Commit Graph

92149 Commits

Author SHA1 Message Date
Maxim Levitsky
fd2ddd1689 kvm: add support for KVM_GUESTDBG_BLOCKIRQ
Use the KVM_GUESTDBG_BLOCKIRQ debug flag if supported.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Extracted from Maxim's patch into a separate commit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211111110604.207376-6-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Maxim Levitsky
12bc5b4cd5 gdbstub, kvm: let KVM report supported singlestep flags
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Extracted from Maxim's patch into a separate commit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211111110604.207376-5-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Maxim Levitsky
ecd39d620b gdbstub: reject unsupported flags in handle_set_qemu_sstep
handle_query_qemu_sstepbits is reporting NOIRQ and NOTIMER bits
even if they are not supported (as is the case with record/replay).
Instead, store the supported singlestep flags and reject
any unsupported bits in handle_set_qemu_sstep.  This removes
the need for the get_sstep_flags() wrapper.

While at it, move the variables in GDBState, instead of using
global variables.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Extracted from Maxim's patch into a separate commit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211111110604.207376-4-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Paolo Bonzini
43709a0ca3 linux-headers: update to 5.16-rc1
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211111110604.207376-3-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Paolo Bonzini
a4663f1a55 virtio-gpu: do not byteswap padding
In Linux 5.16, the padding of struct virtio_gpu_ctrl_hdr has become a
single-byte field followed by a uint8_t[3] array of padding bytes,
and virtio_gpu_ctrl_hdr_bswap does not compile anymore.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211111110604.207376-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-12-10 09:47:18 +01:00
Stefan Hajnoczi
cf4fbc3030 block/nvme: fix infinite loop in nvme_free_req_queue_cb()
When the request free list is exhausted the coroutine waits on
q->free_req_queue for the next free request. Whenever a request is
completed a BH is scheduled to invoke nvme_free_req_queue_cb() and wake
up waiting coroutines.

1. nvme_get_free_req() waits for a free request:

    while (q->free_req_head == -1) {
        ...
            trace_nvme_free_req_queue_wait(q->s, q->index);
            qemu_co_queue_wait(&q->free_req_queue, &q->lock);
        ...
    }

2. nvme_free_req_queue_cb() wakes up the coroutine:

    while (qemu_co_enter_next(&q->free_req_queue, &q->lock)) {
       ^--- infinite loop when free_req_head == -1
    }

nvme_free_req_queue_cb() and the coroutine form an infinite loop when
q->free_req_head == -1. Fix this by checking q->free_req_head in
nvme_free_req_queue_cb(). If the free request list is exhausted, don't
wake waiting coroutines. Eventually an in-flight request will complete
and the BH will be scheduled again, guaranteeing forward progress.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211208152246.244585-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-09 09:19:49 +00:00
Richard Henderson
a3607def89 Update version for v6.2.0-rc4 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-07 17:51:38 -08:00
Richard Henderson
a216e7cf11 target-arm queue:
* Fix calculation of ICH_MISR_EL2.LRENP to avoid incorrect generation
    of maintenance interrupts
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmGvl3oZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3v7QEACV56kO/+fNnQnfmxYZL+8V
 bICn6UWpioQk7vw0Btx6IkdziKJFAwb6fWY/tRPsUalwhmLX9b1EhwnvyUosnNfe
 1TfKdByB5IJY/Jbul5rCKM5N68k+sySns+j840/XtFummKnGYvJ3vzq7D1eW7tKA
 tQjpkMC7NcOgSHG4aIprC7kW0XUzE4TGXuDci+Cit8sMwCVE98J78LrhxCcpo4u2
 bSEkvPtHJpP0/tiB/TesXUOlP7srhg1iBlk+j+ffkKHcCcX9bEUrOLCF6r2fHsjo
 MYX+mOtSGhcc0Vp4+7tJ2/h6at2DfAF7JWxilKBJoTGXnj4XEapIXIaPJP5niTyC
 z+JGiyVD8IkR27HJ8GDk8dkGn98MgtB6iMqBL61eNpPq6SH5eM5w/ys5WYVW7sHK
 6wJ+K/ecTWxAm4ykknO17dCYtGXyLko/+5xua2XcDZvdlxSxCXr8g89feXbD5eki
 MnfhhblVQ/DsZdDieL0fykNsVqhae6U9IK6YwvZxm1mlJVkF2dnwV6+UdenAyMi0
 TGphr2pR8u+/vnG1UKOnD9YLf1gikhrmarM5vl2Jb4/eLHFwhEkAuW5immBuHb4Y
 pcijbEH3gQQBd843Hv8e8ogBj73Y/k56qTgbDSvvlS2cYCsCa0g0Manm0cDxaInF
 43nubUH2syrRyAEUMQSecA==
 =4xrR
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20211207' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * Fix calculation of ICH_MISR_EL2.LRENP to avoid incorrect generation
   of maintenance interrupts

# gpg: Signature made Tue 07 Dec 2021 09:18:50 AM PST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20211207' of https://git.linaro.org/people/pmaydell/qemu-arm:
  gicv3: fix ICH_MISR's LRENP computation

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-07 09:28:11 -08:00
Damien Hedde
2958e5150d gicv3: fix ICH_MISR's LRENP computation
According to the "Arm Generic Interrupt Controller Architecture
Specification GIC architecture version 3 and 4" (version G: page 345
for aarch64 or 509 for aarch32):
LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and
ICH_HCR.EOIcount is non-zero.

When only LRENPIE was set (and EOI count was zero), the LRENP bit was
wrongly set and MISR value was wrong.

As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE,
the maintenance interrupt was constantly fired. It happens since patch
9cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1")
which fixed another bug about maintenance interrupt (most significant
bits of misr, including this one, were ignored in the interrupt trigger).

Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers")
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-07 15:30:08 +00:00
Richard Henderson
92ac58e34c Fix stack spills for arm neon.
-----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmGvcNUdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/Frgf8CCasn2VfHSZxUHVe
 8Uc9vLeIVCht9kP3uP5GrRsyKljsyubQSf0ADSBuslLwZN5Nw9fElXiWoqW0jbOv
 hKJLEyhaUB02u0tGCIOvuAL4/cYBt0d9MWafqLrn5G43E9PjBAZiwQl0SxJkr5ju
 b2oKkvBFohy2x3W89pfw/Dbw3BoDWJe6d0Ky5R9UuVyXKLT8em/Ftr/J3+AGZh47
 h3S6LVrryvrd8olhnT4oZGRAq/Nm7eWMHyNfX+8cgxze0ov8mO4wqdipBIpVidgP
 2RYjZVesecOOJuoyiy7O1ef62n18Df8pGHooRfvCRGG895dRbp6vyOdpGOF78m6J
 j7GiSg==
 =LmtK
 -----END PGP SIGNATURE-----

Merge tag 'pull-tcg-20211207' of https://gitlab.com/rth7680/qemu into staging

Fix stack spills for arm neon.

# gpg: Signature made Tue 07 Dec 2021 06:33:57 AM PST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-tcg-20211207' of https://gitlab.com/rth7680/qemu:
  tcg/arm: Reduce vector alignment requirement for NEON

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-07 06:40:14 -08:00
Richard Henderson
b9537d5904 tcg/arm: Reduce vector alignment requirement for NEON
With arm32, the ABI gives us 8-byte alignment for the stack.
While it's possible to realign the stack to provide 16-byte alignment,
it's far easier to simply not encode 16-byte alignment in the
VLD1 and VST1 instructions that we emit.

Remove the assertion in temp_allocate_frame, limit natural alignment
to the provided stack alignment, and add a comment.

Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1999878
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210912174925.200132-1-richard.henderson@linaro.org>
Message-Id: <20211206191335.230683-2-richard.henderson@linaro.org>
2021-12-07 06:32:09 -08:00
Richard Henderson
7635eff971 Pull request
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmGuK9cACgkQnKSrs4Gr
 c8gr7gf9Fe6WZ85sbefQcsOvqc6AKcmiC1dhQ9qsdT4Y22Ft8BneiVHPflkpYExP
 12n4DB8QIasU/j3RognHNdsh/SYV07TfsVBNJHrO3Z2f83HrfDd3BhUV2DnJgul0
 AjriZvwZUy+WSEpJ1oPBOsu1hAlNE4Os7euyMx7m4Y63sO9nngLQ5kwDsHZXfFgf
 jyinZ87hbtZMchYJBm6YAGiSGmdYMLbDU4/wj8tn61cF+uikMFU1CrdYQrZbHcFX
 X+WC6nrSCay/3e+vD0zB7CK3Y9E+iuX52mwkwATx5aTJaHvmNtDXDb+ENI0am2uX
 19XnpS5UGjuvca+1Su9gvvloVG5TSA==
 =iOTh
 -----END PGP SIGNATURE-----

Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging

Pull request

# gpg: Signature made Mon 06 Dec 2021 07:27:19 AM PST
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]

* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
  virtio-blk: Fix clean up of host notifiers for single MR transaction.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-06 11:18:06 -08:00
Richard Henderson
2f8eb08673 MIPS fixes
- Do not emit SD instruction on 32-bit CPU (Jiaxun Yang)
 - Correctly catch load_elf() errors on Boston board (Jiaxun Yang)
 - Revert bogus CLI fix for ISA VGA devices (Alex Bennée)
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmGt7fwACgkQ4+MsLN6t
 wN656g//Tdpe9zY31lWQ85i3wSMSmNI5Wl/TbtEPdmdgOhiB2cKCD8/HOd9qQdNq
 any/mqfs8RUqM1HP7B0S6mtLFZnJOT45f+nlZy09ZkeDPTBGeBflnMYwpjWd1ftL
 hc9rWdzNcj5FPo+6vqwyha+4k9uM0UkZG/VZY4Rz24p5iIJ6NVGhm1iQINSBoeIu
 5WADoWlh4U+5g5ySp0ohOZrReILEwygLBGLnt/SuSV393vAUE/yc6b13jqWWInh1
 7fnk0wT01lP8KaRNfLlLYEaRqTn/CwhJ+qIlpHXckZDHLjfEJjjsWX3ARw8mcf30
 9/H+nQ81/JBj4AxF0o2+Yel7Cmwp/rbJ2HS6DzBhA6P+HTDqb+nXT9OUnkPCym1w
 fdmsJWSL31ZXS7lpDzPmJ6Xz/yvGc5OfBbImx3/AluRW1HqExz7BXZkO+Ou3VIfY
 6lOO91vNJkY0yXq65qh10M8dzYOZlYRCliymMGeQZMMzqPTe+uEhaa1Yh59+ur6D
 GfvdG7hlYfxR9rPI5dVqnH8jgP6qtxEbhOht4h2GsDkERaMTtZVYHfpVRdYVlPGH
 AWHEqv1xcfVMts6nm9lrWwmvS6AbJWYZc1tc87m8LyqXuzVDmP6SDXvVUinOWl45
 b5GaNmlIH3RgVCgmdenLTfRl0LypBUg43ScpHYSkcLeKY3Dvleg=
 =7ew1
 -----END PGP SIGNATURE-----

Merge tag 'mips-20211206' of https://github.com/philmd/qemu into staging

MIPS fixes

- Do not emit SD instruction on 32-bit CPU (Jiaxun Yang)
- Correctly catch load_elf() errors on Boston board (Jiaxun Yang)
- Revert bogus CLI fix for ISA VGA devices (Alex Bennée)

# gpg: Signature made Mon 06 Dec 2021 03:03:24 AM PST
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* tag 'mips-20211206' of https://github.com/philmd/qemu:
  Revert "vga: don't abort when adding a duplicate isa-vga device"
  hw/mips/boston: Fix load_elf() error detection
  hw/mips/bootloader: Fix write_ulong()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-06 07:27:32 -08:00
Mark Mielke
5b807181c2 virtio-blk: Fix clean up of host notifiers for single MR transaction.
The code that introduced "virtio-blk: Configure all host notifiers in
a single MR transaction" introduced a second loop variable to perform
cleanup in second loop, but mistakenly still refers to the first
loop variable within the second loop body.

Fixes: d0267da614 ("virtio-blk: Configure all host notifiers in a single MR transaction")
Signed-off-by: Mark Mielke <mark.mielke@gmail.com>
Message-id: CALm7yL08qarOu0dnQkTN+pa=BSRC92g31YpQQNDeAiT4yLZWQQ@mail.gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-06 14:21:14 +00:00
Alex Bennée
ac5837e330 Revert "vga: don't abort when adding a duplicate isa-vga device"
This reverts commit 7852a77f59.

The check is bogus as it ends up finding itself and falling over.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/733
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211206095209.2332376-1-alex.bennee@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06 11:57:36 +01:00
Jiaxun Yang
d77c462bf2 hw/mips/boston: Fix load_elf() error detection
load_elf() gives negative return in case of error, not zero.

Fixes: 10e3f30ff7 ("hw/mips/boston: Allow loading elf kernel and dtb")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211130211729.7116-3-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06 11:57:36 +01:00
Jiaxun Yang
24ade8c5de hw/mips/bootloader: Fix write_ulong()
bl_gen_write_ulong uses sd for both 32 and 64 bit CPU,
while sd is illegal on 32 bit CPUs.

Replace sd with sw on 32bit CPUs.

Fixes: 3ebbf86128 ("hw/mips: Add a bootloader helper")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211130211729.7116-2-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06 11:57:31 +01:00
Richard Henderson
99fc08366b seabios: update from snapshot to final 1.15.0 release (no code changes).
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmGp24YACgkQTLbY7tPo
 cTikahAAxyrx4XynSYD4TKnrEr6k8hYBGrUyrFbhf7/XmEu1nHTXYK/KEUOnjv17
 1RduWtPTWzN4r8ShGpBaq8JxOWOqy/pb/Ha62DwDCsoUD5VoxUtLd2Ss1dDnWTq9
 VQw331Sh+m8JvBCaXER+WVyaSvlkLNkuCH22BNmMzUCYBidWC+aLybNkTxvQ7nM4
 qViKWvJOGC0dlGgu22flJBepoTRVtD9Nl1qGQ1BoE+PFhaBCn0e0eRcHXnxFTsnI
 8siGFmenumZ/ShPBxfwZytLkIBnJc8SPVQ4yBNVdTj31vHGWeD0SJKTujfkArq4J
 GPvKPLN0Ozgpy/XmX9WBqgbsy/tCFL6+bifYVMM4plolzCAswjUPz5sXTEf8JRJD
 kpszXNgIRtfWTXFQqglPCtABuII+VcBnZhw7H/MW64gDJs7/KecrANjykiihldEG
 susTj9/Jy7fBEFEWHeWf4frzxo/GdrgiPo5rZEdyJxiD8TMk49GxSlvEdou/MDpr
 PR5lNGYJa58g0ZFMwm3+SaLWdoEIORFz61Q5ixZc59Qxh5BytbzATCTVSvCNStGM
 WCHO2V8WliaFKYECWmQjrxRntau5beG2yr+Cyul4VZo7rx7NI6JJ2Nd8eU7bluxH
 +hJsb7QU7eH+uJlUTZMEsdZdlZ+Y7A47nkGGqWAjrZllKWshinw=
 =EU6y
 -----END PGP SIGNATURE-----

Merge tag 'seabios-20211203-pull-request' of git://git.kraxel.org/qemu into staging

seabios: update from snapshot to final 1.15.0 release (no code changes).

# gpg: Signature made Fri 03 Dec 2021 12:55:34 AM PST
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]

* tag 'seabios-20211203-pull-request' of git://git.kraxel.org/qemu:
  seabios: update binaries to 1.15.0
  seabios: update submodule to 1.15.0

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-03 05:26:40 -08:00
Gerd Hoffmann
3bc90ac567 seabios: update binaries to 1.15.0
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-03 09:54:11 +01:00
Gerd Hoffmann
e7fa3377cc seabios: update submodule to 1.15.0
Update seabios to the final release.  No code changes
compared to the snapshot merged a few weeks ago.

shortlog 64f37cc530f1..rel-1.15.0
---------------------------------

Kevin O'Connor (1):
      docs: Note v1.15.0 release

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-03 07:09:32 +01:00
Richard Henderson
a69254a2b3 Pull request
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+ber27ys35W+dsvQfe+BBqr8OQ4FAmGoZQIACgkQfe+BBqr8
 OQ6D/w//UXY70lOLT2QteGSqUhdZcBcw0EzNMkWzqUl2wzwlYoJ3mu6QO1YVwE0r
 yp1nbsmZcoZ4Sr8RAOihF6jbSHBXuwa26ZrqRJXGKLgmT631oxUpCk8UoQt284v0
 e6ecKIZUcp409/QZLortK7NU5Ntx3zVuus+tsj6UB0bwbJsM4wL+q5q1uI6kVtmz
 GBo0m66Zy+2OS1gxDGHsQGFC/q8ZpEptzdaUcqCxRiNQbfzTiLp/xguXm9CVW3Ic
 j2zgL95yMP4Z0CiTdNuVTDfis2UACrt/YIudBE2Al4qVVa5QhgijTbtnagCly8Tw
 9sCjxGh5aQFCMAht2JDdiFtoU+8zayPZS2IfZfMPZStjqHqQngj525ksTA1Z6PQc
 yv+0Rj1yXLD2IkNu96cqt6FChOYN4z6hHeb4VRd9TXMoOICJuBnVSvmCG2vTcauU
 QAl+ii2UPMG4L0MrBxExA9WTTwisu30t99HFMjmZgg8YD9SrMSDZxrMOZn7og5kV
 OTWX/jLbIrVV1h4S45QsKIuSlrIASZbKXeqXxHYnxAN5IC7h8GAbisFZ/zxcMgXU
 tMmP813n4bEpMKgAKMo3DsinDmYBhyl23+T5Ty+2+ddagGWeNqXNi9P3YX3Fa+Un
 ZctLthVIcSZU84Mm4gYSTQMU61owEh0dfzl+pWhDCjrxBozXi74=
 =H1RQ
 -----END PGP SIGNATURE-----

Merge tag 'ide-pull-request' of https://gitlab.com/jsnow/qemu into staging

Pull request

# gpg: Signature made Wed 01 Dec 2021 10:17:38 PM PST
# gpg:                using RSA key F9B7ABDBBCACDF95BE76CBD07DEF8106AAFC390E
# gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [full]

* tag 'ide-pull-request' of https://gitlab.com/jsnow/qemu:
  tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
  hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
  hw/block/fdc: Extract blk_create_empty_drive()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-02 08:49:51 -08:00
Philippe Mathieu-Daudé
cc20926e9b tests/qtest/fdc-test: Add a regression test for CVE-2021-20196
Without the previous commit, when running 'make check-qtest-i386'
with QEMU configured with '--enable-sanitizers' we get:

  AddressSanitizer:DEADLYSIGNAL
  =================================================================
  ==287878==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000344
  ==287878==The signal is caused by a WRITE memory access.
  ==287878==Hint: address points to the zero page.
      #0 0x564b2e5bac27 in blk_inc_in_flight block/block-backend.c:1346:5
      #1 0x564b2e5bb228 in blk_pwritev_part block/block-backend.c:1317:5
      #2 0x564b2e5bcd57 in blk_pwrite block/block-backend.c:1498:11
      #3 0x564b2ca1cdd3 in fdctrl_write_data hw/block/fdc.c:2221:17
      #4 0x564b2ca1b2f7 in fdctrl_write hw/block/fdc.c:829:9
      #5 0x564b2dc49503 in portio_write softmmu/ioport.c:201:9

Add the reproducer for CVE-2021-20196.

Suggested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211124161536.631563-4-philmd@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-02 01:09:38 -05:00
Philippe Mathieu-Daudé
1ab95af033 hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196
Guest might select another drive on the bus by setting the
DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR).
The current controller model doesn't expect a BlockBackend
to be NULL. A simple way to fix CVE-2021-20196 is to create
an empty BlockBackend when it is missing. All further
accesses will be safely handled, and the controller state
machines keep behaving correctly.

Cc: qemu-stable@nongnu.org
Fixes: CVE-2021-20196
Reported-by: Gaoning Pan (Ant Security Light-Year Lab) <pgn@zju.edu.cn>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211124161536.631563-3-philmd@redhat.com
BugLink: https://bugs.launchpad.net/qemu/+bug/1912780
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/338
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-02 01:09:38 -05:00
Philippe Mathieu-Daudé
b154791e7b hw/block/fdc: Extract blk_create_empty_drive()
We are going to re-use this code in the next commit,
so extract it as a new blk_create_empty_drive() function.

Inspired-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211124161536.631563-2-philmd@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-02 01:09:38 -05:00
Richard Henderson
682aa69b1f Update version for v6.2.0-rc3 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-01 07:20:06 +01:00
Eduardo Habkost
24c4cd1311 MAINTAINERS: Change my email address
The ehabkost@redhat.com email address will stop working on
2021-12-01, change it to my personal email address.

Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211129163053.2506734-1-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211130204722.2732997-2-ehabkost@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-01 07:17:56 +01:00
Evan Miller
4006a27c5e scripts/entitlement.sh: Use backward-compatible cp flags
Older versions of Mac OS X do not support cp -a. The cp man page indicates
that -a is equivalent to -pPR.

Signed-off-by: Evan Miller <emmiller@gmail.com>
Message-Id: <40635C6E-059A-4146-B1E2-F6376700EE85@gmail.com>
[Leave out -R, these are files and not directories. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-30 22:25:58 +01:00
Yanan Wang
226fad7371 qapi/machine.json: Fix incorrect description for die-id
In terms of scope, die-id should mean "the die number within
socket the CPU belongs to" instead of "the die number within
node/board the CPU belongs to". Fix it to avoid confusing
the Doc reader.

Fixes: 176d2cda0d ("i386/cpu: Consolidate die-id validity in smp context")
Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20211122032651.16064-1-wangyanan55@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-30 22:25:58 +01:00
Philippe Mathieu-Daudé
aa62976c9d tests/qtest: Add fuzz-lsi53c895a-test
Without the previous commit, this test triggers:

  $ make check-qtest-x86_64
  [...]
  Running test qtest-x86_64/fuzz-lsi53c895a-test
  qemu-system-x86_64: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.
  ERROR qtest-x86_64/fuzz-lsi53c895a-test - too few tests run (expected 1, got 0)

Suggested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20211123111732.83137-3-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-30 22:25:58 +01:00
Philippe Mathieu-Daudé
4051a1f062 hw/scsi/lsi53c895a: Do not abort when DMA requested and no data queued
If asked for DMA request and no data is available, simply wait
for data to be queued, do not abort. This fixes:

  $ cat << EOF | \
    qemu-system-i386 -nographic -M q35,accel=qtest -serial none \
      -monitor none -qtest stdio -trace lsi* \
      -drive if=none,id=drive0,file=null-co://,file.read-zeroes=on,format=raw \
      -device lsi53c895a,id=scsi0 -device scsi-hd,drive=drive0,bus=scsi0.0,channel=0,scsi-id=0,lun=0
  lsi_reset Reset
  lsi_reg_write Write reg DSP2 0x2e = 0xff
  lsi_reg_write Write reg DSP3 0x2f = 0xff
  lsi_execute_script SCRIPTS dsp=0xffff0000 opcode 0x184a3900 arg 0x4a8b2d75
  qemu-system-i386: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.

  (gdb) bt
  #5  0x00007ffff4e8a3a6 in __GI___assert_fail
      (assertion=0x5555560accbc "s->current", file=0x5555560acc28 "hw/scsi/lsi53c895a.c", line=624, function=0x5555560adb18 "lsi_do_dma") at assert.c:101
  #6  0x0000555555aa33b9 in lsi_do_dma (s=0x555557805ac0, out=1) at hw/scsi/lsi53c895a.c:624
  #7  0x0000555555aa5042 in lsi_execute_script (s=0x555557805ac0) at hw/scsi/lsi53c895a.c:1250
  #8  0x0000555555aa757a in lsi_reg_writeb (s=0x555557805ac0, offset=47, val=255 '\377') at hw/scsi/lsi53c895a.c:1984
  #9  0x0000555555aa875b in lsi_mmio_write (opaque=0x555557805ac0, addr=47, val=255, size=1) at hw/scsi/lsi53c895a.c:2095

Cc: qemu-stable@nongnu.org
Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Vadim Rozenfeld <vrozenfe@redhat.com>
Cc: Stefan Hajnoczi <stefanha@redhat.com>
Reported-by: Jérôme Poulin <jeromepoulin@gmail.com>
Reported-by: Ruhr-University <bugs-syssec@rub.de>
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Reported-by: Cheolwoo Myung <cwmyung@snu.ac.kr>
Fixes: b96a0da06b ("lsi: move dma_len+dma_buf into lsi_request")
BugLink: https://bugs.launchpad.net/qemu/+bug/697510
BugLink: https://bugs.launchpad.net/qemu/+bug/1905521
BugLink: https://bugs.launchpad.net/qemu/+bug/1908515
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/84
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/305
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/552
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20211123111732.83137-2-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-11-30 22:25:58 +01:00
Richard Henderson
50456a6794 ppc 6.2 queue:
* Hash64 MMU fix for FreeBSD installer
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmGlPPIACgkQUaNDx8/7
 7KEwphAAyRx4G4NX1BLowo827y7OBdxos0IdnwT1aSoEOUuyhwl7kLSE/R7kYXZg
 2fLX3AOKFo6g6J18Km2W6ma2gNQja3WDv//E2vMF0STDBy85YJo77ON0leLWJD0C
 vZfXd1ohq5r4TJUQvT0EwT2bCeXrfq5e74NyI8SCdQ6CIExJ44b+ZqdaCbJh6Rwy
 m0+BxETu6eCuJnFNXWP7xHFaEwDdrg3Hpyv9bHd943u7CMwMkhWwKTVpiEYNmvvZ
 +jSAeu8keliYm/zSy5IY9YNq2yiD6DxJNVukPVhOpUL1jhsC+KWFiRrH7ogVoRtf
 ZWfHrYVlcIqizN4y1b5F6gugG84rRXmer3RGP3NStxzI12623moKtghhD5l63wyu
 B+CzPmTVpUHo5VlkS6iJE+cu00055BesEwplovl/OHMQAlt9gYwokrES3I2pSnso
 Iczag+Y+m3L2GrLKfzg82woIFZ6ZVmgxAMLL/dGnpFu1IMIZSBY1Us+PF90J0BGV
 KSNcBBc2U38eLe+M04sp2tDBYN07ye4JftwkCzAPPkU8JxRwmsr93eg+oKUq/rMQ
 LmSRqUSmIyeZNIfuR3g9co6PHCD5Urela+ZmCdFxugASNsxdWfHTo9btazeNEJrI
 UGg3A38uXKcWh75bCt1JYTxXrTOZMaGpVCGcKNDzaDNtokDPtCQ=
 =4T/d
 -----END PGP SIGNATURE-----

Merge tag 'pull-ppc-20211129' of https://github.com/legoater/qemu into staging

ppc 6.2 queue:

* Hash64 MMU fix for FreeBSD installer

# gpg: Signature made Mon 29 Nov 2021 09:49:54 PM CET
# gpg:                using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B  0B60 51A3 43C7 CFFB ECA1

* tag 'pull-ppc-20211129' of https://github.com/legoater/qemu:
  target/ppc: fix Hash64 MMU update of PTE bit R

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29 21:56:06 +01:00
Leandro Lupori
7bf00dfb51 target/ppc: fix Hash64 MMU update of PTE bit R
When updating the R bit of a PTE, the Hash64 MMU was using a wrong byte
offset, causing the first byte of the adjacent PTE to be corrupted.
This caused a panic when booting FreeBSD, using the Hash MMU.

Fixes: a2dd4e83e7 ("ppc/hash64: Rework R and C bit updates")
Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-11-29 21:00:08 +01:00
Richard Henderson
a0fd8a5492 TCG, plugin and build fixes:
- introduce CF_NOIRQ to avoid watchpoint race
   - fix avocado plugin test
   - fix linker issue with weird paths
   - band-aid for gdbstub race
   - updates for MAINTAINERS
   - fix some compiler warning in example plugin
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmGk7sYACgkQ+9DbCVqe
 KkSUYggAjvhB9t4xOP/gmwMvIlI60paN7KoooJbxaUSPj11YvQlAX9gPw6PTR4MV
 dh0RpmhUyO/MYpX7jvEuCRr05s8ZEg5kiJ/7r748yxdMffWL12iX/Mz4aZvBcMIq
 TFZ/vZcuOs2OchrFOqfO6oxyQHXZWAkWrjY/9l/bMmz3277OmC2808YJoRq3jIUT
 D1b0HzPQ9orxVM0MlNlY8YGQZ8gcM8g4mNee1+AZkiAUJS1klFNbepGGz+BCj8Ka
 Jd6n8RZKjvPZtSntZdneeMx3vY7L/VxqjxbT+INTANB0sTPvq4jddZOk78z8/gdE
 FHCJ7k8FHzlZAcRMmkyHRlpbWET4SA==
 =oJUJ
 -----END PGP SIGNATURE-----

Merge tag 'pull-for-6.2-291121-1' of https://github.com/stsquad/qemu into staging

TCG, plugin and build fixes:

  - introduce CF_NOIRQ to avoid watchpoint race
  - fix avocado plugin test
  - fix linker issue with weird paths
  - band-aid for gdbstub race
  - updates for MAINTAINERS
  - fix some compiler warning in example plugin

# gpg: Signature made Mon 29 Nov 2021 04:16:22 PM CET
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]

* tag 'pull-for-6.2-291121-1' of https://github.com/stsquad/qemu:
  tests/plugin/syscall.c: fix compiler warnings
  MAINTAINERS: Add section for Aarch64 GitLab custom runner
  MAINTAINERS: Remove me as a reviewer for the build and test/avocado
  gdbstub: handle a potentially racing TaskState
  plugins/meson.build: fix linker issue with weird paths
  tests/avocado: fix tcg_plugin mem access count test
  accel/tcg: suppress IRQ check for special TBs
  accel/tcg: introduce CF_NOIRQ

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29 18:58:06 +01:00
Richard Henderson
095c7737fb linux-user pull request 20211129
Fix losetup
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmGk3e4SHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748U9UP/A1tTpk0wT/xQyRMuo9mk1WJy17dx+zw
 2jq5FnQeTTgkkRx+McwUHpu5TIJgsvHexhoQRpDMeDACrc8JltXc1SqaLft/VRKy
 KjcsPIqxVremAWHm5YYzN6tmnZGy+kBXIa3e7ch69s+TBE4qDJHqYVvrHB1fnAuL
 vGrLJ6TiIkKOYyTxitHEHF91gurvYIAK6SxOpxcRLPtNfSlyZpmns1fPrxVGvypv
 I0yv+4m/Gru00djBbE31xuPdN76H5oDA1iNAADrRM80P19bLB38utWqLLT4L1gp8
 MXexHnGmq3JnVjNOPfzGA/3HV+zWoLj8vk1BU5ALNil7X8EViiTxs4ibo90UgyUk
 DMb4qHWUZ9O5+VE6kZRXViUC9nboTfPAH5LLZbbeN4VYF16m4nPExBF7WMX8QyqC
 PFM4ZMLaodjaCfbMr1galMuxALXCD+fvjSxcmYWMAD/8VMA/YHvvdxVZLqriscTA
 N0+laOOtCol0zCN+GD4xoKREZ+3qYcKbxBU1BiJj1si30T+iV6ky855QMaK39RPs
 UKWz9xR/rQpzOQYTn6FPXXG8a2Gv02oEkJfwb7wP25hjSza+wizZIAD/ejMK+hhI
 RGrMBVmPm+PqPOEOKtB4yPZJrdOyv98OPodlSNk45dgXRVHsuEjmOsxM9C1nlFAe
 MRgdt6PSIyRY
 =S5Ai
 -----END PGP SIGNATURE-----

Merge tag 'linux-user-for-6.2-pull-request' of git://github.com/vivier/qemu into staging

linux-user pull request 20211129

Fix losetup

# gpg: Signature made Mon 29 Nov 2021 03:04:30 PM CET
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]

* tag 'linux-user-for-6.2-pull-request' of git://github.com/vivier/qemu:
  linux-user: implement more loop ioctls

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29 17:46:00 +01:00
Juro Bystricky
d5615bbf91 tests/plugin/syscall.c: fix compiler warnings
Fix compiler warnings. The warnings can result in a broken build.
This patch fixes warnings such as:

In file included from /usr/include/glib-2.0/glib.h:111,
                 from ../tests/plugin/syscall.c:13:
../tests/plugin/syscall.c: In function ‘print_entry’:
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: ‘out’ may be
       used uninitialized in this function [-Werror=maybe-uninitialized]
   g_free (*pp);
   ^~~~~~~~~~~~
../tests/plugin/syscall.c:82:23: note: ‘out’ was declared here
     g_autofree gchar *out;
                       ^~~
In file included from /usr/include/glib-2.0/glib.h:111,
                 from ../tests/plugin/syscall.c:13:
../tests/plugin/syscall.c: In function ‘vcpu_syscall_ret’:
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: ‘out’ may be
        used uninitialized in this function [-Werror=maybe-uninitialized]
   g_free (*pp);
   ^~~~~~~~~~~~
../tests/plugin/syscall.c:73:27: note: ‘out’ was declared here
         g_autofree gchar *out;
                           ^~~
cc1: all warnings being treated as errors

Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211128011551.2115468-1-juro.bystricky@intel.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211129140932.4115115-9-alex.bennee@linaro.org>
2021-11-29 15:13:22 +00:00
Philippe Mathieu-Daudé
1e970158be MAINTAINERS: Add section for Aarch64 GitLab custom runner
Add a MAINTAINERS section to cover the GitLab YAML config file
containing the jobs run on the custom runner sponsored by the
Works On Arm project [*].

[*] https://developer.arm.com/solutions/infrastructure/works-on-arm

Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211116163226.2719320-1-f4bug@amsat.org>
Message-Id: <20211129140932.4115115-8-alex.bennee@linaro.org>
2021-11-29 15:13:19 +00:00
Willian Rampazzo
40525be5cb MAINTAINERS: Remove me as a reviewer for the build and test/avocado
Remove me as a reviewer for the Build and test automation and the
Integration Testing with the Avocado Framework and add Beraldo
Leal.

Signed-off-by: Willian Rampazzo <willianr@redhat.com>
Reviewed-by: Beraldo Leal <bleal@redhat.com>
Message-Id: <20211122191124.31620-1-willianr@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211129140932.4115115-7-alex.bennee@linaro.org>
2021-11-29 15:13:16 +00:00
Alex Bennée
a8e537fa4d gdbstub: handle a potentially racing TaskState
When dealing with multi-threaded userspace programs there is a race
condition with the addition of cpu->opaque (aka TaskState). This is
due to cpu_copy calling cpu_create which updates the global vCPU list.
However the task state isn't set until later. This shouldn't be a
problem because the new thread can't have executed anything yet but
the gdbstub code does liberally iterate through the CPU list in
various places.

This sticking plaster ensure the not yet fully realized vCPU is given
an pid of -1 which should be enough to ensure it doesn't show up
anywhere else.

In the longer term I think the code that manages the association
between vCPUs and attached GDB processes could do with a clean-up and
re-factor.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/730
Message-Id: <20211129140932.4115115-6-alex.bennee@linaro.org>
2021-11-29 15:13:12 +00:00
Alex Bennée
86a41ac7fd plugins/meson.build: fix linker issue with weird paths
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Stefan Weil <sw@weilnetz.de>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/712
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211129140932.4115115-5-alex.bennee@linaro.org>
2021-11-29 15:13:07 +00:00
Alex Bennée
a7c6e562e6 tests/avocado: fix tcg_plugin mem access count test
When we cleaned up argument handling the test was missed.

Fixes: 5ae589faad ("tests/plugins/mem: introduce "track" arg and make args not positional")
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211129140932.4115115-4-alex.bennee@linaro.org>
2021-11-29 15:12:56 +00:00
Alex Bennée
aff0e204cb accel/tcg: suppress IRQ check for special TBs
When we set cpu->cflags_next_tb it is because we want to carefully
control the execution of the next TB. Currently there is a race that
causes the second stage of watchpoint handling to get ignored if an
IRQ is processed before we finish executing the instruction that
triggers the watchpoint. Use the new CF_NOIRQ facility to avoid the
race.

We also suppress IRQs when handling precise self modifying code to
avoid unnecessary bouncing.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/245
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211129140932.4115115-3-alex.bennee@linaro.org>
2021-11-29 15:12:37 +00:00
Alex Bennée
48e14066ac accel/tcg: introduce CF_NOIRQ
Here we introduce a new compiler flag to disable the checking of exit
request (icount_decr.u32). This is useful when we want to ensure the
next block cannot be preempted by an asynchronous event.

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211129140932.4115115-2-alex.bennee@linaro.org>
2021-11-29 15:12:37 +00:00
Richard Henderson
b1641c5097 virtio,pci,pc: bugfixes
Lots of small fixes all over the place.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmGk2o4PHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpAP0H/i47erp9gRr4XXUd71mhwVeIj7SOwGIJYvuf
 YAHnFPu/Hvtl0zMQ3tHsUFV4ak7SeyJpqTIspTrhRF5WN9RB2drF+bVEUM+zVLiC
 dNpstDu1E3Po3RBMLwVBQK0fheo+n680wmgiB5I4H9xTukszRmRm3evIjZQpMwZ+
 Gx9WLW4ghG3fRJyXbZFDzOW2nlD/LUIQQ9ZZk9no3jULzbFS5hDFP1yxTOKZOGYk
 JeITGHx+ODIIBla5KIUkH2yDYurHvKoOzpxo1qLr65EmVMuq4TT1DjaAM0SRg8YO
 X+osx1AZRW7ZznYOUEiJuWru8QDM/BD0t91oR1kZAaEdaF3gYB8=
 =w54r
 -----END PGP SIGNATURE-----

Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging

virtio,pci,pc: bugfixes

Lots of small fixes all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Mon 29 Nov 2021 02:50:06 PM CET
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]

* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
  Fix bad overflow check in hw/pci/pcie.c
  intel-iommu: ignore leaf SNP bit in scalable mode
  virtio-balloon: correct used length
  virtio-balloon: process all in sgs for free_page_vq
  vdpa: Add dummy receive callback
  failover: fix unplug pending detection
  virtio-mmio : fix the crash in the vm shutdown

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29 15:23:17 +01:00
Andreas Schwab
0a761ce303 linux-user: implement more loop ioctls
LOOP_CONFIGURE is now used by losetup, and it cannot cope with ENOSYS.

Signed-off-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <mvmtug4mbfx.fsf_-_@suse.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-11-29 14:54:17 +01:00
Daniella Lee
bacf58ca18 Fix bad overflow check in hw/pci/pcie.c
Orginal qemu commit hash:14d02cfbe4adaeebe7cb833a8cc71191352cf03b

In function pcie_add_capability, an assert contains the
"offset < offset + size" expression.
Both variable offset and variable size are uint16_t,
the comparison is always true due to type promotion.
The next expression may be the same.

It might be like this:
Thread 1 "qemu-system-x86" hit Breakpoint 1, pcie_add_capability (
    dev=0x555557ce5f10, cap_id=1, cap_ver=2 '\002', offset=256, size=72)
    at ../hw/pci/pcie.c:930
930	{
(gdb) n
931	    assert(offset >= PCI_CONFIG_SPACE_SIZE);
(gdb) n
932	    assert(offset < offset + size);
(gdb) p offset
$1 = 256
(gdb) p offset < offset + size
$2 = 1
(gdb) set offset=65533
(gdb) p offset < offset + size
$3 = 1
(gdb) p offset < (uint16_t)(offset + size)
$4 = 0

Signed-off-by: Daniella Lee <daniellalee111@gmail.com>
Message-Id: <20211126061324.47331-1-daniellalee111@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-29 08:49:36 -05:00
Jason Wang
0192d6677c intel-iommu: ignore leaf SNP bit in scalable mode
When booting with scalable mode, I hit this error:

qemu-system-x86_64: vtd_iova_to_slpte: detected splte reserve non-zero iova=0xfffff002, level=0x1slpte=0x102681803)
qemu-system-x86_64: vtd_iommu_translate: detected translation failure (dev=01:00:00, iova=0xfffff002)
qemu-system-x86_64: New fault is not recorded due to compression of faults

This is because the SNP bit is set for second level page table since
Linux kernel commit 6c00612d0cba1 ("iommu/vt-d: Report right snoop
capability when using FL for IOVA") even if SC is not supported by the
hardware.

To unbreak the guest, ignore the leaf SNP bit for scalable mode
first. In the future we may consider to add SC support.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129033618.3857-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
2021-11-29 08:49:36 -05:00
Jason Wang
d3f1f940eb virtio-balloon: correct used length
Spec said:

"and len the total of bytes written into the buffer."

For inflateq, deflateq and statsq, we don't process in_sg so the used
length should be zero. For free_page_vq, tough the pages could be
changed by the device (in the destination), spec said:

"Note: len is particularly useful for drivers using untrusted buffers:
if a driver does not know exactly how much has been written by the
device, the driver would have to zero the buffer in advance to ensure
no data leakage occurs."

So 0 should be used as well here.

Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129030841.3611-2-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
2021-11-29 08:49:36 -05:00
Jason Wang
0fe7245d8b virtio-balloon: process all in sgs for free_page_vq
We only process the first in sg which may lead to the bitmap of the
pages belongs to following sgs were not cleared. This may result more
pages to be migrated. Fixing this by process all in sgs for
free_page_vq.

Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129030841.3611-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-29 08:49:36 -05:00
Richard Henderson
e750c10167 target-arm queue:
* virt: Diagnose attempts to enable MTE or virt when using HVF accelerator
  * GICv3 ITS: Allow clearing of ITS CTLR Enabled bit
  * GICv3: Update cached state after LPI state changes
  * GICv3: Fix handling of LPIs in list registers
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmGkrMYZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3jFCD/9QHZGiKLBkcJx1PNKqtpLh
 OIg3xheECzLT6KVQMQGxYwxo5oeKApjmny5F+/LsuP5y9PxgiFgxeh1OnEj8Z4gZ
 r6CIqWw9+Gpyye9tUCfB7SqAJvGTDKyfxJg8PVILT/+LTDPjubZ0QCQH67ktCI5+
 oYA44QlTS2z3+oPCPmrj5d09h3u1V62vSJzGF1agQKUUZ2YFN3KYJwAjPr/utvkC
 0lBx/qM/kwWGP0JRUvD+fzR+wie6ebMub5TlTr1UtUxNiju53ITPYf6rLdj8KNS7
 rfGToIJxz7o2RjRyy3sLBEn/YzLnKlS61BXf9wEdDNtKiiMkvXCkzILGCFkydmvW
 qdo2NSOXAsk8F1qwo0Ca3YGuRMy9jCPlE3FSEz7F6OL2cp5VgpjK54yJVlPG4vaT
 xqAJ7JhHu64r9jDfdM1MWvaUPQ5Aggk3QL8HKhEFb4RwKg+VGsh2kz7LC51whfw7
 ocEq5YVGuy59ERD3MFsDS/KK2UvLUB0bXgOtAi/wbjpr8QYRgGZAticOoj5zHeOe
 dvAEfbzecGfB5frOvB4K1Xw9PsJrPT1IgK9T/G67E6gpmd6WS5hh3YXrGrHgYHrX
 fZ/KOBM1390NuaZ5tIgPZsSJAyJJIPt/tFrRic0XV/6m7svpwPfSNQZ+eJPdW3m+
 qa9XLvxR6P3bU+2OkeKXfA==
 =/KcE
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20211129' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * virt: Diagnose attempts to enable MTE or virt when using HVF accelerator
 * GICv3 ITS: Allow clearing of ITS CTLR Enabled bit
 * GICv3: Update cached state after LPI state changes
 * GICv3: Fix handling of LPIs in list registers

# gpg: Signature made Mon 29 Nov 2021 11:34:46 AM CET
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]

* tag 'pull-target-arm-20211129' of https://git.linaro.org/people/pmaydell/qemu-arm:
  hw/intc/arm_gicv3: fix handling of LPIs in list registers
  hw/intc/arm_gicv3: Add new gicv3_intid_is_special() function
  hw/intc/arm_gicv3: Update cached state after LPI state changes
  hw/intc: cannot clear GICv3 ITS CTLR[Enabled] bit
  hw/arm/virt: Extend nested and mte checks to hvf

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29 11:56:07 +01:00
Peter Maydell
90feffad2a hw/intc/arm_gicv3: fix handling of LPIs in list registers
It is valid for an OS to put virtual interrupt ID values into the
list registers ICH_LR<n> which are greater than 1023.  This
corresponds to (for example) KVM using the in-kernel emulated ITS to
give a (nested) guest an ITS.  LPIs are delivered by the L1 kernel to
the L2 guest via the list registers in the same way as non-LPI
interrupts.

QEMU's code for handling writes to ICV_IARn (which happen when the L2
guest acknowledges an interrupt) and to ICV_EOIRn (which happen at
the end of the interrupt) did not consider LPIs, so it would
incorrectly treat interrupt IDs above 1023 as invalid.  Fix this by
using the correct condition, which is gicv3_intid_is_special().

Note that the condition in icv_dir_write() is correct -- LPIs
are not valid there and so we want to ignore both "special" ID
values and LPIs.

(In the pseudocode this logic is in:
 - VirtualReadIAR0(), VirtualReadIAR1(), which call IsSpecial()
 - VirtualWriteEOIR0(), VirtualWriteEOIR1(), which call
     VirtualIdentifierValid(data, TRUE) meaning "LPIs OK"
 - VirtualWriteDIR(), which calls VirtualIdentifierValid(data, FALSE)
     meaning "LPIs not OK")

This bug doesn't seem to have any visible effect on Linux L2 guests
most of the time, because the two bugs cancel each other out: we
neither mark the interrupt active nor deactivate it.  However it does
mean that the L2 vCPU priority while the LPI handler is running will
not be correct, so the interrupt handler could be unexpectedly
interrupted by a different interrupt.

(NB: this has nothing to do with using QEMU's emulated ITS.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>
2021-11-29 10:10:21 +00:00