Use the KVM_GUESTDBG_BLOCKIRQ debug flag if supported.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Extracted from Maxim's patch into a separate commit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211111110604.207376-6-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Extracted from Maxim's patch into a separate commit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211111110604.207376-5-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
handle_query_qemu_sstepbits is reporting NOIRQ and NOTIMER bits
even if they are not supported (as is the case with record/replay).
Instead, store the supported singlestep flags and reject
any unsupported bits in handle_set_qemu_sstep. This removes
the need for the get_sstep_flags() wrapper.
While at it, move the variables in GDBState, instead of using
global variables.
Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
[Extracted from Maxim's patch into a separate commit. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211111110604.207376-4-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In Linux 5.16, the padding of struct virtio_gpu_ctrl_hdr has become a
single-byte field followed by a uint8_t[3] array of padding bytes,
and virtio_gpu_ctrl_hdr_bswap does not compile anymore.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211111110604.207376-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
When the request free list is exhausted the coroutine waits on
q->free_req_queue for the next free request. Whenever a request is
completed a BH is scheduled to invoke nvme_free_req_queue_cb() and wake
up waiting coroutines.
1. nvme_get_free_req() waits for a free request:
while (q->free_req_head == -1) {
...
trace_nvme_free_req_queue_wait(q->s, q->index);
qemu_co_queue_wait(&q->free_req_queue, &q->lock);
...
}
2. nvme_free_req_queue_cb() wakes up the coroutine:
while (qemu_co_enter_next(&q->free_req_queue, &q->lock)) {
^--- infinite loop when free_req_head == -1
}
nvme_free_req_queue_cb() and the coroutine form an infinite loop when
q->free_req_head == -1. Fix this by checking q->free_req_head in
nvme_free_req_queue_cb(). If the free request list is exhausted, don't
wake waiting coroutines. Eventually an in-flight request will complete
and the BH will be scheduled again, guaranteeing forward progress.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211208152246.244585-1-stefanha@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
According to the "Arm Generic Interrupt Controller Architecture
Specification GIC architecture version 3 and 4" (version G: page 345
for aarch64 or 509 for aarch32):
LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and
ICH_HCR.EOIcount is non-zero.
When only LRENPIE was set (and EOI count was zero), the LRENP bit was
wrongly set and MISR value was wrong.
As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE,
the maintenance interrupt was constantly fired. It happens since patch
9cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1")
which fixed another bug about maintenance interrupt (most significant
bits of misr, including this one, were ignored in the interrupt trigger).
Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers")
Signed-off-by: Damien Hedde <damien.hedde@greensocs.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmGvcNUdHHJpY2hhcmQu
aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/Frgf8CCasn2VfHSZxUHVe
8Uc9vLeIVCht9kP3uP5GrRsyKljsyubQSf0ADSBuslLwZN5Nw9fElXiWoqW0jbOv
hKJLEyhaUB02u0tGCIOvuAL4/cYBt0d9MWafqLrn5G43E9PjBAZiwQl0SxJkr5ju
b2oKkvBFohy2x3W89pfw/Dbw3BoDWJe6d0Ky5R9UuVyXKLT8em/Ftr/J3+AGZh47
h3S6LVrryvrd8olhnT4oZGRAq/Nm7eWMHyNfX+8cgxze0ov8mO4wqdipBIpVidgP
2RYjZVesecOOJuoyiy7O1ef62n18Df8pGHooRfvCRGG895dRbp6vyOdpGOF78m6J
j7GiSg==
=LmtK
-----END PGP SIGNATURE-----
Merge tag 'pull-tcg-20211207' of https://gitlab.com/rth7680/qemu into staging
Fix stack spills for arm neon.
# gpg: Signature made Tue 07 Dec 2021 06:33:57 AM PST
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]
* tag 'pull-tcg-20211207' of https://gitlab.com/rth7680/qemu:
tcg/arm: Reduce vector alignment requirement for NEON
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
With arm32, the ABI gives us 8-byte alignment for the stack.
While it's possible to realign the stack to provide 16-byte alignment,
it's far easier to simply not encode 16-byte alignment in the
VLD1 and VST1 instructions that we emit.
Remove the assertion in temp_allocate_frame, limit natural alignment
to the provided stack alignment, and add a comment.
Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1999878
Reported-by: Richard W.M. Jones <rjones@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210912174925.200132-1-richard.henderson@linaro.org>
Message-Id: <20211206191335.230683-2-richard.henderson@linaro.org>
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmGuK9cACgkQnKSrs4Gr
c8gr7gf9Fe6WZ85sbefQcsOvqc6AKcmiC1dhQ9qsdT4Y22Ft8BneiVHPflkpYExP
12n4DB8QIasU/j3RognHNdsh/SYV07TfsVBNJHrO3Z2f83HrfDd3BhUV2DnJgul0
AjriZvwZUy+WSEpJ1oPBOsu1hAlNE4Os7euyMx7m4Y63sO9nngLQ5kwDsHZXfFgf
jyinZ87hbtZMchYJBm6YAGiSGmdYMLbDU4/wj8tn61cF+uikMFU1CrdYQrZbHcFX
X+WC6nrSCay/3e+vD0zB7CK3Y9E+iuX52mwkwATx5aTJaHvmNtDXDb+ENI0am2uX
19XnpS5UGjuvca+1Su9gvvloVG5TSA==
=iOTh
-----END PGP SIGNATURE-----
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging
Pull request
# gpg: Signature made Mon 06 Dec 2021 07:27:19 AM PST
# gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
virtio-blk: Fix clean up of host notifiers for single MR transaction.
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
- Do not emit SD instruction on 32-bit CPU (Jiaxun Yang)
- Correctly catch load_elf() errors on Boston board (Jiaxun Yang)
- Revert bogus CLI fix for ISA VGA devices (Alex Bennée)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmGt7fwACgkQ4+MsLN6t
wN656g//Tdpe9zY31lWQ85i3wSMSmNI5Wl/TbtEPdmdgOhiB2cKCD8/HOd9qQdNq
any/mqfs8RUqM1HP7B0S6mtLFZnJOT45f+nlZy09ZkeDPTBGeBflnMYwpjWd1ftL
hc9rWdzNcj5FPo+6vqwyha+4k9uM0UkZG/VZY4Rz24p5iIJ6NVGhm1iQINSBoeIu
5WADoWlh4U+5g5ySp0ohOZrReILEwygLBGLnt/SuSV393vAUE/yc6b13jqWWInh1
7fnk0wT01lP8KaRNfLlLYEaRqTn/CwhJ+qIlpHXckZDHLjfEJjjsWX3ARw8mcf30
9/H+nQ81/JBj4AxF0o2+Yel7Cmwp/rbJ2HS6DzBhA6P+HTDqb+nXT9OUnkPCym1w
fdmsJWSL31ZXS7lpDzPmJ6Xz/yvGc5OfBbImx3/AluRW1HqExz7BXZkO+Ou3VIfY
6lOO91vNJkY0yXq65qh10M8dzYOZlYRCliymMGeQZMMzqPTe+uEhaa1Yh59+ur6D
GfvdG7hlYfxR9rPI5dVqnH8jgP6qtxEbhOht4h2GsDkERaMTtZVYHfpVRdYVlPGH
AWHEqv1xcfVMts6nm9lrWwmvS6AbJWYZc1tc87m8LyqXuzVDmP6SDXvVUinOWl45
b5GaNmlIH3RgVCgmdenLTfRl0LypBUg43ScpHYSkcLeKY3Dvleg=
=7ew1
-----END PGP SIGNATURE-----
Merge tag 'mips-20211206' of https://github.com/philmd/qemu into staging
MIPS fixes
- Do not emit SD instruction on 32-bit CPU (Jiaxun Yang)
- Correctly catch load_elf() errors on Boston board (Jiaxun Yang)
- Revert bogus CLI fix for ISA VGA devices (Alex Bennée)
# gpg: Signature made Mon 06 Dec 2021 03:03:24 AM PST
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
* tag 'mips-20211206' of https://github.com/philmd/qemu:
Revert "vga: don't abort when adding a duplicate isa-vga device"
hw/mips/boston: Fix load_elf() error detection
hw/mips/bootloader: Fix write_ulong()
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The code that introduced "virtio-blk: Configure all host notifiers in
a single MR transaction" introduced a second loop variable to perform
cleanup in second loop, but mistakenly still refers to the first
loop variable within the second loop body.
Fixes: d0267da614 ("virtio-blk: Configure all host notifiers in a single MR transaction")
Signed-off-by: Mark Mielke <mark.mielke@gmail.com>
Message-id: CALm7yL08qarOu0dnQkTN+pa=BSRC92g31YpQQNDeAiT4yLZWQQ@mail.gmail.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
This reverts commit 7852a77f59.
The check is bogus as it ends up finding itself and falling over.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/733
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211206095209.2332376-1-alex.bennee@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
load_elf() gives negative return in case of error, not zero.
Fixes: 10e3f30ff7 ("hw/mips/boston: Allow loading elf kernel and dtb")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211130211729.7116-3-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
bl_gen_write_ulong uses sd for both 32 and 64 bit CPU,
while sd is illegal on 32 bit CPUs.
Replace sd with sw on 32bit CPUs.
Fixes: 3ebbf86128 ("hw/mips: Add a bootloader helper")
Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211130211729.7116-2-jiaxun.yang@flygoat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Update seabios to the final release. No code changes
compared to the snapshot merged a few weeks ago.
shortlog 64f37cc530f1..rel-1.15.0
---------------------------------
Kevin O'Connor (1):
docs: Note v1.15.0 release
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Without the previous commit, when running 'make check-qtest-i386'
with QEMU configured with '--enable-sanitizers' we get:
AddressSanitizer:DEADLYSIGNAL
=================================================================
==287878==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000344
==287878==The signal is caused by a WRITE memory access.
==287878==Hint: address points to the zero page.
#0 0x564b2e5bac27 in blk_inc_in_flight block/block-backend.c:1346:5
#1 0x564b2e5bb228 in blk_pwritev_part block/block-backend.c:1317:5
#2 0x564b2e5bcd57 in blk_pwrite block/block-backend.c:1498:11
#3 0x564b2ca1cdd3 in fdctrl_write_data hw/block/fdc.c:2221:17
#4 0x564b2ca1b2f7 in fdctrl_write hw/block/fdc.c:829:9
#5 0x564b2dc49503 in portio_write softmmu/ioport.c:201:9
Add the reproducer for CVE-2021-20196.
Suggested-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211124161536.631563-4-philmd@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
Guest might select another drive on the bus by setting the
DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR).
The current controller model doesn't expect a BlockBackend
to be NULL. A simple way to fix CVE-2021-20196 is to create
an empty BlockBackend when it is missing. All further
accesses will be safely handled, and the controller state
machines keep behaving correctly.
Cc: qemu-stable@nongnu.org
Fixes: CVE-2021-20196
Reported-by: Gaoning Pan (Ant Security Light-Year Lab) <pgn@zju.edu.cn>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211124161536.631563-3-philmd@redhat.com
BugLink: https://bugs.launchpad.net/qemu/+bug/1912780
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/338
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: John Snow <jsnow@redhat.com>
We are going to re-use this code in the next commit,
so extract it as a new blk_create_empty_drive() function.
Inspired-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20211124161536.631563-2-philmd@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
The ehabkost@redhat.com email address will stop working on
2021-12-01, change it to my personal email address.
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211129163053.2506734-1-ehabkost@redhat.com>
Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20211130204722.2732997-2-ehabkost@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Older versions of Mac OS X do not support cp -a. The cp man page indicates
that -a is equivalent to -pPR.
Signed-off-by: Evan Miller <emmiller@gmail.com>
Message-Id: <40635C6E-059A-4146-B1E2-F6376700EE85@gmail.com>
[Leave out -R, these are files and not directories. - Paolo]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
In terms of scope, die-id should mean "the die number within
socket the CPU belongs to" instead of "the die number within
node/board the CPU belongs to". Fix it to avoid confusing
the Doc reader.
Fixes: 176d2cda0d ("i386/cpu: Consolidate die-id validity in smp context")
Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20211122032651.16064-1-wangyanan55@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Without the previous commit, this test triggers:
$ make check-qtest-x86_64
[...]
Running test qtest-x86_64/fuzz-lsi53c895a-test
qemu-system-x86_64: hw/scsi/lsi53c895a.c:624: lsi_do_dma: Assertion `s->current' failed.
ERROR qtest-x86_64/fuzz-lsi53c895a-test - too few tests run (expected 1, got 0)
Suggested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20211123111732.83137-3-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* Hash64 MMU fix for FreeBSD installer
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmGlPPIACgkQUaNDx8/7
7KEwphAAyRx4G4NX1BLowo827y7OBdxos0IdnwT1aSoEOUuyhwl7kLSE/R7kYXZg
2fLX3AOKFo6g6J18Km2W6ma2gNQja3WDv//E2vMF0STDBy85YJo77ON0leLWJD0C
vZfXd1ohq5r4TJUQvT0EwT2bCeXrfq5e74NyI8SCdQ6CIExJ44b+ZqdaCbJh6Rwy
m0+BxETu6eCuJnFNXWP7xHFaEwDdrg3Hpyv9bHd943u7CMwMkhWwKTVpiEYNmvvZ
+jSAeu8keliYm/zSy5IY9YNq2yiD6DxJNVukPVhOpUL1jhsC+KWFiRrH7ogVoRtf
ZWfHrYVlcIqizN4y1b5F6gugG84rRXmer3RGP3NStxzI12623moKtghhD5l63wyu
B+CzPmTVpUHo5VlkS6iJE+cu00055BesEwplovl/OHMQAlt9gYwokrES3I2pSnso
Iczag+Y+m3L2GrLKfzg82woIFZ6ZVmgxAMLL/dGnpFu1IMIZSBY1Us+PF90J0BGV
KSNcBBc2U38eLe+M04sp2tDBYN07ye4JftwkCzAPPkU8JxRwmsr93eg+oKUq/rMQ
LmSRqUSmIyeZNIfuR3g9co6PHCD5Urela+ZmCdFxugASNsxdWfHTo9btazeNEJrI
UGg3A38uXKcWh75bCt1JYTxXrTOZMaGpVCGcKNDzaDNtokDPtCQ=
=4T/d
-----END PGP SIGNATURE-----
Merge tag 'pull-ppc-20211129' of https://github.com/legoater/qemu into staging
ppc 6.2 queue:
* Hash64 MMU fix for FreeBSD installer
# gpg: Signature made Mon 29 Nov 2021 09:49:54 PM CET
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* tag 'pull-ppc-20211129' of https://github.com/legoater/qemu:
target/ppc: fix Hash64 MMU update of PTE bit R
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
When updating the R bit of a PTE, the Hash64 MMU was using a wrong byte
offset, causing the first byte of the adjacent PTE to be corrupted.
This caused a panic when booting FreeBSD, using the Hash MMU.
Fixes: a2dd4e83e7 ("ppc/hash64: Rework R and C bit updates")
Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
- introduce CF_NOIRQ to avoid watchpoint race
- fix avocado plugin test
- fix linker issue with weird paths
- band-aid for gdbstub race
- updates for MAINTAINERS
- fix some compiler warning in example plugin
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmGk7sYACgkQ+9DbCVqe
KkSUYggAjvhB9t4xOP/gmwMvIlI60paN7KoooJbxaUSPj11YvQlAX9gPw6PTR4MV
dh0RpmhUyO/MYpX7jvEuCRr05s8ZEg5kiJ/7r748yxdMffWL12iX/Mz4aZvBcMIq
TFZ/vZcuOs2OchrFOqfO6oxyQHXZWAkWrjY/9l/bMmz3277OmC2808YJoRq3jIUT
D1b0HzPQ9orxVM0MlNlY8YGQZ8gcM8g4mNee1+AZkiAUJS1klFNbepGGz+BCj8Ka
Jd6n8RZKjvPZtSntZdneeMx3vY7L/VxqjxbT+INTANB0sTPvq4jddZOk78z8/gdE
FHCJ7k8FHzlZAcRMmkyHRlpbWET4SA==
=oJUJ
-----END PGP SIGNATURE-----
Merge tag 'pull-for-6.2-291121-1' of https://github.com/stsquad/qemu into staging
TCG, plugin and build fixes:
- introduce CF_NOIRQ to avoid watchpoint race
- fix avocado plugin test
- fix linker issue with weird paths
- band-aid for gdbstub race
- updates for MAINTAINERS
- fix some compiler warning in example plugin
# gpg: Signature made Mon 29 Nov 2021 04:16:22 PM CET
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
* tag 'pull-for-6.2-291121-1' of https://github.com/stsquad/qemu:
tests/plugin/syscall.c: fix compiler warnings
MAINTAINERS: Add section for Aarch64 GitLab custom runner
MAINTAINERS: Remove me as a reviewer for the build and test/avocado
gdbstub: handle a potentially racing TaskState
plugins/meson.build: fix linker issue with weird paths
tests/avocado: fix tcg_plugin mem access count test
accel/tcg: suppress IRQ check for special TBs
accel/tcg: introduce CF_NOIRQ
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Fix compiler warnings. The warnings can result in a broken build.
This patch fixes warnings such as:
In file included from /usr/include/glib-2.0/glib.h:111,
from ../tests/plugin/syscall.c:13:
../tests/plugin/syscall.c: In function ‘print_entry’:
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: ‘out’ may be
used uninitialized in this function [-Werror=maybe-uninitialized]
g_free (*pp);
^~~~~~~~~~~~
../tests/plugin/syscall.c:82:23: note: ‘out’ was declared here
g_autofree gchar *out;
^~~
In file included from /usr/include/glib-2.0/glib.h:111,
from ../tests/plugin/syscall.c:13:
../tests/plugin/syscall.c: In function ‘vcpu_syscall_ret’:
/usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: ‘out’ may be
used uninitialized in this function [-Werror=maybe-uninitialized]
g_free (*pp);
^~~~~~~~~~~~
../tests/plugin/syscall.c:73:27: note: ‘out’ was declared here
g_autofree gchar *out;
^~~
cc1: all warnings being treated as errors
Signed-off-by: Juro Bystricky <juro.bystricky@intel.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211128011551.2115468-1-juro.bystricky@intel.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211129140932.4115115-9-alex.bennee@linaro.org>
Add a MAINTAINERS section to cover the GitLab YAML config file
containing the jobs run on the custom runner sponsored by the
Works On Arm project [*].
[*] https://developer.arm.com/solutions/infrastructure/works-on-arm
Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20211116163226.2719320-1-f4bug@amsat.org>
Message-Id: <20211129140932.4115115-8-alex.bennee@linaro.org>
Remove me as a reviewer for the Build and test automation and the
Integration Testing with the Avocado Framework and add Beraldo
Leal.
Signed-off-by: Willian Rampazzo <willianr@redhat.com>
Reviewed-by: Beraldo Leal <bleal@redhat.com>
Message-Id: <20211122191124.31620-1-willianr@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20211129140932.4115115-7-alex.bennee@linaro.org>
When dealing with multi-threaded userspace programs there is a race
condition with the addition of cpu->opaque (aka TaskState). This is
due to cpu_copy calling cpu_create which updates the global vCPU list.
However the task state isn't set until later. This shouldn't be a
problem because the new thread can't have executed anything yet but
the gdbstub code does liberally iterate through the CPU list in
various places.
This sticking plaster ensure the not yet fully realized vCPU is given
an pid of -1 which should be enough to ensure it doesn't show up
anywhere else.
In the longer term I think the code that manages the association
between vCPUs and attached GDB processes could do with a clean-up and
re-factor.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Cc: Richard Henderson <richard.henderson@linaro.org>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/730
Message-Id: <20211129140932.4115115-6-alex.bennee@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Stefan Weil <sw@weilnetz.de>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/712
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211129140932.4115115-5-alex.bennee@linaro.org>
When we cleaned up argument handling the test was missed.
Fixes: 5ae589faad ("tests/plugins/mem: introduce "track" arg and make args not positional")
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20211129140932.4115115-4-alex.bennee@linaro.org>
When we set cpu->cflags_next_tb it is because we want to carefully
control the execution of the next TB. Currently there is a race that
causes the second stage of watchpoint handling to get ignored if an
IRQ is processed before we finish executing the instruction that
triggers the watchpoint. Use the new CF_NOIRQ facility to avoid the
race.
We also suppress IRQs when handling precise self modifying code to
avoid unnecessary bouncing.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Cc: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/245
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211129140932.4115115-3-alex.bennee@linaro.org>
Here we introduce a new compiler flag to disable the checking of exit
request (icount_decr.u32). This is useful when we want to ensure the
next block cannot be preempted by an asynchronous event.
Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20211129140932.4115115-2-alex.bennee@linaro.org>
Lots of small fixes all over the place.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmGk2o4PHG1zdEByZWRo
YXQuY29tAAoJECgfDbjSjVRpAP0H/i47erp9gRr4XXUd71mhwVeIj7SOwGIJYvuf
YAHnFPu/Hvtl0zMQ3tHsUFV4ak7SeyJpqTIspTrhRF5WN9RB2drF+bVEUM+zVLiC
dNpstDu1E3Po3RBMLwVBQK0fheo+n680wmgiB5I4H9xTukszRmRm3evIjZQpMwZ+
Gx9WLW4ghG3fRJyXbZFDzOW2nlD/LUIQQ9ZZk9no3jULzbFS5hDFP1yxTOKZOGYk
JeITGHx+ODIIBla5KIUkH2yDYurHvKoOzpxo1qLr65EmVMuq4TT1DjaAM0SRg8YO
X+osx1AZRW7ZznYOUEiJuWru8QDM/BD0t91oR1kZAaEdaF3gYB8=
=w54r
-----END PGP SIGNATURE-----
Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
virtio,pci,pc: bugfixes
Lots of small fixes all over the place.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 29 Nov 2021 02:50:06 PM CET
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
Fix bad overflow check in hw/pci/pcie.c
intel-iommu: ignore leaf SNP bit in scalable mode
virtio-balloon: correct used length
virtio-balloon: process all in sgs for free_page_vq
vdpa: Add dummy receive callback
failover: fix unplug pending detection
virtio-mmio : fix the crash in the vm shutdown
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
LOOP_CONFIGURE is now used by losetup, and it cannot cope with ENOSYS.
Signed-off-by: Andreas Schwab <schwab@suse.de>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <mvmtug4mbfx.fsf_-_@suse.de>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Orginal qemu commit hash:14d02cfbe4adaeebe7cb833a8cc71191352cf03b
In function pcie_add_capability, an assert contains the
"offset < offset + size" expression.
Both variable offset and variable size are uint16_t,
the comparison is always true due to type promotion.
The next expression may be the same.
It might be like this:
Thread 1 "qemu-system-x86" hit Breakpoint 1, pcie_add_capability (
dev=0x555557ce5f10, cap_id=1, cap_ver=2 '\002', offset=256, size=72)
at ../hw/pci/pcie.c:930
930 {
(gdb) n
931 assert(offset >= PCI_CONFIG_SPACE_SIZE);
(gdb) n
932 assert(offset < offset + size);
(gdb) p offset
$1 = 256
(gdb) p offset < offset + size
$2 = 1
(gdb) set offset=65533
(gdb) p offset < offset + size
$3 = 1
(gdb) p offset < (uint16_t)(offset + size)
$4 = 0
Signed-off-by: Daniella Lee <daniellalee111@gmail.com>
Message-Id: <20211126061324.47331-1-daniellalee111@gmail.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
When booting with scalable mode, I hit this error:
qemu-system-x86_64: vtd_iova_to_slpte: detected splte reserve non-zero iova=0xfffff002, level=0x1slpte=0x102681803)
qemu-system-x86_64: vtd_iommu_translate: detected translation failure (dev=01:00:00, iova=0xfffff002)
qemu-system-x86_64: New fault is not recorded due to compression of faults
This is because the SNP bit is set for second level page table since
Linux kernel commit 6c00612d0cba1 ("iommu/vt-d: Report right snoop
capability when using FL for IOVA") even if SC is not supported by the
hardware.
To unbreak the guest, ignore the leaf SNP bit for scalable mode
first. In the future we may consider to add SC support.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129033618.3857-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Spec said:
"and len the total of bytes written into the buffer."
For inflateq, deflateq and statsq, we don't process in_sg so the used
length should be zero. For free_page_vq, tough the pages could be
changed by the device (in the destination), spec said:
"Note: len is particularly useful for drivers using untrusted buffers:
if a driver does not know exactly how much has been written by the
device, the driver would have to zero the buffer in advance to ensure
no data leakage occurs."
So 0 should be used as well here.
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129030841.3611-2-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
We only process the first in sg which may lead to the bitmap of the
pages belongs to following sgs were not cleared. This may result more
pages to be migrated. Fixing this by process all in sgs for
free_page_vq.
Acked-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20211129030841.3611-1-jasowang@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
* virt: Diagnose attempts to enable MTE or virt when using HVF accelerator
* GICv3 ITS: Allow clearing of ITS CTLR Enabled bit
* GICv3: Update cached state after LPI state changes
* GICv3: Fix handling of LPIs in list registers
-----BEGIN PGP SIGNATURE-----
iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmGkrMYZHHBldGVyLm1h
eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3jFCD/9QHZGiKLBkcJx1PNKqtpLh
OIg3xheECzLT6KVQMQGxYwxo5oeKApjmny5F+/LsuP5y9PxgiFgxeh1OnEj8Z4gZ
r6CIqWw9+Gpyye9tUCfB7SqAJvGTDKyfxJg8PVILT/+LTDPjubZ0QCQH67ktCI5+
oYA44QlTS2z3+oPCPmrj5d09h3u1V62vSJzGF1agQKUUZ2YFN3KYJwAjPr/utvkC
0lBx/qM/kwWGP0JRUvD+fzR+wie6ebMub5TlTr1UtUxNiju53ITPYf6rLdj8KNS7
rfGToIJxz7o2RjRyy3sLBEn/YzLnKlS61BXf9wEdDNtKiiMkvXCkzILGCFkydmvW
qdo2NSOXAsk8F1qwo0Ca3YGuRMy9jCPlE3FSEz7F6OL2cp5VgpjK54yJVlPG4vaT
xqAJ7JhHu64r9jDfdM1MWvaUPQ5Aggk3QL8HKhEFb4RwKg+VGsh2kz7LC51whfw7
ocEq5YVGuy59ERD3MFsDS/KK2UvLUB0bXgOtAi/wbjpr8QYRgGZAticOoj5zHeOe
dvAEfbzecGfB5frOvB4K1Xw9PsJrPT1IgK9T/G67E6gpmd6WS5hh3YXrGrHgYHrX
fZ/KOBM1390NuaZ5tIgPZsSJAyJJIPt/tFrRic0XV/6m7svpwPfSNQZ+eJPdW3m+
qa9XLvxR6P3bU+2OkeKXfA==
=/KcE
-----END PGP SIGNATURE-----
Merge tag 'pull-target-arm-20211129' of https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* virt: Diagnose attempts to enable MTE or virt when using HVF accelerator
* GICv3 ITS: Allow clearing of ITS CTLR Enabled bit
* GICv3: Update cached state after LPI state changes
* GICv3: Fix handling of LPIs in list registers
# gpg: Signature made Mon 29 Nov 2021 11:34:46 AM CET
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
* tag 'pull-target-arm-20211129' of https://git.linaro.org/people/pmaydell/qemu-arm:
hw/intc/arm_gicv3: fix handling of LPIs in list registers
hw/intc/arm_gicv3: Add new gicv3_intid_is_special() function
hw/intc/arm_gicv3: Update cached state after LPI state changes
hw/intc: cannot clear GICv3 ITS CTLR[Enabled] bit
hw/arm/virt: Extend nested and mte checks to hvf
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
It is valid for an OS to put virtual interrupt ID values into the
list registers ICH_LR<n> which are greater than 1023. This
corresponds to (for example) KVM using the in-kernel emulated ITS to
give a (nested) guest an ITS. LPIs are delivered by the L1 kernel to
the L2 guest via the list registers in the same way as non-LPI
interrupts.
QEMU's code for handling writes to ICV_IARn (which happen when the L2
guest acknowledges an interrupt) and to ICV_EOIRn (which happen at
the end of the interrupt) did not consider LPIs, so it would
incorrectly treat interrupt IDs above 1023 as invalid. Fix this by
using the correct condition, which is gicv3_intid_is_special().
Note that the condition in icv_dir_write() is correct -- LPIs
are not valid there and so we want to ignore both "special" ID
values and LPIs.
(In the pseudocode this logic is in:
- VirtualReadIAR0(), VirtualReadIAR1(), which call IsSpecial()
- VirtualWriteEOIR0(), VirtualWriteEOIR1(), which call
VirtualIdentifierValid(data, TRUE) meaning "LPIs OK"
- VirtualWriteDIR(), which calls VirtualIdentifierValid(data, FALSE)
meaning "LPIs not OK")
This bug doesn't seem to have any visible effect on Linux L2 guests
most of the time, because the two bugs cancel each other out: we
neither mark the interrupt active nor deactivate it. However it does
mean that the L2 vCPU priority while the LPI handler is running will
not be correct, so the interrupt handler could be unexpectedly
interrupted by a different interrupt.
(NB: this has nothing to do with using QEMU's emulated ITS.)
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc Zyngier <maz@kernel.org>