Commit Graph

89451 Commits

Author SHA1 Message Date
Peter Maydell
287d53398a Chardev-related fixes
Hi
 
 Here are some bug fixes worthy for 6.1.
 
 thanks
 -----BEGIN PGP SIGNATURE-----
 
 iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmEL3vMcHG1hcmNhbmRy
 ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5fe7D/0U6k36kb02MePc2OIW
 OVYijYm4/LiJQ0Tae5yKhvcaG81+sXyjJa3MvU2lscHrLxFsT0Li2N8cDx8Tozfy
 ob2URg/Wd8sBllze4QSqLlMqpX5Fh7GsKjx+3d+RzFzKW3BE8ZUoxTsRH0f1imd3
 lZJmVbhvl5Bo65U0J5xp+VI4BZnEc9R/JHQOiUT+wnmwAbv4knjCz1LiW51LQvNP
 2A8cHhftN58ogm3yptSfD/5OHfFsn+16uhhTRtjuiro+9+zuVgBqxJSXENsDhzDU
 IuL5J9MHhnhSv6/QB4zuVCYZfBlMLB1CXo3bFLalSN5wCAkCxrFEozPVjj2f9gR+
 TrM1JxYK0CoAJZosHAlk1J+KGXZ4zs4Y3TyutFdLlhz9KYi4Xve3UYNQc8uK4jD8
 7eXbaxTS0b9T1LYZd7YNbyKYuUeZJSt9dwGEXdudZPhp2lRjJ/Bhhkx0RLdR8LTX
 qcpemc14AwMUh0zaUcXPuxCeWEJO8ffJyVzXY5j36tSIt5LMecDqJHEqv4ZjWgyz
 mc9AMHRDtzRx0WPV3vNHEEIioXKOqARmWuuUaW5hUDdWue3f1wuU81xoMEN92DKs
 LftUgetgdqD9vbobtoiYFI7qIjb4IaKKK5TCn6glq4Poyd2tErl/fcjkO60/IZPR
 bzDygkxX8thipWkxQhTVBaaHVA==
 =KDK+
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/marcandre/tags/chr-fix-pull-request' into staging

Chardev-related fixes

Hi

Here are some bug fixes worthy for 6.1.

thanks

# gpg: Signature made Thu 05 Aug 2021 13:52:03 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/marcandre/tags/chr-fix-pull-request:
  chardev: report a simpler error about duplicated id
  chardev: give some context on chardev-add error
  chardev: fix qemu_chr_open_fd() with fd_in==fd_out
  chardev: fix qemu_chr_open_fd() being called with fd=-1
  chardev: fix fd_chr_add_watch() when in != out
  chardev: mark explicitly first argument as poisoned
  chardev/socket: print a more correct command-line address
  util: fix abstract socket path copy

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-05 16:25:44 +01:00
Marc-André Lureau
a68403b0a6 chardev: report a simpler error about duplicated id
Report:
  "Chardev with id 'char2' already exists"
Rather than:
  "Failed to add chardev 'char2': duplicate yank instance"

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
64195b0d36 chardev: give some context on chardev-add error
Description from Daniel P. Berrangé:
> The original code reported:
>
>  "attempt to add duplicate property 'char2' to object (type 'container')"
>
> Since adding yank support, the current code reports
>
>  "duplicate yank instance"
>
> With this patch applied it now reports:
>
>  "Failed to add chardev 'char2': duplicate yank instance"
>
> This is marginally better, but still not great, not that the original
> error was great either.
>
> It would be nice if we could report
>
>   "chardev with id 'char2' already exists"

Related to:
https://bugzilla.redhat.com/show_bug.cgi?id=1984721

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
733ba02084 chardev: fix qemu_chr_open_fd() with fd_in==fd_out
The "serial" chardev calls qemu_chr_open_fd() with the same fd. This
may lead to double-close as each QIOChannel owns the fd.

Instead, share the reference to the same QIOChannel.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
46fe3ff6ea chardev: fix qemu_chr_open_fd() being called with fd=-1
The "file" chardev may call qemu_chr_open_fd() with fd_in=-1. This may
cause invalid system calls, as the QIOChannel is assumed to be properly
initialized later on.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
bb2b058f1a chardev: fix fd_chr_add_watch() when in != out
Create child sources for the different streams, and dispatch on the
parent source with the synthesized conditions.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
bf7b1eab25 chardev: mark explicitly first argument as poisoned
Since commit 9894dc0cdc "char: convert
from GIOChannel to QIOChannel", the first argument to the watch callback
can actually be a QIOChannel, which is not a GIOChannel (but a QEMU
Object).

Even though we never used that pointer, change the callback type to warn
the users. Possibly a better fix later, we may want to store the
callback and call it from intermediary functions.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-05 16:15:33 +04:00
Marc-André Lureau
30f80be34b chardev/socket: print a more correct command-line address
Better reflect the command line version of the socket address arguments,
following the now recommended long-form opt=on syntax.

Complement/fixes commit 9d902d51 "chardev: do not use short form boolean
options in non-QemuOpts character device descriptions".

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-08-04 23:23:31 +04:00
Marc-André Lureau
4cfd970ec1 util: fix abstract socket path copy
Commit 776b97d360 "qemu-sockets: add abstract UNIX domain socket
support" neglected to update socket_sockaddr_to_address_unix() and
copied the whole sun_path without taking "salen" into account.

Later, commit 3b14b4ec49 "sockets: Fix socket_sockaddr_to_address_unix()
for abstract sockets" handled the abstract UNIX path, by stripping the
leading \0 character and fixing address details, but didn't use salen
either.

Not taking "salen" into account may result in incorrect "path" being
returned in monitors commands, as we read past the address which is not
necessarily \0-terminated.

Fixes: 776b97d360
Fixes: 3b14b4ec49
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: xiaoqiang zhao <zxq_yx_007@163.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2021-08-04 23:23:31 +04:00
Peter Maydell
bccabb3a5d Update version for v6.1.0-rc2 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-04 16:56:14 +01:00
Peter Maydell
f17d05569a pc,pci: bugfixes
Small bugfixes all over the place.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmEJp+sPHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpKuoH/inLOUmbyv9dxQL88qIfKUtDoVYWV1TspaR9
 nswKltOZjLopLFZUMcfJsH5KxdM6CPM5d2/OQqMivKbwTxMSWQvfL+G/PdEqQ+Fb
 21zkd483B6RhuLDeamSD2DGQImlZlpCOEVxucHxrnhsD9PqDGdMX4aYj1kfNcXnj
 2X4apEPTMeeN8VAv0VgV6zXW1ksgAetVCKLuyktv6UerBT7yHAssGMPEX0j86TGX
 lg8nbtJ5LXMcCaY6vsBI/dSAhUmvilkvaIooTb7n604WgkUIHy1v7hDzACwZNyCP
 ZWDqz5oCtF7DIMKnHEzJlW7X7cxtmo151g4IVXBGYkuc+WXOVrU=
 =eYH0
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,pci: bugfixes

Small bugfixes all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 03 Aug 2021 21:32:43 BST
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  Drop _DSM 5 from expected DSDTs on ARM
  Revert "acpi/gpex: Inform os to keep firmware resource map"
  arm/acpi: allow DSDT changes
  acpi: x86: pcihp: add support hotplug on multifunction bridges
  hw/pcie-root-port: Fix hotplug for PCI devices requiring IO

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-04 13:53:38 +01:00
Peter Maydell
700d82c9bc SD/MMC patches queue
- sdcard: Fix assertion accessing out-of-range addresses
   with SEND_WRITE_PROT (CMD30)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmEJfvsACgkQ4+MsLN6t
 wN5eKRAA0dWxmsr4eZGHQababmorVWs46T1IXW+slmSQL781+KMBme0XiKS0o7y/
 +1TlL2KWyvx8davAnW2eVYbhwEo5j48gWWxSNPcvKj5gAy9Hd6/NOPTMT7XTHYNI
 zhhk1+Gjvrlg4KIoJoBECDBh/9fy/pmgENow3wnbkbDj55RQq6XT1us0ypVlWwCp
 ug57g3vyYDPTPNdzdgyQsikgiyLqsk2CVhet2c+1IuBrCwdA5ZgflsxNmAH+hsHX
 okHK8FreFKcyscj38vXP8tZi7GHj+hJE3EBL0Fz16gTWLkxONc3DYYxzhtvXRE8l
 ANSslmWNQw+TLverT+a/0I1QKFO27q7MoXBs08Wf4YdB3Pgsx+y9FXzuPMbauK5T
 Z8RNSKU3CoAtcOD1TOyItH0fZaaYuVcprsKLR6ZsSIs2rIoeUNfd7pUjxAs7rZvC
 fAbYJrFjxYlrSxZT+jEAMZFE4PzH8Hb/+NeOk8xfI5+uNdr2UgGvcZdXZQPfQEPK
 lRQSwoHOlPy+UYMzVwJP9YsRiUNcZr082cif3d7BBcymeJ//SFusdQSj5jktkszq
 Dn5SL6Up86UmU3QCMgtFURKavashUZ+SnBJ+GdJpXCz16sBfHY70gPpfDhm9+vOy
 pf/7S4fA64EHvV6rfVH6sqeqnV5YAc+1ubEHK5vP3w3FOzFJ06c=
 =EaXR
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd/tags/sdmmc-20210803' into staging

SD/MMC patches queue

- sdcard: Fix assertion accessing out-of-range addresses
  with SEND_WRITE_PROT (CMD30)

# gpg: Signature made Tue 03 Aug 2021 18:38:03 BST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd/tags/sdmmc-20210803:
  hw/sd/sdcard: Fix assertion accessing out-of-range addresses with CMD30
  hw/sd/sdcard: Document out-of-range addresses for SEND_WRITE_PROT

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-04 11:40:27 +01:00
Peter Maydell
ef6607edf0 Block layer patches
- Fix hang after request padding error (Windows + 512-on-4k emulation)
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAmEJVUoRHGt3b2xmQHJl
 ZGhhdC5jb20ACgkQfwmycsiPL9bTtw//bab1AYur6kTf9verEcdiUo9/9rfxKoz/
 Lf+W2MLEF/hYkXuGSuHRM/8/y7CHY34IDf/EeizNIfJo2zT29jY1kvUGzbFsCu04
 9R6RxnYnjULtDidtJc5FW9Hcx/nU+ymzXcc66MIOy0HcY/2ED4CbabP+SKEgEC9R
 tzFYqSjQRnSJCYD5q2siL9l4je0Of7pTw6glzxtA3l57T0HTffXuV1JHmiFstB/7
 QFYEyYXg/f/hLdvc5GlTmoS4q2Rcu0WvhZtoui3lLRedeu4FBYx5XLsZ5Ni4BT3j
 qde0Fn/rcRfwUvuS3WiWGV7ptSMPsro0/o6DKczFeQ1bF2o7kPBq0V44xLE3UW6W
 ZQszdD7d/DAYUucuxeWt9QDmkq24JGknjOWHxeaPu1hlO3+oG0QRckTLk6h3hz/a
 h20FlBLt59z/JGOTnHI/PDjMt69drIR/IOuJUeD25blRlgIqXJTdBPRfdx3GxD/M
 n6/YBAEoGxMl5TjrCu3HDwJxVQ2mihkjeruUynx/qoMHyRsxvZNcnP4V+t6PQiMe
 Iyrl8LbbGI5mTww+AcbEJVXU+5Sro4HlB9VrHD8VmxGhENGrKiPzfVEbdNPEKDtZ
 ToZgBkB5HYnPGaVmFjWVg0vyy3iInIj4ZagKR9iFCH3OKcz9moCe2tFzfJ7nXtJ3
 waeT1U/76Vo=
 =s3q9
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches

- Fix hang after request padding error (Windows + 512-on-4k emulation)

# gpg: Signature made Tue 03 Aug 2021 15:40:10 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  block: Fix in_flight leak in request padding error path

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-04 09:27:24 +01:00
Michael S. Tsirkin
62a4db5522 Drop _DSM 5 from expected DSDTs on ARM
diff -rup /tmp/old/tests/data/acpi/microvm/DSDT.pcie.dsl /tmp/new/tests/data/acpi/microvm/DSDT.pcie.dsl
--- /tmp/old/tests/data/acpi/microvm/DSDT.pcie.dsl	2021-08-03 16:22:52.289295442 -0400
+++ /tmp/new/tests/data/acpi/microvm/DSDT.pcie.dsl	2021-08-03 16:22:40.102286317 -0400
@@ -1302,14 +1302,9 @@ DefinitionBlock ("", "DSDT", 2, "BOCHS "
                     {
                         Return (Buffer (One)
                         {
-                             0x21                                             // !
+                             0x01                                             // .
                         })
                     }
-
-                    If ((Arg2 == 0x05))
-                    {
-                        Return (Zero)
-                    }
                 }

                 Return (Buffer (One)

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:32:35 -04:00
Michael S. Tsirkin
40c3472a29 Revert "acpi/gpex: Inform os to keep firmware resource map"
This reverts commit 0cf8882fd0.

Which this commit, with aarch64 when using efi PCI devices with IO ports
do not work.  The reason is that EFI creates I/O port mappings below
0x1000 (in fact, at 0). However Linux, for legacy reasons, does not
support I/O ports <= 0x1000 on PCI, so the I/O assignment created by EFI
is rejected.

EFI creates the mappings primarily for itself, and up until DSM #5
started to be enforced, all PCI resource allocations that existed at
boot were ignored by Linux and recreated from scratch.

Also, the commit in question looks dubious - it seems unlikely that
Linux would fail to create a resource tree. What does
happen is that BARs get moved around, which may cause trouble in some
cases: for instance, Linux had to add special code to the EFI framebuffer
driver to copy with framebuffer BARs being relocated.

DSM #5 has a long history of debate and misinterpretation.

Link: https://lore.kernel.org/r/20210724185234.GA2265457@roeck-us.net/
Fixes: 0cf8882fd0 ("acpi/gpex: Inform os to keep firmware resource map")
Reported-by: Guenter Roeck <linux@roeck-us.net>
Suggested-by: Ard Biesheuvel <ardb@kernel.org>
Acked-by: Ard Biesheuvel <ardb@kernel.org>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:32:34 -04:00
Michael S. Tsirkin
5cd4a8d4e5 arm/acpi: allow DSDT changes
We are going to commit ccee1a8140 ("acpi: Update _DSM method in expected files").
Allow changes to DSDT on ARM. Only configs with pci are
affected thus all virt variants but for microvm only the pcie variant.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:32:34 -04:00
Igor Mammedov
d7346e614f acpi: x86: pcihp: add support hotplug on multifunction bridges
Commit [1] switched PCI hotplug from native to ACPI one by default.

That however breaks hotplug on following CLI that used to work:
   -nodefaults -machine q35 \
   -device pcie-root-port,id=pcie-root-port-0,multifunction=on,bus=pcie.0,addr=0x1,chassis=1 \
   -device pcie-root-port,id=pcie-root-port-1,port=0x1,addr=0x1.0x1,bus=pcie.0,chassis=2

where PCI device is hotplugged to pcie-root-port-1 with error on guest side:

  ACPI BIOS Error (bug): Could not resolve symbol [^S0B.PCNT], AE_NOT_FOUND (20201113/psargs-330)
  ACPI Error: Aborting method \_SB.PCI0.PCNT due to previous error (AE_NOT_FOUND) (20201113/psparse-531)
  ACPI Error: Aborting method \_GPE._E01 due to previous error (AE_NOT_FOUND) (20201113/psparse-531)
  ACPI Error: AE_NOT_FOUND, while evaluating GPE method [_E01] (20201113/evgpe-515)

cause is that QEMU's ACPI hotplug never supported functions other then 0
and due to bug it was generating notification entries for not described
functions.

Technically there is no reason not to describe cold-plugged bridges
(root ports) on functions other then 0, as they similarly to bridge
on function 0 are unpluggable.

So since we need to describe multifunction devices iterate over
fuctions as well. But describe only cold-plugged bridges[root ports]
on functions other than 0 as well.

1)
Fixes: 17858a1695 (hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35)
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Reported-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20210723090424.2092226-1-imammedo@redhat.com>
Fixes: 17858a1695 (hw/acpi/ich9: Set ACPI PCI hot-plug as default on Q35)<br>
Signed-off-by: Igor Mammedov &lt;<a href="mailto:imammedo@redhat.com" target="_blank">imammedo@redhat.com</a>&gt;<br>
Reported-by: Laurent Vivier &lt;<a href="mailto:lvivier@redhat.com" target="_blank">lvivier@redhat.com</a>&gt;<br>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:31:07 -04:00
Marcel Apfelbaum
e2a6290aab hw/pcie-root-port: Fix hotplug for PCI devices requiring IO
Q35 has now ACPI hotplug enabled by default for PCI(e) devices.
As opposed to native PCIe hotplug, guests like Fedora 34
will not assign IO range to pcie-root-ports not supporting
native hotplug, resulting into a regression.

Reproduce by:
    qemu-bin -M q35 -device pcie-root-port,id=p1 -monitor stdio
    device_add e1000,bus=p1
In the Guest OS the respective pcie-root-port will have the IO range
disabled.

Fix it by setting the "reserve-io" hint capability of the
pcie-root-ports so the firmware will allocate the IO range instead.

Acked-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Marcel Apfelbaum <marcel@redhat.com>
Message-Id: <20210802090057.1709775-1-marcel@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-08-03 16:31:07 -04:00
Peter Maydell
cb2f4b8750 * Fixes for SIGILL and SIGFPE of the s390x linux-user target
-----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmEJRQ4RHHRodXRoQHJl
 ZGhhdC5jb20ACgkQLtnXdP5wLbU8XA/9H8uXt/S/I53oAJK9xL84cEm5qoRR6CNf
 gZAcczg/tIvPt+uRV7e39KyKhQRBCqR0mr+IP5tZ8dekB9qbj1k0nH6v6iSbhHs6
 MxKQ9QQ/9bDrgLSlIN+zerLzxzowtdR7b9x/YcifThqUOqL6rE7JJPrzL6Yykk+y
 cI/MU5AsZNeSNkWIDEBTFXScB1059bUzMgza9Gdao5ROnCbDrpE+SwRih27wntNQ
 sLrlDdGZzO62jl681YqYAbLSZYbE9nbv/oJ8wLeD7b937qWfovdQgF5Esf9mPaME
 oEFUCqP0SJ9/6HimVnQg7owV28twqVmPhhgvXO7H+BVj7AjiI1AbNUStnKSvdhV2
 8LVhzwxgf+ClVfetM4I60e6smMxTtpFHGDmsBQfOYkxnh1fMQVXyvmGztAvyc8MY
 LRbdV22nAkzKGdavTFlkj/GVVrf3h6F7hsdccPCBv8C6IEinhXO2E0k8Xznb6eky
 KUsNN2j0r36RbENpBbOCR4lmp+0jWVKYYcF2Do91ispTw1ta7DGvw4NrCFIbzQeo
 sejYElt6CRMfBuyZgg5zaQ8W9bxR4vrDpYfZ23Afj+JOaUoZuMctkXpvUyea6nhL
 5yq88jo13rbpobpLJ/ngDwIQXues6ru3DC4aE1t4ec0wA7pPaSApyaadQcZceEAE
 UTCUloOucAE=
 =1YMM
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-08-03' into staging

* Fixes for SIGILL and SIGFPE of the s390x linux-user target

# gpg: Signature made Tue 03 Aug 2021 14:30:54 BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/thuth-gitlab/tags/pull-request-2021-08-03:
  tests/tcg: Test that compare-and-trap raises SIGFPE
  linux-user/s390x: signal with SIGFPE on compare-and-trap
  target/s390x: Fix SIGILL and SIGFPE psw.addr reporting

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-03 19:50:43 +01:00
Philippe Mathieu-Daudé
4ac0b72bae hw/sd/sdcard: Fix assertion accessing out-of-range addresses with CMD30
OSS-Fuzz found sending illegal addresses when querying the write
protection bits triggers the assertion added in commit 84816fb63e
("hw/sd/sdcard: Assert if accessing an illegal group"):

  qemu-fuzz-i386-target-generic-fuzz-sdhci-v3: ../hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t):
  Assertion `wpnum < sd->wpgrps_size' failed.
  #3 0x7f62a8b22c91 in __assert_fail
  #4 0x5569adcec405 in sd_wpbits hw/sd/sd.c:824:9
  #5 0x5569adce5f6d in sd_normal_command hw/sd/sd.c:1389:38
  #6 0x5569adce3870 in sd_do_command hw/sd/sd.c:1737:17
  #7 0x5569adcf1566 in sdbus_do_command hw/sd/core.c💯16
  #8 0x5569adcfc192 in sdhci_send_command hw/sd/sdhci.c:337:12
  #9 0x5569adcfa3a3 in sdhci_write hw/sd/sdhci.c:1186:9
  #10 0x5569adfb3447 in memory_region_write_accessor softmmu/memory.c:492:5

It is legal for the CMD30 to query for out-of-range addresses.
Such invalid addresses are simply ignored in the response (write
protection bits set to 0).

In commit 84816fb63e ("hw/sd/sdcard: Assert if accessing an illegal
group") we misplaced the assertion *before* we test the address is
in range. Move it *after*.

Include the qtest reproducer provided by Alexander Bulekov:

  $ make check-qtest-i386
  ...
  Running test qtest-i386/fuzz-sdcard-test
  qemu-system-i386: ../hw/sd/sd.c:824: sd_wpbits: Assertion `wpnum < sd->wpgrps_size' failed.

Cc: qemu-stable@nongnu.org
Reported-by: OSS-Fuzz (Issue 29225)
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: 84816fb63e ("hw/sd/sdcard: Assert if accessing an illegal group")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/495
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210802235524.3417739-3-f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
2021-08-03 19:34:51 +02:00
Philippe Mathieu-Daudé
2a0396285d hw/sd/sdcard: Document out-of-range addresses for SEND_WRITE_PROT
Per the 'Physical Layer Simplified Specification Version 3.01',
Table 4-22: 'Block Oriented Write Protection Commands'

  SEND_WRITE_PROT (CMD30)

  If the card provides write protection features, this command asks
  the card to send the status of the write protection bits [1].

  [1] 32 write protection bits (representing 32 write protect groups
  starting at the specified address) [...]
  The last (least significant) bit of the protection bits corresponds
  to the first addressed group. If the addresses of the last groups
  are outside the valid range, then the corresponding write protection
  bits shall be set to 0.

Split the if() statement (without changing the behaviour of the code)
to better position the description comment.

Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210802235524.3417739-2-f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
2021-08-03 19:34:00 +02:00
Peter Maydell
2cd9e2bd09 Update libslirp
Hi,
 
 v4:
  - drop subproject patch
  - fix OSX linking issue
 
 v3:
  - rebased
  - (checked compilation with P. Maydell extra-cflags reported failure & gitlab CI)
 
 v2:
  - fix unused variables on macos
  - fork_exec_child_setup: improve signal handling
 -----BEGIN PGP SIGNATURE-----
 
 iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmEJUAMcHG1hcmNhbmRy
 ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5TI3D/0TwPcmvCQ6CuOUvqC0
 LjO/hfORv6HT2t1FKPstmIY00kbtdto0OVmZlxbVLkCa9/TFm8JdzLcUe6nDl8kj
 p1ZHu4QOpQX8q29D+HPof11LuOzG26LZFWWLzyYnCvqRA/IuC49afoQmTF+vRmFP
 CvU5auW5Sx76PadM2K/2LUQ0yo17jX0tuNUx+MTdU/y0bMvoOikvFnUKw8F7nlSr
 9Rq3ec7gaL29TEc1X/JhS6S2atOctJkEUHy+VyDyOQvl+Dgm0NSoXhA24k9SaIx5
 4DM0dcrf71cUELG91sFLAb6U4SJwcsr8Gkg7NrRa4hkg/8kel2NvF+57rTGyEHyS
 RFc+Xw58lNLxFZQ9VTpUgg2P+0wbUVy5u4/2mhwKs3cvxFRJSZlPUyApLye5HQMp
 sFG+cSgWZI5/bHnibi95q5LNZT0ISg6vpiI36YF0Pp6D0qdMVoirpqUdZri5nJGh
 Fw2XV14gdg0P6O6qd1PjqAkDvp3gPz0KwA4jwNzn7rlu46TJCrU0Dcl9Yl20xk1Z
 Z8dhIg66JtdyI9yGmkKixKmb0CaK+JCKkw5dMqw9QVjKKFGcnWECQkP1+azjehPE
 XRoymG+WjZ+kSMBz7tO2FbD7p7wW+S/JqKW5hs/Cfj1uZR8Jsl9rXn3F3WyZ7yUk
 wXD6II3nlQPomgzq07zKhrbk8g==
 =6lw9
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/elmarco/tags/libslirp-pull-request' into staging

Update libslirp

Hi,

v4:
 - drop subproject patch
 - fix OSX linking issue

v3:
 - rebased
 - (checked compilation with P. Maydell extra-cflags reported failure & gitlab CI)

v2:
 - fix unused variables on macos
 - fork_exec_child_setup: improve signal handling

# gpg: Signature made Tue 03 Aug 2021 15:17:39 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/elmarco/tags/libslirp-pull-request:
  Update libslirp to v4.6.1

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-03 17:50:29 +01:00
Peter Maydell
acf8200722 qemu-ga patch queue for hard-freeze
* w32: Fix missing/incorrect DLLs in MSI installer
 * w32: Fix memory leaks in guest-get-osinfo/guest-get-fsinfo
 * w32: Increase timeout for guest-fsfreeze-freeze
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEzqzJ4VU066u4LT+gM1PJzvEItYQFAmEJMesACgkQM1PJzvEI
 tYTjxgf/Rf+mMm/O3vMQ1AjiARHS2a7oY0jr8WknisgPwkfwWtAX/VegiPLy2tHS
 5POLnisuTGlCcLJFOeV2xyq5GUM72G1f5U+F0qeFpG6YzYU/xZSfbC5OMX53nRC3
 ZQD8NqT/ZmR6vp+SkInoX14moOnxoGDifb/qin1rJrOqCfSeCgIRdb95q9jzAhaw
 xJj9eRE87jVI2qlDhZL2ewSuhh+HAGkS438mEBXgARz2gMdDmlePVPttD7UkP7Um
 BiSCENaqe7eI1C3/sN+X/vZhl0CLQt2BDALDxNUG/VHxAXnSqmran/Jr83gn/cwz
 EAc4ue+9KMUADbrTek0YYSEXTbpBRQ==
 =Dz96
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mdroth/tags/qga-pull-2021-08-03-pull-tag' into staging

qemu-ga patch queue for hard-freeze

* w32: Fix missing/incorrect DLLs in MSI installer
* w32: Fix memory leaks in guest-get-osinfo/guest-get-fsinfo
* w32: Increase timeout for guest-fsfreeze-freeze

# gpg: Signature made Tue 03 Aug 2021 13:09:15 BST
# gpg:                using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584
# gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full]
# gpg:                 aka "Michael Roth <mdroth@utexas.edu>" [full]
# gpg:                 aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full]
# Primary key fingerprint: CEAC C9E1 5534 EBAB B82D  3FA0 3353 C9CE F108 B584

* remotes/mdroth/tags/qga-pull-2021-08-03-pull-tag:
  qga-win/msi: fix missing libstdc++-6 DLL in MSI installer
  qemu-ga/msi: fix w32 libgcc name
  qga-win: Free GMatchInfo properly
  qga-win: Fix handle leak in ga_get_win_product_name()
  qga-win: Fix build_guest_fsinfo() close of nonexistent
  qga-win: Increase VSS freeze timeout to 60 secs instead of 10

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-03 14:48:57 +01:00
Kevin Wolf
87ab880252 block: Fix in_flight leak in request padding error path
When bdrv_pad_request() fails in bdrv_co_preadv_part(), bs->in_flight
has been increased, but is never decreased again. This leads to a hang
when trying to drain the block node.

This bug was observed with Windows guests which issue a request that
fully uses IOV_MAX during installation, so that when padding is
necessary (O_DIRECT with a 4k sector size block device on the host),
adding another entry causes failure.

Call bdrv_dec_in_flight() to fix this. There is a larger problem to
solve here because this request shouldn't even fail, but Windows doesn't
seem to care and with this minimal fix the installation succeeds. So
given that we're already in freeze, let's take this minimal fix for 6.1.

Fixes: 98ca45494f
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1972079
Reported-by: Qing Wang <qinwang@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210727154923.91067-1-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-08-03 15:43:30 +02:00
Jonathan Albrecht
50e36dd616 tests/tcg: Test that compare-and-trap raises SIGFPE
Signed-off-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com>
Message-Id: <20210709160459.4962-3-jonathan.albrecht@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:38 +02:00
Jonathan Albrecht
ccb5f2708f linux-user/s390x: signal with SIGFPE on compare-and-trap
Currently when a compare-and-trap instruction is executed, qemu will
always raise a SIGILL signal. On real hardware, a SIGFPE is raised.

Change the PGM_DATA case in cpu_loop to follow the behavior in
linux kernel /arch/s390/kernel/traps.c.
 * Only raise SIGILL if DXC == 0
 * If DXC matches a non-simulated IEEE exception, raise SIGFPE with
   correct si_code
 * Raise SIGFPE with si_code == 0 for everything else

When applied on 20210705210434.45824-2-iii@linux.ibm.com, this fixes
crashes in the java jdk such as the linked bug.

Signed-off-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Buglink: https://bugs.launchpad.net/qemu/+bug/1920913
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/319
Message-Id: <20210709160459.4962-2-jonathan.albrecht@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:38 +02:00
Ilya Leoshkevich
54ba2161d8 target/s390x: Fix SIGILL and SIGFPE psw.addr reporting
For SIGILL, SIGFPE and SIGTRAP the PSW must point after the
instruction, and at the instruction for other signals. Currently under
qemu-user for SIGFILL and SIGFPE it points at the instruction.

Fix by advancing psw.addr for these signals.

Co-developed-by: Ulrich Weigand <ulrich.weigand@de.ibm.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/319
Message-Id: <20210705210434.45824-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:32 +02:00
Marc-André Lureau
43f547b73d Update libslirp to v4.6.1
Switch from stable-4.2 branch to upstream v4.6.1 release + fixes.

## [Unreleased]

### Fixed

 - Haiku fixes. !98 !99
 - Fix a minor DHCP regression introduced in 4.6.0. !97

## [4.6.1] - 2021-06-18

### Fixed

 - Fix DHCP regression introduced in 4.6.0. !95

## [4.6.0] - 2021-06-14

### Added

 - mbuf: Add debugging helpers for allocation. !90

### Changed

 -  Revert "Set macOS deployment target to macOS 10.4". !93

### Fixed

 - mtod()-related buffer overflows (CVE-2021-3592 #44, CVE-2021-3593 #45,
   CVE-2021-3594 #47, CVE-2021-3595 #46).
 - poll_fd: add missing fd registration for UDP and ICMP
 - ncsi: make ncsi_calculate_checksum work with unaligned data. !89
 - Various typos and doc fixes. !88

## [4.5.0] - 2021-05-18

### Added

 - IPv6 forwarding. !62 !75 !77
 - slirp_neighbor_info() to dump the ARP/NDP tables. !71

### Changed

 - Lazy guest address resolution for IPv6. !81
 - Improve signal handling when spawning a child. !61
 - Set macOS deployment target to macOS 10.4. !72
 - slirp_add_hostfwd: Ensure all error paths set errno. !80
 - More API documentation.

### Fixed

 - Assertion failure on unspecified IPv6 address. !86
 - Disable polling for PRI on MacOS, fixing some closing streams issues. !73
 - Various memory leak fixes on fastq/batchq. !68
 - Memory leak on IPv6 fast-send. !67
 - Slow socket response on Windows. !64
 - Misc build and code cleanups. !60 !63 !76 !79 !84

## [4.4.0] - 2020-12-02

### Added

 - udp, udp6, icmp: handle TTL value. !48
 - Enable forwarding ICMP errors. !49
 - Add DNS resolving for iOS. !54

### Changed

 - Improve meson subproject() support. !53
 - Removed Makefile-based build system. !56

### Fixed

 - socket: consume empty packets. !55
 - check pkt_len before reading protocol header (CVE-2020-29129). !57
 - ip_stripoptions use memmove (fixes undefined behaviour). !47
 - various Coverity-related changes/fixes.

## [4.3.1] - 2020-07-08

### Changed

 - A silent truncation could occur in `slirp_fmt()`, which will now print a
   critical message. See also #22.

### Fixed

 - CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data leakage.
   See !44 and !42.
 - Fix win32 builds by using the SLIRP_PACKED definition.
 - Various coverity scan errors fixed. !41
 - Fix new GCC warnings. !43

## [4.3.0] - 2020-04-22

### Added

 - `SLIRP_VERSION_STRING` macro, with the git sha suffix when building from git
 - `SlirpConfig.disable_dns`, to disable DNS redirection #16

### Changed

 - `slirp_version_string()` now has the git sha suffix when building form git
 - Limit DNS redirection to port 53 #16

### Fixed

 - Fix build regression with mingw & NetBSD
 - Fix use-afte-free in `ip_reass()` (CVE-2020-1983)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Doug Evans <dje@google.com>
2021-08-03 16:07:22 +04:00
Michael Roth
e300858ed4 qga-win/msi: fix missing libstdc++-6 DLL in MSI installer
libstdc++ is required for the qga-vss.dll that provides fsfreeze
functionality. Currently it is not provided by the MSI installer,
resulting in fsfreeze being disabled in guest environments where it has
not been installed by other means.

In the future this would be better handled via gcc-cpp ComponentGroup
provided by msitools, but that would be better handled with a general
rework of DLL dependency handling in the installer build. Keep it
simple for now to fix this regression.

Tested with Fedora 34 mingw build environment.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Kostiantyn Kostiuk <konstantin@daynix.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-03 07:01:36 -05:00
Gerd Hoffmann
5f2a8b1fc1 qemu-ga/msi: fix w32 libgcc name
This is what I find on my Fedora 34 mingw install.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:20:01 -05:00
Kostiantyn Kostiuk
24328b7a83 qga-win: Free GMatchInfo properly
The g_regex_match function creates match_info even if it
returns FALSE. So we should always call g_match_info_free.
A better solution is using g_autoptr for match_info variable.

Signed-off-by: Kostiantyn Kostiuk <konstantin@daynix.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Basil Salman
ce72f11274 qga-win: Fix handle leak in ga_get_win_product_name()
In ga_get_win_product_name() a handle to Registry key was open but not
closed.

In this patch the handle is closed as part of the free routine.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1929144

Signed-off-by: Basil Salman <basil@daynix.com>
Signed-off-by: Basil Salman <bsalman@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Basil Salman
02ac3f4b95 qga-win: Fix build_guest_fsinfo() close of nonexistent
On the current error path of build_guest_fsinfo(), a non existent handle
is passed to CloseHandle().

This patch adds initialization of hLocalDiskHandle to
INVALID_HANDLE_VALUE, and checks for handle validity before the handle
is closed.

Signed-off-by: Basil Salman <basil@daynix.com>
Signed-off-by: Basil Salman <basil@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Basil Salman
3d98f9b68d qga-win: Increase VSS freeze timeout to 60 secs instead of 10
Currently Requester freeze times out after 10 seconds, while
the default timeout for Writer Freeze is 60 seconds. according to
VSS Documentation [1].
[1]: https://docs.microsoft.com/en-us/windows/win32/vss/overview-of-processing-a-backup-under-vss

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1909073

Signed-off-by: Basil Salman <bsalman@daynix.com>
Signed-off-by: Basil Salman <basil@daynix.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Peter Maydell
7f1cab9c62 Fix for smp-opts in configuration file.
Update Coverity model to what's currently uploaded.
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmEHw7EUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroPIHwf+OOr857Wkn70dckPGG5MOejR+eATn
 WXdkb6J9mo953fhiEH3/7tgyAEwh3qHHxCKwJQdY5beTXu2h5fC2WyNadqTBi2ol
 PnT9T05beFAqyq0SsmMH/0hHNVOO/rPp2FjFce7+8FinW+oqvI9NVkJtjiBdReQw
 K8ychTJet0UxvQgL755ujT3CcB7q4W3fbPg/a86K14hQndRsjyHiqYb96oNOnHgo
 vkfI1kA0ljX2A59+nkUzQZwZ00P/6bpk/tXVgLcHWQQHUS+QLMHu+HdvdySeK5mt
 7fjEZnELF640YnIHtF8QKgXf1MS0wE4VGL9AmHjCV1zsm7JPiI8sdp2AzQ==
 =ScAY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

Fix for smp-opts in configuration file.
Update Coverity model to what's currently uploaded.

# gpg: Signature made Mon 02 Aug 2021 11:06:41 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream:
  coverity-model: write models fully for non-array allocation functions
  coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL
  coverity-model: clean up the models for array allocation functions
  coverity-model: remove model for more allocation functions
  coverity-model: make g_free a synonym of free
  coverity-model: update address_space_read/write models
  vl: stop recording -smp in QemuOpts
  vl: introduce machine_merge_property

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-02 17:21:50 +01:00
Peter Maydell
526f1f3a5c target-arm queue:
* Add documentation of Arm 'mainstone', 'kzm', 'imx25-pdk' boards
  * MAINTAINERS: Don't list Andrzej Zaborowski for various components
  * docs: Remove stale TODO comments about license and version
  * docs: Move licence/copyright from HTML output to rST comments
  * docs: Format literal text correctly
  * hw/arm/boot: Report error if there is no fw_cfg device in the machine
  * docs: rSTify barrier.txt and bootindex.txt
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmEH3asZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3i1EEACwXfeHLiGtaSB9VpAHPLQq
 euUAhLO44aKyg2ZC6OmMhobyW5YtsWMgtMs0kEdcXLLpjzbVBvJOzLN2ZvaqbVRn
 bKT6JSE1ez5264LZHLSKwL7QzYiBjYe9ie1L1BT1bUzfyxuOVIZIQjbe71Wkd94f
 itcYg5cpqvd0mhXCh3aoSaFUGitEK1AV4Sp/rwVfM5CBTX832pwPFhtzItOqOxMG
 EOwNkw41qwPh7d06QNEYqICsRxwA9olAybbZJLd4hw/ilLYDPmMQtsD7nAqT47pw
 KFa+WvQNHytPn5VFM67W9s02DB25LeqThctL+pwRi1qeJGavEl0P+0Hh227WTzK5
 VMi9AnTvq+WjkKCUknS5/DukjueQXm6ltsQwXh9wC/ebvRUUg4AAmUNfxdVFFC0L
 Anp5Vq8KAY/MLudYggjeI6qwhKNU/6aDob3BdD+x7/vK1qZK5+cNF/JxzW08JYsI
 n6FR2nYZCowWgKEbnid8qVkaCQGCkOsMl7xwMmHPZkBMNFhD+3CoWRbb6t444E39
 shCsIUAfWlQxb8Xgql/KRHHTv86fuyQtCFA/QAN4a7Zc5bYld++UL8UKQIKDaLeT
 ++xGswoyALw3khJ+1jMLBRELojmUZPlWTkEqwK78KsxCpktQ6hJ6zyt0hKy4hlaQ
 SuRUnUCF4Fvbm+x3EHVnIw==
 =dwM4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210802' into staging

target-arm queue:
 * Add documentation of Arm 'mainstone', 'kzm', 'imx25-pdk' boards
 * MAINTAINERS: Don't list Andrzej Zaborowski for various components
 * docs: Remove stale TODO comments about license and version
 * docs: Move licence/copyright from HTML output to rST comments
 * docs: Format literal text correctly
 * hw/arm/boot: Report error if there is no fw_cfg device in the machine
 * docs: rSTify barrier.txt and bootindex.txt

# gpg: Signature made Mon 02 Aug 2021 12:57:31 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210802: (21 commits)
  docs: Move user-facing barrier docs into system manual
  ui/input-barrier: Move TODOs from barrier.txt to a comment
  docs: Move the protocol part of barrier.txt into interop
  docs: Move bootindex.txt into system section and rstify
  hw/arm/boot: Report error if there is no fw_cfg device in the machine
  docs/tools/virtiofsd.rst: Delete stray backtick
  docs/about/removed-features: Fix markup error
  docs: Format literals correctly
  docs/system/arm/cpu-features.rst: Format literals correctly
  docs/system/s390x/protvirt.rst: Format literals correctly
  docs/devel: Format literals correctly
  docs/devel/migration.rst: Format literals correctly
  docs/devel/ebpf_rss.rst: Format literals correctly
  docs/devel/build-system.rst: Correct typo in example code
  docs/devel/build-system.rst: Format literals correctly
  docs: Move licence/copyright from HTML output to rST comments
  docs: Remove stale TODO comments about license and version
  MAINTAINERS: Don't list Andrzej Zaborowski for various components
  docs: Add documentation of Arm 'imx25-pdk' board
  docs: Add documentation of Arm 'kzm' board
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-02 12:59:00 +01:00
Peter Maydell
4a64939db7 docs: Move user-facing barrier docs into system manual
The remaining text in docs/barrier.txt is user-facing description
of what the device is and how to use it. Move this into the
system manual and rstify it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210727204112.12579-4-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
399a04775e ui/input-barrier: Move TODOs from barrier.txt to a comment
docs/barrier.txt has a couple of TODO notes about things to be
implemented in this device; move them into a comment in the
source code.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210727204112.12579-3-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
6cb02f1522 docs: Move the protocol part of barrier.txt into interop
Most of docs/barrier.txt is describing the protocol implemented
by the input-barrier device. Move this into the interop
section of the manual, and rstify it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-id: 20210727204112.12579-2-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
bd77bc8b89 docs: Move bootindex.txt into system section and rstify
Move bootindex.txt into the system section of the manual and turn it
into rST format.  To make the document make more sense in the context
of the system manual, expand the title and introductory paragraphs to
give more context.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20210727194955.7764-1-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
dae257394a hw/arm/boot: Report error if there is no fw_cfg device in the machine
If the user provides both a BIOS/firmware image and also a guest
kernel filename, arm_setup_firmware_boot() will pass the
kernel image to the firmware via the fw_cfg device. However we
weren't checking whether there really was a fw_cfg device present,
and if there wasn't we would crash.

This crash can be provoked with a command line such as
 qemu-system-aarch64 -M raspi3 -kernel /dev/null -bios /dev/null -display none

It is currently only possible on the raspi3 machine, because unless
the machine sets info->firmware_loaded we won't call
arm_setup_firmware_boot(), and the only machines which set that are:
 * virt (has a fw-cfg device)
 * sbsa-ref (checks itself for kernel_filename && firmware_loaded)
 * raspi3 (crashes)

But this is an unfortunate beartrap to leave for future machine
model implementors, so we should handle this situation in boot.c.

Check in arm_setup_firmware_boot() whether the fw-cfg device exists
before trying to load files into it, and if it doesn't exist then
exit with a hopefully helpful error message.

Because we now handle this check in a machine-agnostic way, we
can remove the check from sbsa-ref.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/503
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210726163351.32086-1-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
4d6646c7de docs/tools/virtiofsd.rst: Delete stray backtick
The documentation of the posix_acl option has a stray backtick
at the end of the text (which is rendered literally into the HTML).
Delete it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20210726142338.31872-11-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
1662ea9f4b docs/about/removed-features: Fix markup error
The section describing the removed feature "-usbdevice ccid" had a
typo so the markup started with single backtick and ended with double
backtick; fix it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-10-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
6df743dc31 docs: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

This commit fixes various places in the manual which were
using single backticks when double backticks (for literal text)
were intended, and covers those files where only one or two
instances of these errors were made.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-08-02 11:42:38 +01:00
Peter Maydell
8a48a7c2e0 docs/system/arm/cpu-features.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

To format a literal (generally rendered as fixed-width font),
double-backticks are required.

cpu-features.rst consistently uses single backticks when double backticks
are required; correct it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-8-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
9c372ecfec docs/system/s390x/protvirt.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

To format a literal (generally rendered as fixed-width font),
double-backticks are required.

protvirt.rst consistently uses single backticks when double backticks
are required; correct it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20210726142338.31872-7-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
1e235edab8 docs/devel: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

Fix various places in the devel section of the manual which were
using single backticks when double backticks (for literal text)
were intended.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-6-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
4df3a7bf8f docs/devel/migration.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

To format a literal (generally rendered as fixed-width font),
double-backticks are required.

Mostly migration.rst gets this right, but some places incorrectly use
single backticks where double backticks were intended; correct them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20210726142338.31872-5-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
f0d7b970ac docs/devel/ebpf_rss.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

To format a literal (generally rendered as fixed-width font),
double-backticks are required.

ebpf_rss.rst gets this wrong in a few places; correct them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-4-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
d463f3c79a docs/devel/build-system.rst: Correct typo in example code
One of the example meson.build fragments incorrectly quotes some
symbols as 'CONFIG_FOO`; the correct syntax here is 'CONFIG_FOO'.
(This isn't a rST formatting mistake because the example is displayed
literally; it's just the wrong kind of quote.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-3-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00