Commit Graph

105842 Commits

Author SHA1 Message Date
Yuri Benditovich
348e354417 pci: do not respond config requests after PCI device eject
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224964

In migration with VF failover, Windows guest and ACPI hot
unplug we do not need to satisfy config requests, otherwise
the guest immediately detects the device and brings up its
driver. Many network VF's are stuck on the guest PCI bus after
the migration.

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Message-Id: <20230728084049.191454-1-yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-03 16:06:49 -04:00
Hanna Czenczek
c92f4fcafa virtio: Fix packed virtqueue used_idx mask
virtio_queue_packed_set_last_avail_idx() is used by vhost devices to set
the internal queue indices to what has been reported by the vhost
back-end through GET_VRING_BASE.  For packed virtqueues, this
32-bit value is expected to contain both the device's internal avail and
used indices, as well as their respective wrap counters.

To get the used index, we shift the 32-bit value right by 16, and then
apply a mask of 0x7ffff.  That seems to be a typo, because it should be
0x7fff; first of all, the virtio specification says that the maximum
queue size for packed virt queues is 2^15, so the indices cannot exceed
2^15 - 1 anyway, making 0x7fff the correct mask.  Second, the mask
clearly is wrong from context, too, given that (A) `idx & 0x70000` must
be 0 at this point (`idx` is 32 bit and was shifted to the right by 16
already), (B) `idx & 0x8000` is the used_wrap_counter, so should not be
part of the used index, and (C) `vq->used_idx` is a `uint16_t`, so
cannot fit the 0x70000 part of the mask anyway.

This most likely never produced any guest-visible bugs, though, because
for a vhost device, qemu will probably not evaluate the used index
outside of virtio_queue_packed_get_last_avail_idx(), where we
reconstruct the 32-bit value from avail and used indices and their wrap
counters again.  There, it does not matter whether the highest bit of
the used_idx is the used index wrap counter, because we put the wrap
counter exactly in that position anyway.

Signed-off-by: Hanna Czenczek <hreitz@redhat.com>
Message-Id: <20230721134945.26967-1-hreitz@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: German Maglione <gmaglione@redhat.com>
2023-08-03 16:06:49 -04:00
David Edmondson
92f0422137 hw/virtio: qmp: add RING_RESET to 'info virtio-status'
Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Message-Id: <20230721072820.75797-1-david.edmondson@oracle.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-03 16:06:49 -04:00
Igor Mammedov
e3c79cf3ef tests: acpi: update expected blobs
Expected change is that _ADR object is removed from
hostbridge descriptor in DSDT for PC and Q35 machines.

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230720133858.1974024-7-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-03 16:06:49 -04:00
Igor Mammedov
5ce869f788 acpi: x86: remove _ADR on host bridges
ACPI spec (since 2.0a) says
"
A device object must contain either an _HID object or
an _ADR object, but can contain both.
"

_ADR is used when device is attached to an ennumerable bus,
however hostbridge is not and uses dedicated _HID for
discovery, drop _ADR field.

It doesn't seem that having _ADR has a negative effects
OSes manage to tolerate that, but there is no point of
having it there. (only pc/q35 has it hostbridge description,
while others (microvm/arm) don't)

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230720133858.1974024-6-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-03 16:06:49 -04:00
Igor Mammedov
d3dc64f34d tests: acpi: whitelist expected blobs
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230720133858.1974024-5-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-03 16:06:49 -04:00
Igor Mammedov
6e510855a9 tests: acpi: x86: update expected blobs
Following change is expected on each PCI slot with enabled
ACPI PCI hotplug

-                            BSEL,
-                            ASUN
+                            Zero,
+                            Zero
                         }
+                    Local0 [Zero] = BSEL /* \_SB_.PCI0.BSEL */
+                    Local0 [One] = ASUN /* \_SB_.PCI0.S18_.ASUN */

Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230720133858.1974024-4-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-03 16:06:49 -04:00
Igor Mammedov
44d975ef34 x86: acpi: workaround Windows not handling name references in Package properly
it seems that Windows is unable to handle variable references
making it choke up when accessing ASUN during _DSM call
when device is hotplugged (it lists package elements as DataAlias
but despite that later on it misbehaves) with following error
shown up in AMLI debugger (WS2012r2):
    Store(ShiftLeft(One,Arg1="ASUN",) AMLI_ERROR(c0140008): Unexpected argument type
    ValidateArgTypes: expected Arg1 to be type Integer (Type=String)
Similar outcome with WS2022.

Issue is not fatal but as result acpi-index/"PCI Label ID" property
is either not shown in device details page or shows incorrect value.

Fix it by doing assignment of BSEL/ASUN values to package
elements manually after package declaration.

Fix was tested with: WS2012r2, WS2022, RHEL9

Fixes: 467d099a29 (x86: acpi: _DSM: use Package to pass parameters)
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230720133858.1974024-3-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-03 16:06:49 -04:00
Igor Mammedov
45d9d318c8 tests: acpi: x86: whitelist expected blobs
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20230720133858.1974024-2-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-03 16:06:49 -04:00
Milan Zamazal
63a3520e29 hw/virtio: Add a protection against duplicate vu_scmi_stop calls
The QEMU CI fails in virtio-scmi test occasionally.  As reported by
Thomas Huth, this happens most likely when the system is loaded and it
fails with the following error:

  qemu-system-aarch64: ../../devel/qemu/hw/pci/msix.c:659:
  msix_unset_vector_notifiers: Assertion `dev->msix_vector_use_notifier && dev->msix_vector_release_notifier' failed.
  ../../devel/qemu/tests/qtest/libqtest.c:200: kill_qemu() detected QEMU death from signal 6 (Aborted) (core dumped)

As discovered by Fabiano Rosas, the cause is a duplicate invocation of
msix_unset_vector_notifiers via duplicate vu_scmi_stop calls:

  msix_unset_vector_notifiers
  virtio_pci_set_guest_notifiers
  vu_scmi_stop
  vu_scmi_disconnect
  ...
  qemu_chr_write_buffer

  msix_unset_vector_notifiers
  virtio_pci_set_guest_notifiers
  vu_scmi_stop
  vu_scmi_set_status
  ...
  qemu_cleanup

While vu_scmi_stop calls are protected by vhost_dev_is_started()
check, it's apparently not enough.  vhost-user-blk and vhost-user-gpio
use an extra protection, see f5b22d06fb (vhost: recheck dev state in
the vhost_migration_log routine) for the motivation.  Let's use the
same in vhost-user-scmi, which fixes the failure above.

Fixes: a5dab090e1 ("hw/virtio: Add boilerplate for vhost-user-scmi device")
Signed-off-by: Milan Zamazal <mzamazal@redhat.com>
Message-Id: <20230720101037.2161450-1-mzamazal@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Fabiano Rosas <farosas@suse.de>
2023-08-03 16:06:49 -04:00
Eric Auger
1084feddc6 virtio-iommu: Standardize granule extraction and formatting
At several locations we compute the granule from the config
page_size_mask using ctz() and then format it in traces using
BIT(). As the page_size_mask is 64b we should use ctz64 and
BIT_ULL() for formatting. We failed to be consistent.

Note the page_size_mask is garanteed to be non null. The spec
mandates the device to set at least one bit, so ctz64 cannot
return 64. This is garanteed by the fact the device
initializes the page_size_mask to qemu_target_page_mask()
and then the page_size_mask is further constrained by
virtio_iommu_set_page_size_mask() callback which can't
result in a new mask being null. So if Coverity complains
round those ctz64/BIT_ULL with CID 1517772 this is a false
positive

Signed-off-by: Eric Auger <eric.auger@redhat.com>
Fixes: 94df5b2180 ("virtio-iommu: Fix 64kB host page size VFIO device assignment")
Message-Id: <20230718182136.40096-1-eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Jean-Philippe Brucker <jean-philippe@linaro.org>
2023-08-03 16:06:49 -04:00
Peter Maydell
503d86dd66 hw/pci-bridge/cxl_upstream.c: Use g_new0() in build_cdat_table()
In build_cdat_table() we do:
 *cdat_table = g_malloc0(sizeof(*cdat_table) * CXL_USP_CDAT_NUM_ENTRIES);
This is wrong because:
 - cdat_table has type CDATSubHeader ***
 - so *cdat_table has type CDATSubHeader **
 - so the array we're allocating here should be items of type CDATSubHeader *
 - but we pass sizeof(*cdat_table), which is sizeof(CDATSubHeader **),
   implying that we're allocating an array of CDATSubHeader **

It happens that sizeof(CDATSubHeader **) == sizeof(CDATSubHeader *)
so nothing blows up, but this should be sizeof(**cdat_table).

Avoid this excessively hard-to-understand code by using
g_new0() instead, which will do the type checking for us.
While we're here, we can drop the useless check against failure,
as g_malloc0() and g_new0() never fail.

This fixes Coverity issue CID 1508120.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230718101327.1111374-1-peter.maydell@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
2023-08-03 16:06:49 -04:00
Eric Auger
cf2f89edf3 hw/virtio-iommu: Fix potential OOB access in virtio_iommu_handle_command()
In the virtio_iommu_handle_command() when a PROBE request is handled,
output_size takes a value greater than the tail size and on a subsequent
iteration we can get a stack out-of-band access. Initialize the
output_size on each iteration.

The issue was found with ASAN. Credits to:
Yiming Tao(Zhejiang University)
Gaoning Pan(Zhejiang University)

Fixes: 1733eebb9e ("virtio-iommu: Implement RESV_MEM probe request")
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reported-by: Mauro Matteo Cascella <mcascell@redhat.com>
Cc: qemu-stable@nongnu.org

Message-Id: <20230717162126.11693-1-eric.auger@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-08-03 16:06:49 -04:00
Richard Henderson
c167c80b46 * Fix timeout problems in the MSYS Gitlab CI jobs
* Fix a problem when compiling with Clang on Windows
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmTLijMRHHRodXRoQHJl
 ZGhhdC5jb20ACgkQLtnXdP5wLbW+OQ/5ASeu4rx6jyE8JFqRtvP6NEZ+UgQMRoCg
 NEfmSd9Y+tFewyuhLY5Pf6yUJWEljrdXp5ST6FId759l6DZ6mzQu809v427nN4Sb
 CxcwRYtoT2eEU0zhJ5ShnCXsNCl7Yyco3elWWFL3kbw4X2ooeOPkkGqQ1Tdfym8m
 /C+KVvFqFq4pnLnqMi7StylWtjYh/rAIMOw4kBDc3xU67eZiAd17+Hn9/t3Kca39
 99A1JW0LiR0U1ZkX7R/q8YbICUtBsrPww9HmqlX7BoNy2vzr6jgKqo1dkm5QkDfK
 ZEzvS1nssb3iiavIJbO7entWMcryzAiu6LF5imbI4e5T5uwerd3RVoHCsem2mu7Q
 CUoCEYjCFYC7HTRLl80UKcbPC1tn6y6q+PGaFY0z2eJnaxHifbY0rVu3eKo/oJIb
 Ba1ltlxlXKIey6usJcEjG7ZEgYsyxtmX0KJQgjWaKvuMx2ElcEMg4J/eE57NEmW/
 srfTrUpSZwplnEX8C8wQeqmzoBvUmubLiO7Z9l8yqMHcqXxn95fybxPFGafpAziF
 hQ9Qs6YB81522V9JG6pt135vUXWA+L5UiptYc97PHZ66E2hZrfUrA1tm0lajcZI+
 GARvFLMfsNWIPPnS2iz8jMrkXtTc3xgTz2zEv2BL9s9sUH0+L6ggDY8DgbjITrjF
 hM4vUezCa7E=
 =K5Qb
 -----END PGP SIGNATURE-----

Merge tag 'pull-request-2023-08-03' of https://gitlab.com/thuth/qemu into staging

* Fix timeout problems in the MSYS Gitlab CI jobs
* Fix a problem when compiling with Clang on Windows

# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmTLijMRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbW+OQ/5ASeu4rx6jyE8JFqRtvP6NEZ+UgQMRoCg
# NEfmSd9Y+tFewyuhLY5Pf6yUJWEljrdXp5ST6FId759l6DZ6mzQu809v427nN4Sb
# CxcwRYtoT2eEU0zhJ5ShnCXsNCl7Yyco3elWWFL3kbw4X2ooeOPkkGqQ1Tdfym8m
# /C+KVvFqFq4pnLnqMi7StylWtjYh/rAIMOw4kBDc3xU67eZiAd17+Hn9/t3Kca39
# 99A1JW0LiR0U1ZkX7R/q8YbICUtBsrPww9HmqlX7BoNy2vzr6jgKqo1dkm5QkDfK
# ZEzvS1nssb3iiavIJbO7entWMcryzAiu6LF5imbI4e5T5uwerd3RVoHCsem2mu7Q
# CUoCEYjCFYC7HTRLl80UKcbPC1tn6y6q+PGaFY0z2eJnaxHifbY0rVu3eKo/oJIb
# Ba1ltlxlXKIey6usJcEjG7ZEgYsyxtmX0KJQgjWaKvuMx2ElcEMg4J/eE57NEmW/
# srfTrUpSZwplnEX8C8wQeqmzoBvUmubLiO7Z9l8yqMHcqXxn95fybxPFGafpAziF
# hQ9Qs6YB81522V9JG6pt135vUXWA+L5UiptYc97PHZ66E2hZrfUrA1tm0lajcZI+
# GARvFLMfsNWIPPnS2iz8jMrkXtTc3xgTz2zEv2BL9s9sUH0+L6ggDY8DgbjITrjF
# hM4vUezCa7E=
# =K5Qb
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 03 Aug 2023 04:06:27 AM PDT
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [undefined]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* tag 'pull-request-2023-08-03' of https://gitlab.com/thuth/qemu:
  gitlab: disable FF_SCRIPT_SECTIONS on msys jobs
  gitlab: disable optimization and debug symbols in msys build
  configure: support passthrough of -Dxxx args to meson
  gitlab: always populate cache for windows msys jobs
  gitlab: drop $CI_PROJECT_DIR from cache path
  gitlab: always use updated msys installer
  gitlab: print timestamps during windows msys jobs
  gitlab: remove duplication between msys jobs
  util/oslib-win32: Fix compiling with Clang from MSYS2

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-08-03 07:37:17 -07:00
Daniel P. Berrangé
f54ba56dad gitlab: disable FF_SCRIPT_SECTIONS on msys jobs
The FF_SCRIPT_SECTIONS=1 variable should ordinarily cause output from
each line of the job script to be presented in a collapsible section
with execution time listed.

While it works on Linux shared runners, when used with Windows runners
with PowerShell, this option does not create any sections, and actually
causes echo'ing of commands to be disabled, making it even worse to
debug the jobs.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230801130403.164060-9-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:48 +02:00
Daniel P. Berrangé
63f5365cd4 gitlab: disable optimization and debug symbols in msys build
Building at -O2, adds 33% to the build time, over -O2. IOW a build that
takes 45 minutes at -O0, takes 60 minutes at -O2. Turning off debug
symbols drops it further, down to 38 minutes.

IOW, a "-O2 -g" build is 58% slower than a "-O0" build on msys in the
gitlab CI windows shared runners.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230801130403.164060-8-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:48 +02:00
Daniel P. Berrangé
ff136d2a99 configure: support passthrough of -Dxxx args to meson
This can be useful for setting some meson global options, such as the
optimization level or debug state.xs

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230801130403.164060-7-berrange@redhat.com>
[thuth: Move the help text into the section with the other --... options]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:48 +02:00
Daniel P. Berrangé
ef4fe31f33 gitlab: always populate cache for windows msys jobs
The cache is used to hold the msys installer. Even if the build phase
fails, we should still populate the cache as the installer will be
valid for next time.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230801130403.164060-6-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:47 +02:00
Daniel P. Berrangé
5ef56e3b18 gitlab: drop $CI_PROJECT_DIR from cache path
The gitlab cache is limited to only handle content within the
$CI_PROJECT_DIR hierarchy, and as such relative paths are always
implicitly relative to $CI_PROJECT_DIR.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230801130403.164060-5-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:47 +02:00
Daniel P. Berrangé
46aedd34b4 gitlab: always use updated msys installer
We current reference an msys installer binary from mid-2022, which means
after installation, it immediately has to re-download a bunch of newer
content. This wastes precious CI time.

The msys project publishes an installer binary with a fixed URL that
always references the latest content. We cache the downloads in gitlab
though and so once downloaded we would never re-fetch the installer
leading back to the same problem.

To deal with this we also fetch the pgp signature for the installer
on every run, and compare that to the previously cached signature. If
the signature changes, we re-download the full installer.

This ensures we always have the latest installer for msys, while also
maximising use of the gitlab cache.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230801130403.164060-4-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:47 +02:00
Daniel P. Berrangé
b64052cdad gitlab: print timestamps during windows msys jobs
It is hard to get visibility into where time is consumed in our Windows
msys jobs. Adding a few log console messages with the timestamp will
aid in our debugging.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230801130403.164060-3-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:47 +02:00
Daniel P. Berrangé
11961d08fc gitlab: remove duplication between msys jobs
Although they share a common parent, the two msys jobs still have
massive duplication in their script definitions that can easily be
collapsed.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230801130403.164060-2-berrange@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:47 +02:00
Thomas Huth
c5b5288c3d util/oslib-win32: Fix compiling with Clang from MSYS2
Clang complains:

../util/oslib-win32.c:483:56: error: omitting the parameter name in a
 function definition is a C2x extension [-Werror,-Wc2x-extensions]
win32_close_exception_handler(struct _EXCEPTION_RECORD*,
                                                       ^
Fix it by adding parameter names.

Message-Id: <20230728142748.305341-4-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2023-08-03 13:04:35 +02:00
Richard Henderson
9ba37026fc Update version for v8.1.0-rc2 release
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-08-02 08:22:45 -07:00
Richard Henderson
fb695ae3fd QAPI patches patches for 2023-08-02
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmTKB9wSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZT5w4P/ReWCzwnNWDHAlInd91gQxmH5AB5VRMK
 jnLLLxzMx3KIk2cjoHG7nvVBpHKaEzhwZoyjQvILnSoHVeHUteHNvfJAS/LG0bYw
 ujpSem7C1LXT/+WPf/j2eIdfZ243Z1/WkJW4ZXWuUyZYea0Uc6M+eXgnw1VfZOPn
 UmTXrJzV35KY2mB4EMdBON2P/0VnqoXH17Ke13JxI10NDgFzzhlltM5J4CBKFqPM
 XcrpeuQdfk3NR1XxDIUIVNcYkbg1EMVrnZs1m8M8hcgnUKAxoPyYFdq2m+bVITmL
 C4uxdqg6UUvtHzwdp/CbeXPBKuuZnR4TcFIW+4uJHoCJxhLjKhACbowz8fCHh8dg
 5999ZsmgCfK4P4KxcOYQpGG5qLm4G8L+cxx/b5Tu/UlguCwc6/CRs6njpzA0trDy
 4Qz+F7hSGQqSX5hZT6h94l88fZ+tfrSnXGRxhpwF2pFOzTZsIvE8X43KIXo1jMWf
 M4mwb7TtMmBgF4Q6rfg1GxcYkJ7weFlro7nsWUOxPZXINJO17pDx8OI9bLkBV99x
 UQ1pfGhhTncVGai/eNOtr+REXpW0mse5DAX8UlxiBJyerQhjbqq4cKHrbMvoRE1D
 YJRt7h8t2mKwmdXpGRkVtLEvTKivhJ9x4/ZRmoKzWDlTucNN/gW5rUahbJ68d3Qf
 tsq+a97nbfp4
 =/Xq1
 -----END PGP SIGNATURE-----

Merge tag 'pull-qapi-2023-08-02' of https://repo.or.cz/qemu/armbru into staging

QAPI patches patches for 2023-08-02

# -----BEGIN PGP SIGNATURE-----
#
# iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmTKB9wSHGFybWJydUBy
# ZWRoYXQuY29tAAoJEDhwtADrkYZT5w4P/ReWCzwnNWDHAlInd91gQxmH5AB5VRMK
# jnLLLxzMx3KIk2cjoHG7nvVBpHKaEzhwZoyjQvILnSoHVeHUteHNvfJAS/LG0bYw
# ujpSem7C1LXT/+WPf/j2eIdfZ243Z1/WkJW4ZXWuUyZYea0Uc6M+eXgnw1VfZOPn
# UmTXrJzV35KY2mB4EMdBON2P/0VnqoXH17Ke13JxI10NDgFzzhlltM5J4CBKFqPM
# XcrpeuQdfk3NR1XxDIUIVNcYkbg1EMVrnZs1m8M8hcgnUKAxoPyYFdq2m+bVITmL
# C4uxdqg6UUvtHzwdp/CbeXPBKuuZnR4TcFIW+4uJHoCJxhLjKhACbowz8fCHh8dg
# 5999ZsmgCfK4P4KxcOYQpGG5qLm4G8L+cxx/b5Tu/UlguCwc6/CRs6njpzA0trDy
# 4Qz+F7hSGQqSX5hZT6h94l88fZ+tfrSnXGRxhpwF2pFOzTZsIvE8X43KIXo1jMWf
# M4mwb7TtMmBgF4Q6rfg1GxcYkJ7weFlro7nsWUOxPZXINJO17pDx8OI9bLkBV99x
# UQ1pfGhhTncVGai/eNOtr+REXpW0mse5DAX8UlxiBJyerQhjbqq4cKHrbMvoRE1D
# YJRt7h8t2mKwmdXpGRkVtLEvTKivhJ9x4/ZRmoKzWDlTucNN/gW5rUahbJ68d3Qf
# tsq+a97nbfp4
# =/Xq1
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 02 Aug 2023 12:38:04 AM PDT
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [undefined]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* tag 'pull-qapi-2023-08-02' of https://repo.or.cz/qemu/armbru:
  MAINTAINERS: Add section "Migration dirty limit and dirty page rate"
  qapi: Craft the dirty-limit capability comment
  qapi: Reformat the dirty-limit migration doc comments

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-08-02 06:51:53 -07:00
Richard Henderson
081619e677 Misc patches queue
xen: Fix issues reported by fuzzer / Coverity
 misc: Fix some typos in documentation and comments
 ui/dbus: Build fixes for Clang/win32/!opengl
 linux-user: Semihosting fixes on m68k/nios2
 tests/migration: Disable stack protector when linking without stdlib
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmTJfrQACgkQ4+MsLN6t
 wN4Nqw/+NjoW2jdy9LNAgx7IeH2w+HfvvULpBOTDRRNahuXbGpzl6L57cS92r5a8
 UFJGfxbL2nlxrJbUdAWGONIweCvUb9jnpbT2id1dBp4wp+8aKFvPj1Al34OENNVS
 1lQT0G6mKx9itcXP9lVSBPhEbWIB9ZMaDG0R872bA6Ec3G7PWny+AOhMvJecieol
 2Qyv84ioA3N0xkYUB64KBVDmJOG0Tx+LYZfsXUybLKwfvBDLeVkHuHKtb94kh0G9
 MUsM/p9sHvfrC1bO+DQ9P1bzRI9zw2I2f4xMIs4QCMGPbJUrhv7edOc2PSO5XQoG
 izcV9NSL0tl6LbXZvkE7sJw0tDuR6R9sQ9KJWoltJCGRGOWlC5CeSTUfLbH9HkFc
 CXapKWth6cmOboGZNTlidn41oH7xE/kW6Em1XAD0M0eLUCUMzVjaSs1sIwKnbF7i
 sz7HcgAAuAVhmR0n4zOkphJkek72J7atLNpqU0AdYH46LR92zSdh6YoD5YDBPwY8
 hoy7VFauSkF8+5Wi7CTTjtq+edkuFRcuNMCR0Fd2iolE8KKYvxHnwEGH/5T4s2m7
 8f40AEyQRk0nFn44tqeyb14O8c2lZL3jmDEh+LYT/PPp/rCc/X7Ugplpau+bNZsx
 OOZd0AxujbrK+Xn80Agc+3/vn4/2eAvz7OdGc/SmKuYLyseBQfo=
 =5ZLa
 -----END PGP SIGNATURE-----

Merge tag 'misc-fixes-20230801' of https://github.com/philmd/qemu into staging

Misc patches queue

xen: Fix issues reported by fuzzer / Coverity
misc: Fix some typos in documentation and comments
ui/dbus: Build fixes for Clang/win32/!opengl
linux-user: Semihosting fixes on m68k/nios2
tests/migration: Disable stack protector when linking without stdlib

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmTJfrQACgkQ4+MsLN6t
# wN4Nqw/+NjoW2jdy9LNAgx7IeH2w+HfvvULpBOTDRRNahuXbGpzl6L57cS92r5a8
# UFJGfxbL2nlxrJbUdAWGONIweCvUb9jnpbT2id1dBp4wp+8aKFvPj1Al34OENNVS
# 1lQT0G6mKx9itcXP9lVSBPhEbWIB9ZMaDG0R872bA6Ec3G7PWny+AOhMvJecieol
# 2Qyv84ioA3N0xkYUB64KBVDmJOG0Tx+LYZfsXUybLKwfvBDLeVkHuHKtb94kh0G9
# MUsM/p9sHvfrC1bO+DQ9P1bzRI9zw2I2f4xMIs4QCMGPbJUrhv7edOc2PSO5XQoG
# izcV9NSL0tl6LbXZvkE7sJw0tDuR6R9sQ9KJWoltJCGRGOWlC5CeSTUfLbH9HkFc
# CXapKWth6cmOboGZNTlidn41oH7xE/kW6Em1XAD0M0eLUCUMzVjaSs1sIwKnbF7i
# sz7HcgAAuAVhmR0n4zOkphJkek72J7atLNpqU0AdYH46LR92zSdh6YoD5YDBPwY8
# hoy7VFauSkF8+5Wi7CTTjtq+edkuFRcuNMCR0Fd2iolE8KKYvxHnwEGH/5T4s2m7
# 8f40AEyQRk0nFn44tqeyb14O8c2lZL3jmDEh+LYT/PPp/rCc/X7Ugplpau+bNZsx
# OOZd0AxujbrK+Xn80Agc+3/vn4/2eAvz7OdGc/SmKuYLyseBQfo=
# =5ZLa
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 01 Aug 2023 02:52:52 PM PDT
# gpg:                using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]

* tag 'misc-fixes-20230801' of https://github.com/philmd/qemu:
  target/m68k: Fix semihost lseek offset computation
  target/nios2: Fix semihost lseek offset computation
  target/nios2: Pass semihosting arg to exit
  tests/migration: Add -fno-stack-protector
  misc: Fix some typos in documentation and comments
  ui/dbus: fix clang compilation issue
  ui/dbus: fix win32 compilation when !opengl
  hw/xen: prevent guest from binding loopback event channel to itself
  i386/xen: consistent locking around Xen singleshot timers
  hw/xen: fix off-by-one in xen_evtchn_set_gsi()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-08-02 06:51:29 -07:00
Hyman Huang(黄勇)
2b3edd9518 MAINTAINERS: Add section "Migration dirty limit and dirty page rate"
I've built interests in dirty limit and dirty page rate
features and also have been working on projects related
to this subsystem.

Add a section to the MAINTAINERS file for migration
dirty limit and dirty page rate.

Add myself as a maintainer for this subsystem so that I
can help to improve the dirty limit algorithm and review
the patches about dirty page rate.

Signed-off-by: Hyman Huang(黄勇) <yong.huang@smartx.com>
Acked-by: Peter Xu <peterx@redhat.com>
Message-ID: <169073570563.19893.2928364761104733482-3@git.sr.ht>
Acked-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-08-02 09:33:38 +02:00
Hyman Huang(黄勇)
ef96537732 qapi: Craft the dirty-limit capability comment
Signed-off-by: Hyman Huang(黄勇) <yong.huang@smartx.com>
Message-ID: <169073570563.19893.2928364761104733482-2@git.sr.ht>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-08-02 09:33:38 +02:00
Hyman Huang(黄勇)
8abc81150f qapi: Reformat the dirty-limit migration doc comments
Reformat the dirty-limit migration doc comments to conform
to current conventions as commit a937b6aa73 (qapi: Reformat
doc comments to conform to current conventions).

Signed-off-by: Hyman Huang(黄勇) <yong.huang@smartx.com>
Message-ID: <169073570563.19893.2928364761104733482-1@git.sr.ht>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
[Whitespace tidied up]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
2023-08-02 09:33:34 +02:00
Peter Maydell
8caaae7319 target/m68k: Fix semihost lseek offset computation
The arguments for deposit64 are (value, start, length, fieldval); this
appears to have thought they were (value, fieldval, start,
length). Reorder the parameters to match the actual function.

Cc: qemu-stable@nongnu.org
Fixes: 950272506d ("target/m68k: Use semihosting/syscalls.h")
Reported-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230801154519.3505531-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
Keith Packard
71e2dd6aa1 target/nios2: Fix semihost lseek offset computation
The arguments for deposit64 are (value, start, length, fieldval); this
appears to have thought they were (value, fieldval, start,
length). Reorder the parameters to match the actual function.

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Fixes: d1e23cbaa4 ("target/nios2: Use semihosting/syscalls.h")
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230731235245.295513-1-keithp@keithp.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
Keith Packard
c11d5bdae7 target/nios2: Pass semihosting arg to exit
Instead of using R_ARG0 (the semihost function number), use R_ARG1
(the provided exit status).

Signed-off-by: Keith Packard <keithp@keithp.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230801152245.332749-1-keithp@keithp.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
Akihiko Odaki
7a06a8fec9 tests/migration: Add -fno-stack-protector
A build of GCC 13.2 will have stack protector enabled by default if it
was configured with --enable-default-ssp option. For such a compiler,
it is necessary to explicitly disable stack protector when linking
without standard libraries.

Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230731091042.139159-2-akihiko.odaki@daynix.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
Stefan Weil
313e162951 misc: Fix some typos in documentation and comments
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230730180329.851576-1-sw@weilnetz.de>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
Marc-André Lureau
7b4a3f8145 ui/dbus: fix clang compilation issue
../ui/dbus-listener.c:236:9: error: expected expression
        Error *err = NULL;

See:
https://gitlab.com/qemu-project/qemu/-/issues/1782#note_1488517427

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20230726151221.515761-1-marcandre.lureau@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
Marc-Andre Lureau
866b24e4c3 ui/dbus: fix win32 compilation when !opengl
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1782

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230725112540.53284-1-marcandre.lureau@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
David Woodhouse
75a87af9b2 hw/xen: prevent guest from binding loopback event channel to itself
Fuzzing showed that a guest could bind an interdomain port to itself, by
guessing the next port to be allocated and putting that as the 'remote'
port number. By chance, that works because the newly-allocated port has
type EVTCHNSTAT_unbound. It shouldn't.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20230801175747.145906-4-dwmw2@infradead.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
David Woodhouse
19c417ec87 i386/xen: consistent locking around Xen singleshot timers
Coverity points out (CID 1507534, 1507968) that we sometimes access
env->xen_singleshot_timer_ns under the protection of
env->xen_timers_lock and sometimes not.

This isn't always an issue. There are two modes for the timers; if the
kernel supports the EVTCHN_SEND capability then it handles all the timer
hypercalls and delivery internally, and all we use the field for is to
get/set the timer as part of the vCPU state via an ioctl(). If the
kernel doesn't have that support, then we do all the emulation within
qemu, and *those* are the code paths where we actually care about the
locking.

But it doesn't hurt to be a little bit more consistent and avoid having
to explain *why* it's OK.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20230801175747.145906-3-dwmw2@infradead.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:52:23 +02:00
David Woodhouse
cf885b1957 hw/xen: fix off-by-one in xen_evtchn_set_gsi()
Coverity points out (CID 1508128) a bounds checking error. We need to check
for gsi >= IOAPIC_NUM_PINS, not just greater-than.

Also fix up an assert() that has the same problem, that Coverity didn't see.

Fixes: 4f81baa33e ("hw/xen: Support GSI mapping to PIRQ")
Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230801175747.145906-2-dwmw2@infradead.org>
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
2023-08-01 23:40:30 +02:00
Richard Henderson
a51c070538 Fix crash during early close of TLS channel
-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmTJRN4ACgkQvobrtBUQ
 T9+jYBAAinW63Oj4PVXMD1hQr3r6aShr3O5YkUqZjWeOh0+VdJpfRwk39Cgagjp5
 WURcPIlE7NR78ZeHQmd4w+D36EyzqMajm+MuGnOUUdCUR/zCHmAzeClyDlEZoril
 Fn6urO/qg+38vdyvnZUJ35KC5vtTn+uX0djEVJRwrOb0mXaeU6z3RY/XzIJcY9HZ
 sL1yhyyAaQ2T5lX8kD3cJhyqjjpZHUXWFE0HoxxzcfR4dLOF45RevT8fPzrLl+wi
 UrTMc8agylo2J/h6FD9niUNlgUjmeRp6j5q6bLGVx1gaoi6VTxA6wl074rMqW37V
 bXqoYffGeA9pIGdXSqSnOeRkqONbgAoLzlNkLSgVEz96janqZYydkldS5YaOC8VM
 qI0Je6fWFQIbg9acf6Wdb8aoqaM7chgU7tkSQ51wnj4ItIwfWJADm4/ZYDrgeFC6
 vj5I+aMyqneEbouzNFsYjEE5KSjqwe8Hdv9VLhfPI9uluzveMencYGPm4gufzO46
 t6yYi+SGvejDLE9dxExbD7xwt79VRTC5oPes6tZRv+C+ccKAXT/igquQsvBHehoo
 Py1bi0Gi/PwkzvpXgdAfsWJDM8tFPsveicdNdYG4iqxDOrNWlbvbpdqNzjLOT9jt
 8gr8MY9fGMVeBi29I46AsAmE7K78yg88ZoNBhy6C0oIhGKCDK1s=
 =qwqP
 -----END PGP SIGNATURE-----

Merge tag 'io-tls-hs-crash-pull-request' of https://gitlab.com/berrange/qemu into staging

Fix crash during early close of TLS channel

# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmTJRN4ACgkQvobrtBUQ
# T9+jYBAAinW63Oj4PVXMD1hQr3r6aShr3O5YkUqZjWeOh0+VdJpfRwk39Cgagjp5
# WURcPIlE7NR78ZeHQmd4w+D36EyzqMajm+MuGnOUUdCUR/zCHmAzeClyDlEZoril
# Fn6urO/qg+38vdyvnZUJ35KC5vtTn+uX0djEVJRwrOb0mXaeU6z3RY/XzIJcY9HZ
# sL1yhyyAaQ2T5lX8kD3cJhyqjjpZHUXWFE0HoxxzcfR4dLOF45RevT8fPzrLl+wi
# UrTMc8agylo2J/h6FD9niUNlgUjmeRp6j5q6bLGVx1gaoi6VTxA6wl074rMqW37V
# bXqoYffGeA9pIGdXSqSnOeRkqONbgAoLzlNkLSgVEz96janqZYydkldS5YaOC8VM
# qI0Je6fWFQIbg9acf6Wdb8aoqaM7chgU7tkSQ51wnj4ItIwfWJADm4/ZYDrgeFC6
# vj5I+aMyqneEbouzNFsYjEE5KSjqwe8Hdv9VLhfPI9uluzveMencYGPm4gufzO46
# t6yYi+SGvejDLE9dxExbD7xwt79VRTC5oPes6tZRv+C+ccKAXT/igquQsvBHehoo
# Py1bi0Gi/PwkzvpXgdAfsWJDM8tFPsveicdNdYG4iqxDOrNWlbvbpdqNzjLOT9jt
# 8gr8MY9fGMVeBi29I46AsAmE7K78yg88ZoNBhy6C0oIhGKCDK1s=
# =qwqP
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 01 Aug 2023 10:46:06 AM PDT
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]

* tag 'io-tls-hs-crash-pull-request' of https://gitlab.com/berrange/qemu:
  io: remove io watch if TLS channel is closed during handshake

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-08-01 10:49:16 -07:00
Daniel P. Berrangé
10be627d2b io: remove io watch if TLS channel is closed during handshake
The TLS handshake make take some time to complete, during which time an
I/O watch might be registered with the main loop. If the owner of the
I/O channel invokes qio_channel_close() while the handshake is waiting
to continue the I/O watch must be removed. Failing to remove it will
later trigger the completion callback which the owner is not expecting
to receive. In the case of the VNC server, this results in a SEGV as
vnc_disconnect_start() tries to shutdown a client connection that is
already gone / NULL.

CVE-2023-3354
Reported-by: jiangyegen <jiangyegen@huawei.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2023-08-01 18:45:27 +01:00
Richard Henderson
38a6de80b9 Misc fixes, for thread-pool, xen, and xen-emulate
* fix an access to `request_cond` QemuCond in thread-pool
 * fix issue with PCI devices when unplugging IDE devices in Xen guest
 * several fixes for issues pointed out by Coverity
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAmTI0qcACgkQDPVXL9f7
 Va9DVAgAlKGhkOhLiOtlwL05iI8/YiT7ekCSoMTWYO8iIyLCKGLVU5yyOAqYiAJD
 dEgXNZOeulcLkn3LDCQYtZJmD42sUHv/xmdJ06zJ9jRvtLAJp5wuwaU9JFDhJPsG
 eYPGBMdO39meUmgQe3X27CEKtht5Z8M9ZABdTLAxMyPANEzFmT7ni9wd/8Uc+tWg
 BMsXQco8e1GSiBUjSky5nSW248FVDIyjkaYWk1poXEfm4gPQ0jf9gg/biEj44cSH
 Tdz6de1kTwJfuYR+h+COQOrq0fUfz4SyVocKvtycZhKGXIqL74DiIGatxdVOwV9Y
 NJ8g4oKDgDeMBZ66kXnTX4Y9nzhPpA==
 =CdlZ
 -----END PGP SIGNATURE-----

Merge tag 'pull-xen-20230801' of https://xenbits.xen.org/git-http/people/aperard/qemu-dm into staging

Misc fixes, for thread-pool, xen, and xen-emulate

* fix an access to `request_cond` QemuCond in thread-pool
* fix issue with PCI devices when unplugging IDE devices in Xen guest
* several fixes for issues pointed out by Coverity

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAmTI0qcACgkQDPVXL9f7
# Va9DVAgAlKGhkOhLiOtlwL05iI8/YiT7ekCSoMTWYO8iIyLCKGLVU5yyOAqYiAJD
# dEgXNZOeulcLkn3LDCQYtZJmD42sUHv/xmdJ06zJ9jRvtLAJp5wuwaU9JFDhJPsG
# eYPGBMdO39meUmgQe3X27CEKtht5Z8M9ZABdTLAxMyPANEzFmT7ni9wd/8Uc+tWg
# BMsXQco8e1GSiBUjSky5nSW248FVDIyjkaYWk1poXEfm4gPQ0jf9gg/biEj44cSH
# Tdz6de1kTwJfuYR+h+COQOrq0fUfz4SyVocKvtycZhKGXIqL74DiIGatxdVOwV9Y
# NJ8g4oKDgDeMBZ66kXnTX4Y9nzhPpA==
# =CdlZ
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 01 Aug 2023 02:38:47 AM PDT
# gpg:                using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF
# gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [unknown]
# gpg:                 aka "Anthony PERARD <anthony.perard@citrix.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 5379 2F71 024C 600F 778A  7161 D8D5 7199 DF83 42C8
#      Subkey fingerprint: F80C 0063 08E2 2CFD 8A92  E798 0CF5 572F D7FB 55AF

* tag 'pull-xen-20230801' of https://xenbits.xen.org/git-http/people/aperard/qemu-dm:
  xen-platform: do full PCI reset during unplug of IDE devices
  xen: Don't pass MemoryListener around by value
  thread-pool: signal "request_cond" while locked
  xen-block: Avoid leaks on new error path
  hw/xen: Clarify (lack of) error handling in transaction_commit()

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-08-01 07:27:31 -07:00
Olaf Hering
856ca10f9c xen-platform: do full PCI reset during unplug of IDE devices
The IDE unplug function needs to reset the entire PCI device, to make
sure all state is initialized to defaults. This is done by calling
pci_device_reset, which resets not only the chip specific registers, but
also all PCI state. This fixes "unplug" in a Xen HVM domU with the
modular legacy xenlinux PV drivers.

Commit ee358e919e ("hw/ide/piix: Convert reset handler to
DeviceReset") changed the way how the the disks are unplugged. Prior
this commit the PCI device remained unchanged. After this change,
piix_ide_reset is exercised after the "unplug" command, which was not
the case prior that commit. This function resets the command register.
As a result the ata_piix driver inside the domU will see a disabled PCI
device. The generic PCI code will reenable the PCI device. On the qemu
side, this runs pci_default_write_config/pci_update_mappings. Here a
changed address is returned by pci_bar_address, this is the address
which was truncated in piix_ide_reset. In case of a Xen HVM domU, the
address changes from 0xc120 to 0xc100. This truncation was a bug in
piix_ide_reset, which was fixed in commit 230dfd9257 ("hw/ide/piix:
properly initialize the BMIBA register"). If pci_xen_ide_unplug had used
pci_device_reset, the PCI registers would have been properly reset, and
commit ee358e919e would have not introduced a regression for this
specific domU environment.

While the unplug is supposed to hide the IDE disks, the changed BMIBA
address broke the UHCI device. In case the domU has an USB tablet
configured, to recive absolute pointer coordinates for the GUI, it will
cause a hang during device discovery of the partly discovered USB hid
device. Reading the USBSTS word size register will fail. The access ends
up in the QEMU piix-bmdma device, instead of the expected uhci device.
Here a byte size request is expected, and a value of ~0 is returned. As
a result the UCHI driver sees an error state in the register, and turns
off the UHCI controller.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20230720072950.20198-1-olaf@aepfle.de>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2023-08-01 10:22:33 +01:00
Peter Maydell
bcb40db010 xen: Don't pass MemoryListener around by value
Coverity points out (CID 1513106, 1513107) that MemoryListener is a
192 byte struct which we are passing around by value.  Switch to
passing a const pointer into xen_register_ioreq() and then to
xen_do_ioreq_register().  We can also make the file-scope
MemoryListener variables const, since nothing changes them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Acked-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-Id: <20230718101057.1110979-1-peter.maydell@linaro.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2023-08-01 10:22:33 +01:00
Anthony PERARD
f4f71363fc thread-pool: signal "request_cond" while locked
thread_pool_free() might have been called on the `pool`, which would
be a reason for worker_thread() to quit. In this case,
`pool->request_cond` is been destroyed.

If worker_thread() didn't managed to signal `request_cond` before it
been destroyed by thread_pool_free(), we got:
    util/qemu-thread-posix.c:198: qemu_cond_signal: Assertion `cond->initialized' failed.

One backtrace:
    __GI___assert_fail (assertion=0x55555614abcb "cond->initialized", file=0x55555614ab88 "util/qemu-thread-posix.c", line=198,
	function=0x55555614ad80 <__PRETTY_FUNCTION__.17104> "qemu_cond_signal") at assert.c:101
    qemu_cond_signal (cond=0x7fffb800db30) at util/qemu-thread-posix.c:198
    worker_thread (opaque=0x7fffb800dab0) at util/thread-pool.c:129
    qemu_thread_start (args=0x7fffb8000b20) at util/qemu-thread-posix.c:505
    start_thread (arg=<optimized out>) at pthread_create.c:486

Reported here:
    https://lore.kernel.org/all/ZJwoK50FcnTSfFZ8@MacBook-Air-de-Roger.local/T/#u

To avoid issue, keep lock while sending a signal to `request_cond`.

Fixes: 900fa208f5 ("thread-pool: replace semaphore with condition variable")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20230714152720.5077-1-anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2023-08-01 10:22:33 +01:00
Anthony PERARD
aa36243514 xen-block: Avoid leaks on new error path
Commit 1898293990 ("xen-block: Use specific blockdev driver")
introduced a new error path, without taking care of allocated
resources.

So only allocate the qdicts after the error check, and free both
`filename` and `driver` when we are about to return and thus taking
care of both success and error path.

Coverity only spotted the leak of qdicts (*_layer variables).

Reported-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: Coverity CID 1508722, 1398649
Fixes: 1898293990 ("xen-block: Use specific blockdev driver")
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
Reviewed-by: Paul Durrant <paul@xen.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20230704171819.42564-1-anthony.perard@citrix.com>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2023-08-01 10:22:33 +01:00
David Woodhouse
ace33a0e5a hw/xen: Clarify (lack of) error handling in transaction_commit()
Coverity was unhappy (CID 1508359) because we didn't check the return of
init_walk_op() in transaction_commit(), despite doing so at every other
call site.

Strictly speaking, this is a false positive since it can never fail. It
only fails for invalid user input (transaction ID or path), and both of
those are hard-coded to known sane values in this invocation.

But Coverity doesn't know that, and neither does the casual reader of the
code.

Returning an error here would be weird, since the transaction *is*
committed by this point; all the walk_op is doing is firing watches on
the newly-committed changed nodes. So make it a g_assert(!ret), since
it really should never happen.

Signed-off-by: David Woodhouse <dwmw@amazon.co.uk>
Reviewed-by: Paul Durrant <paul@xen.org>
Message-Id: <20076888f6bdf06a65aafc5cf954260965d45b97.camel@infradead.org>
Signed-off-by: Anthony PERARD <anthony.perard@citrix.com>
2023-08-01 10:22:33 +01:00
Richard Henderson
802341823f util/interval-tree: Access left/right/parent atomically
accel/tcg: Clear gen_tb on buffer overflow
 bsd-user: Specify host page alignment if none specified
 bsd-user: Allocate guest virtual address space
 target/ppc: Disable goto_tb with architectural singlestep
 target/s390x: Move trans_exc_code update to do_program_interrupt
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTIIQUdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV87JAf/ZgJTq26oniJ4TLkS
 2UVBEcxGnnA2L1n4zcXG1o0onT5dAqm/6YjSlVD7C+Ol8pzQMomJKcWLL/jrCEUp
 rQXPV9ibD5bCtO47MY3ZS3aW3pqOhXOeKUFer1+YHWRRyi9Y6kEx0d2No3MSGo18
 S5A6zPwqduQvZPBPVualmtdIrpTasxhUdNfbqBW31pxYpCNg1wqIiwKoLcD5NJeX
 epVhaUi/7TwqljrK7SGXmmfDWiTHIXDtvPrJQcSYGgqpVNFzRuq6jTXRJObeWen0
 DhOHqC0Z6OkZ2gU+eso/VRbcbawQNQohUHQzZ7c0643TxncPDKG82/MDRe2MTJnq
 /z+jpw==
 =Z8UY
 -----END PGP SIGNATURE-----

Merge tag 'pull-tcg-20230731' of https://gitlab.com/rth7680/qemu into staging

util/interval-tree: Access left/right/parent atomically
accel/tcg: Clear gen_tb on buffer overflow
bsd-user: Specify host page alignment if none specified
bsd-user: Allocate guest virtual address space
target/ppc: Disable goto_tb with architectural singlestep
target/s390x: Move trans_exc_code update to do_program_interrupt

# -----BEGIN PGP SIGNATURE-----
#
# iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTIIQUdHHJpY2hhcmQu
# aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV87JAf/ZgJTq26oniJ4TLkS
# 2UVBEcxGnnA2L1n4zcXG1o0onT5dAqm/6YjSlVD7C+Ol8pzQMomJKcWLL/jrCEUp
# rQXPV9ibD5bCtO47MY3ZS3aW3pqOhXOeKUFer1+YHWRRyi9Y6kEx0d2No3MSGo18
# S5A6zPwqduQvZPBPVualmtdIrpTasxhUdNfbqBW31pxYpCNg1wqIiwKoLcD5NJeX
# epVhaUi/7TwqljrK7SGXmmfDWiTHIXDtvPrJQcSYGgqpVNFzRuq6jTXRJObeWen0
# DhOHqC0Z6OkZ2gU+eso/VRbcbawQNQohUHQzZ7c0643TxncPDKG82/MDRe2MTJnq
# /z+jpw==
# =Z8UY
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 31 Jul 2023 02:00:53 PM PDT
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate]

* tag 'pull-tcg-20230731' of https://gitlab.com/rth7680/qemu:
  target/s390x: Move trans_exc_code update to do_program_interrupt
  linux-user/armeb: Fix __kernel_cmpxchg() for armeb
  target/ppc: Disable goto_tb with architectural singlestep
  bsd-user: Specify host page alignment if none specified
  bsd-user: Allocate guest virtual address space
  accel/tcg: Clear tcg_ctx->gen_tb on buffer overflow
  util/interval-tree: Use qatomic_read/set for rb_parent_color
  util/interval-tree: Introduce pc_parent
  util/interval-tree: Use qatomic_set_mb in rb_link_node
  util/interval-tree: Use qatomic_read for left/right while searching

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-31 14:02:51 -07:00
Richard Henderson
8b94ec53f3 target/s390x: Move trans_exc_code update to do_program_interrupt
This solves a problem in which the store to LowCore during tlb_fill
triggers a clean-page TB invalidation for page0 during translation,
which results in an assertion failure for locked pages.

By delaying the store until after the exception has been raised,
we will have unwound the pages locked for translation and the
problem does not arise.  There are plenty of other updates to
LowCore while delivering an interrupt/exception; trans_exc_code
does not need to be special.

Reviewed-by: Ilya Leoshkevich <iii@linux.ibm.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-31 12:19:13 -07:00
Helge Deller
38dd78c41e linux-user/armeb: Fix __kernel_cmpxchg() for armeb
Commit 7f4f0d9ea8 ("linux-user/arm: Implement __kernel_cmpxchg with host
atomics") switched to use qatomic_cmpxchg() to swap a word with the memory
content, but missed to endianess-swap the oldval and newval values when
emulating an armeb CPU, which expects words to be stored in big endian in
the guest memory.

The bug can be verified with qemu >= v7.0 on any little-endian host, when
starting the armeb binary of the upx program, which just hangs without
this patch.

Cc: qemu-stable@nongnu.org
Signed-off-by: Helge Deller <deller@gmx.de>
Reported-by: "Markus F.X.J. Oberhumer" <markus@oberhumer.com>
Reported-by: John Reiser <jreiser@BitWagon.com>
Closes: https://github.com/upx/upx/issues/687
Message-Id: <ZMQVnqY+F+5sTNFd@p100>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2023-07-31 12:19:13 -07:00