $optarg" ;; - --extra-cxxflags=*) QEMU_CXXFLAGS="$QEMU_CXXFLAGS $optarg" - ;; - --extra-ldflags=*) QEMU_LDFLAGS="$QEMU_LDFLAGS $optarg" - EXTRA_LDFLAGS="$optarg" + --extra-ldflags=*) EXTRA_LDFLAGS="$EXTRA_LDFLAGS $optarg" ;; --enable-debug-info) debug_info="yes" ;; @@ -1346,8 +1350,8 @@ Advanced options (experts only): build time --cxx=CXX use C++ compiler CXX [$cxx] --objcc=OBJCC use Objective-C compiler OBJCC [$objcc] - --extra-cflags=CFLAGS append extra C compiler flags QEMU_CFLAGS - --extra-cxxflags=CXXFLAGS append extra C++ compiler flags QEMU_CXXFLAGS + --extra-cflags=CFLAGS append extra C compiler flags CFLAGS + --extra-cxxflags=CXXFLAGS append extra C++ compiler flags CXXFLAGS --extra-ldflags=LDFLAGS append extra linker flags LDFLAGS --cross-cc-ARCH=CC use compiler when building ARCH guest test cases --cross-cc-flags-ARCH= use compiler flags when building ARCH guest tests @@ -3402,7 +3406,7 @@ EOF update_cxxflags - if do_cxx $CXXFLAGS $CONFIGURE_CXXFLAGS $QEMU_CXXFLAGS -o $TMPE $TMPCXX $TMPO $QEMU_LDFLAGS; then + if do_cxx $CXXFLAGS $EXTRA_CXXFLAGS $CONFIGURE_CXXFLAGS $QEMU_CXXFLAGS -o $TMPE $TMPCXX $TMPO $QEMU_LDFLAGS; then # C++ compiler $cxx works ok with C compiler $cc : else @@ -3909,10 +3913,10 @@ if test "$skip_meson" = no; then test -z "$cxx" && echo "link_language = 'c'" >> $cross echo "[built-in options]" >> $cross - echo "c_args = [$(meson_quote $CFLAGS)]" >> $cross - echo "cpp_args = [$(meson_quote $CXXFLAGS)]" >> $cross - echo "c_link_args = [$(meson_quote $LDFLAGS)]" >> $cross - echo "cpp_link_args = [$(meson_quote $LDFLAGS)]" >> $cross + echo "c_args = [$(meson_quote $CFLAGS $EXTRA_CFLAGS)]" >> $cross + echo "cpp_args = [$(meson_quote $CXXFLAGS $EXTRA_CXXFLAGS)]" >> $cross + echo "c_link_args = [$(meson_quote $CFLAGS $LDFLAGS $EXTRA_CFLAGS $EXTRA_LDFLAGS)]" >> $cross + echo "cpp_link_args = [$(meson_quote $CXXFLAGS $LDFLAGS $EXTRA_CXXFLAGS $EXTRA_LDFLAGS)]" >> $cross echo "[binaries]" >> $cross echo "c = [$(meson_quote $cc $CPU_CFLAGS)]" >> $cross test -n "$cxx" && echo "cpp = [$(meson_quote $cxx $CPU_CFLAGS)]" >> $cross From de38c0cc796047c5df97672921901be7251ec23b Mon Sep 17 00:00:00 2001 From: Paolo Bonzini Date: Mon, 8 Nov 2021 08:58:23 +0100 Subject: [PATCH 09/10] configure: ignore preexisting QEMU_*FLAGS envvars User flags should be passed via CFLAGS/CXXFLAGS/LDFLAGS, or --extra-cflags/extra-cxxflags/--extra-ldflags on the command line. QEMU_CFLAGS, QEMU_CXXFLAGS and QEMU_LDFLAGS are reserved for flags detected by configure, so do not add to them and clear them at the beginning of the script. Reviewed-by: Thomas Huth Signed-off-by: Paolo Bonzini --- configure | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/configure b/configure index 9f1641e79c..89c1872c3b 100755 --- a/configure +++ b/configure @@ -158,7 +158,7 @@ update_cxxflags() { # Set QEMU_CXXFLAGS from QEMU_CFLAGS by filtering out those # options which some versions of GCC's C++ compiler complain about # because they only make sense for C programs. - QEMU_CXXFLAGS="$QEMU_CXXFLAGS -D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS" + QEMU_CXXFLAGS="-D__STDC_LIMIT_MACROS -D__STDC_CONSTANT_MACROS -D__STDC_FORMAT_MACROS" CONFIGURE_CXXFLAGS=$(echo "$CONFIGURE_CFLAGS" | sed s/-std=gnu11/-std=gnu++11/) for arg in $QEMU_CFLAGS; do case $arg in @@ -465,11 +465,13 @@ sdl2_config="${SDL2_CONFIG-${cross_prefix}sdl2-config}" # left shift of signed integers is well defined and has the expected # 2s-complement style results. (Both clang and gcc agree that it # provides these semantics.) -QEMU_CFLAGS="-fno-strict-aliasing -fno-common -fwrapv $QEMU_CFLAGS" +QEMU_CFLAGS="-fno-strict-aliasing -fno-common -fwrapv" QEMU_CFLAGS="-Wundef -Wwrite-strings -Wmissing-prototypes $QEMU_CFLAGS" QEMU_CFLAGS="-Wstrict-prototypes -Wredundant-decls $QEMU_CFLAGS" QEMU_CFLAGS="-D_GNU_SOURCE -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE $QEMU_CFLAGS" +QEMU_LDFLAGS= + # Flags that are needed during configure but later taken care of by Meson CONFIGURE_CFLAGS="-std=gnu11 -Wall" CONFIGURE_LDFLAGS= From 8b4ed0dabae559ebe1fd6f8eb54e1ec6000a0a7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Mon, 8 Nov 2021 09:31:29 +0100 Subject: [PATCH 10/10] ui/gtk-egl: Fix build failure when libgbm is not available MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Since commit 4872a023a59 ("ui/gtk-egl: guest fb texture needs to be regenerated when reinitializing egl") we get on Ubuntu 18.04.4 LTS and Debian Buster (oldstable): $ ../configure --enable-virglrenderer [...] ui/gtk-egl.c: In function 'gd_egl_refresh': ui/gtk-egl.c:159:13: error: implicit declaration of function 'egl_dmabuf_release_texture' [-Werror=implicit-function-declaration] 159 | egl_dmabuf_release_texture(vc->gfx.guest_fb.dmabuf); | ^~~~~~~~~~~~~~~~~~~~~~~~~~ ui/gtk-egl.c:159:13: error: this function declaration is not a prototype [-Werror,-Wstrict-prototypes] ui/gtk-egl.c:159:13: error: nested extern declaration of 'egl_dmabuf_release_texture' [-Werror=nested-externs] Fix by restricting the egl_dmabuf_release_texture() call to the availability of the generic buffer management library (libgbm). Fixes: 4872a023a593e6519b272a Cc: Dongwon Kim Cc: Vivek Kasireddy Reported-by: Laurent Vivier Reviewed-by: Mark Cave-Ayland Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Laurent Vivier Tested-by: Laurent Vivier Message-Id: <20211108083129.1262040-1-f4bug@amsat.org> Signed-off-by: Paolo Bonzini --- ui/gtk-egl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/ui/gtk-egl.c b/ui/gtk-egl.c index f2026e4b5c..45cb67712d 100644 --- a/ui/gtk-egl.c +++ b/ui/gtk-egl.c @@ -155,10 +155,12 @@ void gd_egl_refresh(DisplayChangeListener *dcl) surface_gl_destroy_texture(vc->gfx.gls, vc->gfx.ds); surface_gl_create_texture(vc->gfx.gls, vc->gfx.ds); } +#ifdef CONFIG_GBM if (vc->gfx.guest_fb.dmabuf) { egl_dmabuf_release_texture(vc->gfx.guest_fb.dmabuf); gd_egl_scanout_dmabuf(dcl, vc->gfx.guest_fb.dmabuf); } +#endif } graphic_hw_update(dcl->con);