Commit Graph

85290 Commits

Author SHA1 Message Date
Philippe Mathieu-Daudé
39d5d1404e target/s390x/kvm: Simplify debug code
We already have the 'run' variable holding 'cs->kvm_run' value.

Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210303182219.1631042-3-philmd@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04 14:19:08 +01:00
Peter Maydell
fe352f5c00 ui/console: message surface tweaks.
ui/cocoa: bugfixes and cleanups.
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEEoDKM/7k6F6eZAf59TLbY7tPocTgFAmBAnCUACgkQTLbY7tPo
 cTj0dA//ZLetPdIEfGHmNMsGGw1/atXXWtyX3/W2WlNLgGda3lhRqcL0Zyqx0LV6
 b4uzPB65ySY/BkSuRlMorZ+GRyTiNWOc+6nieMFdFOPCC7XmNvbVSf+oDspLeuDy
 zfxqasEI6PUyLiA+HVjyD+VeI3QbQSGJ9WmkeZTR9Rwivh8koawXcndAjsGSED92
 W0piI+iXuWxbT+mny3IbZXGNLqQI0bdDUeJFnBxZeYD4TY9R937ZsV6FNmLgUlPD
 gPTZP0YsrKqhYPaOYYy2U1YYreR6Qxbdmdg7jyroX/n4n4CIUx3f8eDc7aCKhkkC
 kIPwukP748KznkJWHTqSM6fhtJPj27LE0vX0vH0bMM5FolMhKWEMRCV0UhT8Y6z+
 UqB3cRqB+r0vBMOaP+DyWyb8W4zWulPtdZr11KWv6x3Jv8+G5yC3ZUfuzpOUxHjT
 Q/l6tZmwnS/1ZXCuAyB/sZzzfiDlf7tv31QF2KrDeuvTdEb9oHqivkaxhJzbsUXD
 WkvoN858b+1jRCLCra2vjhNbKvEujlP2dlCpjOPUQFZ9pYx57WxcS7dNHZv2+nem
 +6m4RVeihZf8SZpaJQz2Xl3ZBecX8C2MMrsq3O+7TjWY4T45IltjXq31rMEBv3NQ
 F47AxY+P5RHzKb3Rq61HqXw+jvxNlslG0tPk/mz9pCgPE3efpQM=
 =TxNe
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/ui-20210304-pull-request' into staging

ui/console: message surface tweaks.
ui/cocoa: bugfixes and cleanups.

# gpg: Signature made Thu 04 Mar 2021 08:36:53 GMT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/ui-20210304-pull-request:
  virtio-gpu: Do not distinguish the primary console
  ui/console: Pass placeholder surface to displays
  ui/console: Add placeholder flag to message surface
  ui/cocoa: Replace fprintf with error_report
  configure: Improve OpenGL dependency detections
  ui/cocoa: Fix stride resolution of pixman image
  ui/gtk: vte: fix sending multiple characeters
  ui/cocoa: Remove the uses of full screen APIs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-04 12:58:50 +00:00
Peter Maydell
cb90ecf934 virtiofs minor security fix
Fix xattrmap to drop remapped security.capability capabilities.
 
 Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEERfXHG0oMt/uXep+pBRYzHrxb/ecFAmBAuD0ACgkQBRYzHrxb
 /edxcQ//avZY516ghAcUvnEaihk+87FUB/29Z5gjemqVjWuQbIO62jjsveTgB/QP
 GPBeTiFxZQIDGzF0XENYsoNJwMjlGwfHHniI46nHtZ1UN3wKjIbp2/ogytUvJrI4
 p0ntXjZ6F3IxFdSY6A3IKaEm6iSmPhJdHy409ZDiphJY8LUVezpEa/Oa6ZuUQTUE
 MsPo6KMSOikwFThE/yb4YGen0sLE4nK4uXYWRAMa4UeM9L5bGF4bwXiaeWZqAcNm
 y+VWgWuxonLH3RENHRBvtvoLXW5gtakAX4t1MfsNFEB5seoyiscBu5Ya3tX1wIbr
 xXxlJo0WFQtNy4veG30P/YfxcAQQbFpuTCJ6sz1dwgdcV8Ciq3vSOGqCI3q1gL2G
 GPPQtXLTXznGUWId9OkqBCcj4OQgbTCBDnD6Cp1f9QszDwe6xB2U82hMpniSqVbc
 /xAC72nObKRzdZKnX4NloFmKwM+x3oQe+7BiqROJhJmhN9bDRsl2dvZ0L38YR5gO
 ff6WROqUCdZ9yaMvNf3KdZkP+tagJxj/PVMBZYmG3R2wYnf1NbOl+mkX9Phb8i3t
 gcMCKTuORVeRphPAA48zMqhJnvHvqPKMVNnxsfzlOwFZIViu2PVT+MS4MPNIGM61
 Kiu9M97LXLWHlzBdTnO0Z8agFgYT+u8cDYNOyGrck/cbrAJKzug=
 =jN7p
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20210304' into staging

virtiofs minor security fix

Fix xattrmap to drop remapped security.capability capabilities.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>

# gpg: Signature made Thu 04 Mar 2021 10:36:45 GMT
# gpg:                using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A  9FA9 0516 331E BC5B FDE7

* remotes/dgilbert-gitlab/tags/pull-virtiofs-20210304:
  virtiofs: drop remapped security.capability xattr as needed

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-04 10:42:46 +00:00
Dr. David Alan Gilbert
e586edcb41 virtiofs: drop remapped security.capability xattr as needed
On Linux, the 'security.capability' xattr holds a set of
capabilities that can change when an executable is run, giving
a limited form of privilege escalation to those programs that
the writer of the file deemed worthy.

Any write causes the 'security.capability' xattr to be dropped,
stopping anyone from gaining privilege by modifying a blessed
file.

Fuse relies on the daemon to do this dropping, and in turn the
daemon relies on the host kernel to drop the xattr for it.  However,
with the addition of -o xattrmap, the xattr that the guest
stores its capabilities in is now not the same as the one that
the host kernel automatically clears.

Where the mapping changes 'security.capability', explicitly clear
the remapped name to preserve the same behaviour.

This bug is assigned CVE-2021-20263.

Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
2021-03-04 10:26:16 +00:00
Eric Farman
d6cd66311f vfio-ccw: Do not read region ret_code after write
A pwrite() call returns the number of bytes written (or -1 on error),
and vfio-ccw compares this number with the size of the region to
determine if an error had occurred or not.

If they are not equal, this is a failure and the errno is used to
determine exactly how things failed. An errno of zero is possible
(though unlikely) in this situation and would be translated to a
successful operation.

If they ARE equal, the ret_code field is read from the region to
determine how to proceed. While the kernel sets the ret_code field
as necessary, the region and thus this field is not "written back"
to the user. So the value can only be what it was initialized to,
which is zero.

So, let's convert an unexpected length with errno of zero to a
return code of -EFAULT, and explicitly set an expected length to
a return code of zero. This will be a little safer and clearer.

Suggested-by: Matthew Rosato <mjrosato@linux.ibm.com>
Signed-off-by: Eric Farman <farman@linux.ibm.com>
Message-Id: <20210303160739.2179378-1-farman@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04 11:24:49 +01:00
Pierre Morel
a54b8ac340 css: SCHIB measurement block origin must be aligned
The Measurement Block Origin inside the SCHIB is used when
Measurement Block format 1 is in used and must be aligned
on 64 bytes otherwise an operand exception is recognized
when issuing the Modify Sub CHannel (MSCH) instruction.

Signed-off-by: Pierre Morel <pmorel@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <1613741973-3711-2-git-send-email-pmorel@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04 11:23:35 +01:00
Cornelia Huck
151fcdfd62 virtio-ccw: commands on revision-less devices
The virtio standard specifies that any non-transitional device must
reject commands prior to revision setting (which we do). Devices
that are transitional need to assume revision 0 (legacy) if the
driver sends a non-revision-setting command first in order to
support legacy drivers. We neglected to do the latter.

Fortunately, nearly everything worked as intended anyway; the only
problem was not properly rejecting revision setting after some other
command had been issued. Easy to fix by setting revision to 0 if
we see a non-revision command on a legacy-capable revision-less
device.

Found by code inspection, not observed in the wild.

Signed-off-by: Cornelia Huck <cohuck@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210216111830.1087847-1-cohuck@redhat.com>
2021-03-04 11:23:35 +01:00
Matthew Rosato
403af209db s390x/pci: restore missing Query PCI Function CLP data
Some CLP response data was accidentally dropped when fixing endianness
issues with the Query PCI Function CLP response.  All of these values are
sent as 0s to the guest for emulated devices, so the impact is only
observed on passthrough devices.

Fixes: a4e2fff1b1 ("s390x/pci: fix endianness issues")
Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <1613681609-9349-1-git-send-email-mjrosato@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04 11:23:35 +01:00
Halil Pasic
24056cbfd5 hw/s390x: fix build for virtio-9p-ccw
Commit  2c44220d05 ("meson: convert hw/arch*"), which migrated the old
Makefile.objs to meson.build  accidentally excluded virtio-ccw-9p.c and
thus the virtio-9p-ccw device from the build (and potentially also
included the file virtio-ccw-blk.c twice in the source set). And since
CONFIG_VIRTFS can't be used the way it was used here (see commit
2c9dce0196 ("meson: do not use CONFIG_VIRTFS")), the preconditions have
to be written differently.

Let's fix this!

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Fixes: 2c44220d05 ("meson: convert hw/arch*")
Reported-by: Jakob Naucke <jakob.naucke@ibm.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210218034059.1096078-1-pasic@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04 11:23:35 +01:00
Thomas Huth
ea1b90b4fc target/s390x/arch_dump: Fix warning for the name field in the PT_NOTE section
There is a compiler warning with GCC 9.3 when compiling with
the -fsanitize=thread compiler flag:

 In function 'strncpy',
    inlined from 's390x_write_elf64_notes' at ../target/s390x/arch_dump.c:219:9:
 /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: error:
  '__builtin_strncpy' specified bound 8 equals destination size
  [-Werror=stringop-truncation]

Since the name should always be NUL-terminated, let's use g_strlcpy() to
silence this warning. And while we're at it, also add an assert() to make
sure that the provided names always fit the size field (which is fine for
the current callers, the function is called once with "CORE" and once with
"LINUX" as a name).

Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Christian Borntraeger <borntraeger@de.ibm.com>
Message-Id: <20210205093921.848260-1-thuth@redhat.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04 11:23:35 +01:00
Christian Borntraeger
0110253e69 s390x/cpu_model: disallow unpack for --only-migratable
Secure execution (aka protected virtualization) guests cannot be
migrated at the moment. If the unpack facility is provided in the cpu
model, a guest may choose to transition to secure mode, making the
guest unmigratable at that point in time. If the machine was explicitly
started with --only-migratable, we would get a failure only when the
guest actually tries to transition; instead, explicitly disallow the
unpack facility if --only-migratable was specified to avoid late
surprises.

Signed-off-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210125135332.181324-1-borntraeger@de.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2021-03-04 11:23:35 +01:00
Akihiko Odaki
ed8f3fe689 virtio-gpu: Do not distinguish the primary console
In the past, virtio-gpu set NULL as the surface for the secondary
consoles to hide its window. The distinction is now handled in
ui/console and the display backends and virtio-gpu does no longer
have to do that.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210225101316.83940-3-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04 09:35:36 +01:00
Akihiko Odaki
c821a58ee7 ui/console: Pass placeholder surface to displays
ui/console used to accept NULL as graphic console surface, but its
semantics was inconsistent among displays:
- cocoa and gtk-egl perform NULL dereference.
- egl-headless, spice and spice-egl do nothing.
- gtk releases underlying resources.
- sdl2-2d and sdl2-gl destroys the window.
- vnc shows a message, "Display output is not active."

Fortunately, only virtio-gpu and virtio-gpu-3d assign NULL so
we can study them to figure out the desired behavior. They assign
NULL *except* for the primary display when the device is realized,
reset, or its scanout is disabled. This effectively destroys
windows for the (uninitialized) secondary displays.

To implement the consistent behavior of display device
realization/reset, this change embeds it to the operation
switching the surface. When NULL was given as a new surface when
switching, ui/console will instead passes a placeholder down
to each display listeners.

sdl destroys the window for a secondary console if its surface is a
placeholder. The other displays simply shows the placeholder.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210225101316.83940-2-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04 09:35:36 +01:00
Akihiko Odaki
b5a087b071 ui/console: Add placeholder flag to message surface
The surfaces created with former qemu_create_message_surface
did not display the content from the guest and always contained
simple messages describing the reason.

A display backend may want to hide the window showing such a
surface. This change renames the function to
qemu_create_placeholder_surface, and adds "placeholder" flag; the
display can check the flag to decide to do anything special like
hiding the window.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210225101316.83940-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04 09:35:36 +01:00
Akihiko Odaki
4313739a57 ui/cocoa: Replace fprintf with error_report
Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210223131106.21166-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04 09:35:36 +01:00
Akihiko Odaki
bc6a3565c8 configure: Improve OpenGL dependency detections
This has the following visible changes:

- GBM is required only for OpenGL dma-buf.
- X11 is explicitly required by gtk-egl.
- EGL is now mandatory for the OpenGL displays.

The last one needs some detailed description. Before this change,
EGL was tested only for OpenGL dma-buf with the check of
EGL_MESA_image_dma_buf_export. However, all of the OpenGL
displays depend on EGL and EGL_MESA_image_dma_buf_export is always
defined by epoxy's EGL interface.
Therefore, it makes more sense to always check the presence of EGL
and say the OpenGL displays are available along with OpenGL dma-buf
if it is present.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210223060307.87736-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04 09:35:30 +01:00
Akihiko Odaki
d9c32b8f7f ui/cocoa: Fix stride resolution of pixman image
A display can receive an image which its stride is greater than its
width. In fact, when a guest requests virtio-gpu to scan out a
smaller part of an image, virtio-gpu passes it to a display as an
image which its width represents the one of the part and its stride
equals to the one of the whole image.

This change makes ui/cocoa to cover such cases.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210222144012.21486-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04 09:35:03 +01:00
Zack Marvel
8eb13bbbac ui/gtk: vte: fix sending multiple characeters
When using the GTK UI with libvte, multicharacter keystrokes are not
sent correctly (such as arrow keys). gd_vc_in should check the
CharBackend's can_receive instead of assuming multiple characters can be
received. This is not an issue for e.g. the SDL UI because
qemu_chr_be_write is called with len=1 for each character (SDL sends
more than once keystroke).

Modify gd_vc_in to call qemu_chr_be_write multiple times if necessary.

Buglink: https://bugs.launchpad.net/qemu/+bug/1407808

Signed-off-by: Zack Marvel <zpmarvel@gmail.com>
Message-Id: <20210221170613.13183-2-zpmarvel@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-04 09:34:55 +01:00
Peter Maydell
c40ae5a3ee pc,virtio,pci: bug fixes
Fixes all over the place. Specifically this fixes
 a bug which made windows guests lose device config
 (such as the configured fixed IP) after upgrading
 to the new QEMU.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmA+SYcPHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpUAAIALa9WkjdxjZhb4FzP1OLBSTEISLEfrPE4Zk/
 s5yY1wEDvH83D6fxTHv1B8tISwJ3RJn8ZhsP0c0Mb6stT7D33m7YfMFtNXBEfENX
 gMgwdC2QxGMZXKGR+dIpxtYghjvuzAVN+e9w27C+s855JJ8y+chghtLuDJIbqpAk
 QopftjiZix2bPYmrxlVw/A7inXL2jseJyYsgGAzIACmsGC70jK4Rk1vxrAF+2n15
 D4qKOG3QLJXrfIVa8iDz/ojlVUmLWl8jnoE+oY+rjtckQHJKqodlJi5yeJxGEa3/
 G7db+AIzEBge78dq7LBSJOTjoUFoQ+6Hv1QtKk2GcMKdEnsj0ng=
 =NGys
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,virtio,pci: bug fixes

Fixes all over the place. Specifically this fixes
a bug which made windows guests lose device config
(such as the configured fixed IP) after upgrading
to the new QEMU.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 02 Mar 2021 14:19:51 GMT
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  vhost: simplify vhost_dev_init() fail_busyloop label
  hw/pci: Have safer pcie_bus_realize() by checking error path
  virtio-net: handle zero mac for a vdpa peer
  i386/acpi: restore device paths for pre-5.1 vms

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-03 16:55:15 +00:00
Akihiko Odaki
1e8b6f2b49 ui/cocoa: Remove the uses of full screen APIs
The detections of [NSView -enterFullScreen:] and
[NSView -exitFullScreen:] were wrong. A detection is coded as:
[NSView respondsToSelector:@selector(exitFullScreenModeWithOptions:)]
but it should be:
[NSView instancesRespondToSelector:@selector(exitFullScreenModeWithOptions:)]

Because of those APIs were not detected, ui/cocoa always falled
back to a borderless window whose frame matches the screen to
implement fullscreen behavior.

The code using [NSView -enterFullScreen:] and
[NSView -exitFullScreen:] will be used if you fix the detections,
but its behavior is undesirable; the full screen view stretches
the video, changing the aspect ratio, even if zooming is disabled.

This change removes the code as it does nothing good.

Signed-off-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Message-Id: <20210220013138.51437-1-akihiko.odaki@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-03-03 08:47:42 +01:00
Peter Maydell
07dbfdd290 * fix --enable-fuzzing linker failures (Alexander)
* target/i386: Add bus lock debug exception support (Chenyi)
 * update documentation for preferred boolean option syntax (Daniel)
 * make SCSI io_timeout configurable (Hannes)
 * fix handling of guest recoverable SCSI errors (myself)
 * misc fixes (Pavel, Zheng Zhan Liang, Zihao)
 * fix installation of binaries with entitlements (Akihiko)
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmA3tzQUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroMsngf+OkbgTDouxq3qnn1K89n6j2wKlAj0
 qPP+57o1sv5u5MjX0BkawXCMJfvTKJaOt/Cs8S0FaPTehfR5H0T2tL76KZBEdlEP
 /+V3EC0Qmd1S47LKIOuDkV15szvnccyjpgwaL7Osjb0Eh0SxeXd4pBTc3yYtkacu
 zb/srZ63U2iJZr93QwGmEJjuW57WNym6QWXF3Mrg9PFXybkXFTGumB2vZMlQc+MN
 RWPTUKZKAiIr/HfdvpIETXY+HzJhylvIQ8OVWtM3XDorl48OWcOat/jyeNEVYgG3
 o+gxIRnfvIL+42GkmUFbOKLzT5SV6p9EYYGLTuE1kU7nc6HWoD0CdPxA3A==
 =UBVO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* fix --enable-fuzzing linker failures (Alexander)
* target/i386: Add bus lock debug exception support (Chenyi)
* update documentation for preferred boolean option syntax (Daniel)
* make SCSI io_timeout configurable (Hannes)
* fix handling of guest recoverable SCSI errors (myself)
* misc fixes (Pavel, Zheng Zhan Liang, Zihao)
* fix installation of binaries with entitlements (Akihiko)

# gpg: Signature made Thu 25 Feb 2021 14:41:56 GMT
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream: (29 commits)
  tcg/i386: rdpmc: fix the the condtions
  chardev: do not use short form boolean options in non-QemuOpts character device descriptions
  vl: deprecate -writeconfig
  target/i386: Add bus lock debug exception support
  qom/object.c: Fix typo
  target/i386: update to show preferred boolean syntax for -cpu
  docs: update to show preferred boolean syntax for -cpu
  docs: update to show preferred boolean syntax for -vnc
  docs: update to show preferred boolean syntax for -chardev
  qemu-options: update to show preferred boolean syntax for -vnc
  qemu-options: update to show preferred boolean syntax for -incoming
  qemu-options: update to show preferred boolean syntax for -netdev
  qemu-options: update to show preferred boolean syntax for -spice
  qemu-options: update to show preferred boolean syntax for -chardev
  gdbstub: use preferred boolean option syntax
  char: don't fail when client is not connected
  scsi: drop 'result' argument from command_complete callback
  scsi-disk: pass guest recoverable errors through even for rerror=stop
  scsi-disk: pass SCSI status to scsi_handle_rw_error
  scsi: introduce scsi_sense_from_errno()
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-02 15:17:45 +00:00
Stefan Hajnoczi
1d8d014e93 vhost: simplify vhost_dev_init() fail_busyloop label
Requiring a conditional for every goto is tedious:

  if (busyloop_timeout) {
      goto fail_busyloop;
  } else {
      goto fail;
  }

Move the conditional to into the fail_busyloop label so that it's safe
to jump to this label unconditionally.

This change makes the migrate_add_blocker() error case more consistent.
It jumped to fail_busyloop unconditionally whereas the memslots limits
error case was conditional.

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210222114931.272308-1-stefanha@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-03-02 09:16:18 -05:00
Philippe Mathieu-Daudé
b52fa0ea45 hw/pci: Have safer pcie_bus_realize() by checking error path
While pci_bus_realize() currently does not use the Error* argument,
it would be an error to leave pcie_bus_realize() setting bus->flags
if pci_bus_realize() had failed.

Fix by using a local Error* and return early (propagating the error)
if pci_bus_realize() failed.

Reported-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210201153700.618946-1-philmd@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-03-02 09:16:18 -05:00
Cindy Lu
fb59288239 virtio-net: handle zero mac for a vdpa peer
Some mlx vdpa devices with kernels at least up to 5.11 currently present
0 as their MAC address.  This is because they have not been
  pre-configured with a MAC: they have a learning bridge and only learn
the MAC once guest is up.  Kernel patches and tools to allow programming
the MAC from host are being developed. For now - since these
combinations exist in the field - let's detect zero mac and just try to
proceed with the mac from the qemu command line.

This makes the guest use this MAC to send packets in turn teaching
the MAC to the card, and things work.

TODO:
report the actual MAC from QEMU commad line in the info message.
TODO:
detect that a (non-zero) hardware MAC does not match QEMU command line
and fail init.

Signed-off-by: Cindy Lu <lulu@redhat.com>
Message-Id: <20210225165506.18321-2-lulu@redhat.com>

mst: rewritten code comments, message printed and the commit log.

Cc: Eli Cohen <elic@nvidia.com>
Cc: Parav Pandit <parav@nvidia.com>
Tested-by: Adrian Moreno <amorenoz@redhat.com>
Tested-by: Sean Mooney <smooney@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-03-02 06:09:54 -05:00
Vitaly Cheptsov
0a343a5add i386/acpi: restore device paths for pre-5.1 vms
After fixing the _UID value for the primary PCI root bridge in
af1b80ae it was discovered that this change updates Windows
configuration in an incompatible way causing network configuration
failure unless DHCP is used. More details provided on the list:

https://lists.gnu.org/archive/html/qemu-devel/2021-02/msg08484.html

This change reverts the _UID update from 1 to 0 for q35 and i440fx
VMs before version 5.2 to maintain the original behaviour when
upgrading.

Cc: qemu-stable@nongnu.org
Cc: qemu-devel@nongnu.org
Reported-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Suggested-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Vitaly Cheptsov <cheptsov@ispras.ru>
Message-Id: <20210301195919.9333-1-cheptsov@ispras.ru>
Tested-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Fixes: af1b80ae56 ("i386/acpi: fix inconsistent QEMU/OVMF device paths")
2021-03-02 05:40:35 -05:00
Peter Maydell
cbcf09872a Testing tweaks (build, docs, bumps)
- expose cross compiler info in meson pretty print
   - bump Fedora to 33
   - "graceful" handling of missing virgl config
   - updates to the container documentation
   - move CODING_STYLE.rst into developer manual
 -----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmA2M5MACgkQ+9DbCVqe
 KkT3FAf/VqJMFin2ON8GxD/0OvaPhX2zOMrPzzUioMcHZKTW2AFytY0y4JPp7bcg
 rCqbHHa2escODQk0p1Wf5VvNYSjC9Q2PA0tmGXIZPYt+8Xf2N5l9Ub3woDBO6uKD
 cEY590wWzrcLoaSEyTcqEUKFD5Ce9PO/WAf/dlZgYr3Mo1flX17wBNvrMi4iQrld
 mLajqx3x4vonnda4nrAiz7fD/CLwE/50+21+0xN2vY3YA7EjRp8UfkUBIwe+Fubn
 iu0FmGgHn7coNSHSD8sfYKHeuo/fMJl6jKiWJdFC7343WdAQtsnYF7Uhml+T6X7i
 cm8yHCaBnbpHEw0x7kTsxfP/1ixYVw==
 =hyyV
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/stsquad/tags/pull-testing-updates-240221-1' into staging

Testing tweaks (build, docs, bumps)

  - expose cross compiler info in meson pretty print
  - bump Fedora to 33
  - "graceful" handling of missing virgl config
  - updates to the container documentation
  - move CODING_STYLE.rst into developer manual

# gpg: Signature made Wed 24 Feb 2021 11:08:03 GMT
# gpg:                using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8  DF35 FBD0 DB09 5A9E 2A44

* remotes/stsquad/tags/pull-testing-updates-240221-1:
  docs: move CODING_STYLE into the developer documentation
  docs/devel: add forward reference to check-tcg
  docs/devel: update the container based tests
  docs/devel: expand on use of containers to build tests
  tests/acceptance: allow a "graceful" failing for virtio-gpu test
  docker: Bump Fedora images to release 33
  meson.build: expose TCG cross compiler information in summary

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-25 19:07:58 +00:00
Zheng Zhan Liang
c45b426acd tcg/i386: rdpmc: fix the the condtions
Signed-off-by: Zheng Zhan Liang <linuxmaker@163.com>
Message-Id: <20210225054756.35962-1-linuxmaker@163.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 15:41:53 +01:00
Paolo Bonzini
9d902d5115 chardev: do not use short form boolean options in non-QemuOpts character device descriptions
Options such as "-gdb" or "-serial" accept a part-QemuOpts part-parsed-by-hand
character device description.  Do not use short form boolean options in the
QemuOpts part.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 15:41:53 +01:00
Paolo Bonzini
b979c93121 vl: deprecate -writeconfig
The functionality of -writeconfig is limited and the code
does not even try to detect cases where it prints incorrect
syntax (for example if values have a quote in them, since
qemu_config_parse does not support any kind of escaping)
so remove it.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 15:41:50 +01:00
Peter Maydell
51db2d7cf2 pc,virtio,pci: fixes, tests
Fixes all over the place, a new test.
 
 Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
 -----BEGIN PGP SIGNATURE-----
 
 iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmA1Jp0PHG1zdEByZWRo
 YXQuY29tAAoJECgfDbjSjVRpLBAH/iOdSXXEdBsz1sgstJfMouEWZGM1SzJBJF+X
 rU25zU083Se8CimHLQF5rpShGzxvi32KbHAKTiOgZSUsozb3/oErUhfQYqYWZozW
 oJyxET74S1tpoXEsPbw7w4uqo5/+B+W3Jwf7vlGtBS/m9TbSl++XwcUFDsmufarN
 DiEdkPdrc6mgKprfoR8qPOzjscoSTZSX7nSgK10mcwNWXbC8d/AUbz+iCiNChcsM
 zHY+0IyFvHmYke1rp0QzR8f1oupSfECipuMMHAK2d3BqcMcl09jKAES+TO+qwqo+
 XK09WIYZgc/65vEckmfc0uOy1UiTj12oX4pkJHS4Qz4cvy6hAi0=
 =Af1H
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,virtio,pci: fixes, tests

Fixes all over the place, a new test.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>

# gpg: Signature made Tue 23 Feb 2021 16:00:29 GMT
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  qtest/acpi/bios-tables-test: update acpi tables
  acpi: add test case for -no-hpet
  i386: acpi: Don't build HPET ACPI entry if HPET is disabled
  hw/i386: declare ACPI mother board resource for MMCONFIG region
  acpi: add test case for smm unsupported -machine smm=off
  acpi: set fadt.smi_cmd to zero when SMM is not supported
  acpi/core: always set SCI_EN when SMM isn't supported
  ich9, piix4: add property, smm-compat, to keep compatibility of SMM
  qtest: update tests/qtest/bios-tables-test-allowed-diff.h
  checkpatch: don't emit warning on newly created acpi data files
  tests/data/acpi/virt/DSDT.pxb: update with _CCA
  acpi/gpex: Fix cca attribute check for pxb device
  acpi: Allow pxb DSDT acpi table changes
  pcie: don't set link state active if the slot is empty
  failover: really display a warning when the primary device is not found
  virtio-net: add missing object_unref()
  pci: cleanup failover sanity check

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-02-25 14:02:16 +00:00
Chenyi Qiang
06e878b413 target/i386: Add bus lock debug exception support
Bus lock debug exception is a feature that can notify the kernel by
generate an #DB trap after the instruction acquires a bus lock when
CPL>0. This allows the kernel to enforce user application throttling or
mitigations.

This feature is enumerated via CPUID.(EAX=7,ECX=0).ECX[bit 24].

Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Message-Id: <20210202090224.13274-1-chenyi.qiang@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Doug Evans
3a2e982d47 qom/object.c: Fix typo
A simple typo (noticed by inspection).

Signed-off-by: Doug Evans <dje@google.com>
Message-Id: <000000000000530c7105bb191b33@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Signed-off-by: Doug Evans <dje@google.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
b7d77f5a8e target/i386: update to show preferred boolean syntax for -cpu
The preferred syntax is to use "foo=on|off", rather than a bare
"+foo" or "-foo"

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-11-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
1bd39ea911 docs: update to show preferred boolean syntax for -cpu
The preferred syntax is to use "foo=on|off", rather than a bare
"+foo" or "-foo"

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-10-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
f3f8ce670a docs: update to show preferred boolean syntax for -vnc
The preferred syntax is to use "foo=on|off", rather than a bare
"foo" or "nofoo".

The on|off syntax has been supported since -vnc switched to use
QemuOpts in commit 4db14629c3

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-9-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
c23874132b docs: update to show preferred boolean syntax for -chardev
The preferred syntax is to use "foo=on|off", rather than a bare
"foo" or "nofoo".

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-8-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
82a17d1d67 qemu-options: update to show preferred boolean syntax for -vnc
The preferred syntax is to use "foo=on|off", rather than a bare
"foo" or "nofoo".

The on|off syntax has been supported since -vnc switched to use
QemuOpts in commit 4db14629c3

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-7-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
bf24095ff5 qemu-options: update to show preferred boolean syntax for -incoming
The preferred syntax is to use "foo=on|off", rather than a bare
"foo" or "nofoo".

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-6-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
8b0dc24651 qemu-options: update to show preferred boolean syntax for -netdev
The preferred syntax is to use "foo=on|off", rather than a bare
"foo" or "nofoo".

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-5-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
a9daa36a52 qemu-options: update to show preferred boolean syntax for -spice
The preferred syntax is to use "foo=on|off", rather than a bare
"foo" or "nofoo".

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-4-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
bfdc126768 qemu-options: update to show preferred boolean syntax for -chardev
The preferred syntax is to use "foo=on|off", rather than a bare
"foo" or "nofoo".

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-3-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Daniel P. Berrangé
87c9991a0c gdbstub: use preferred boolean option syntax
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-2-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Pavel Dovgalyuk
6585b16278 char: don't fail when client is not connected
This patch checks that ioc is not null before
using it in tcp socket tcp_chr_add_watch function.

The failure occurs in replay mode of the execution,
when monitor and serial port are tcp servers,
and there are no clients connected to them:

-monitor tcp:127.0.0.1:8081,server,nowait
-serial tcp:127.0.0.1:8082,server,nowait

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <161284977034.741841.12565530923825663110.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:33 +01:00
Hannes Reinecke
17ea26c2d8 scsi: drop 'result' argument from command_complete callback
The command complete callback has a SCSIRequest as the first argument,
and the status field of that structure is identical to the 'status'
argument. So drop the argument from the callback.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Message-Id: <20201116184041.60465-3-hare@suse.de>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:32 +01:00
Paolo Bonzini
782a78c9e9 scsi-disk: pass guest recoverable errors through even for rerror=stop
Right now, recoverable sense values are only passed directly to the
guest only for rerror=report.  However, when rerror/werror are 'stop'
we still don't want the host to be involved on every UNIT ATTENTION
(especially considered that the QMP event will not have enough information
to act on the report).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:32 +01:00
Paolo Bonzini
f63c68bc0f scsi-disk: pass SCSI status to scsi_handle_rw_error
Instead of fishing it from *r->status, just pass the SCSI status
as a positive value of the second parameter and an errno as a
negative value.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:32 +01:00
Paolo Bonzini
d7a84021db scsi: introduce scsi_sense_from_errno()
The new function is an extension of the switch statement in scsi-disk.c
which also includes the errno cases only found in sg_io_sense_from_errno.
This allows us to consolidate the errno handling.

Extracted from a patch by Hannes Reinecke <hare@suse.de>.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:32 +01:00
Paolo Bonzini
424740def9 scsi-disk: do not complete requests early for rerror/werror=ignore
When requested to ignore errors, just do nothing and let the
request complete normally.  This means that the request will
be accounted correctly.

This is what commit 40dce4ee61 ("scsi-disk: fix rerror/werror=ignore",
2018-10-19) was supposed to do:

Fixes: 40dce4ee61 ("scsi-disk: fix rerror/werror=ignore", 2018-10-19)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:32 +01:00
Paolo Bonzini
f95f61c2c9 scsi-disk: move scsi_handle_rw_error earlier
Remove the forward declaration.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:32 +01:00
Maxim Levitsky
6f1a5c37db virtio-scsi: don't process IO on fenced dataplane
If virtio_scsi_dataplane_start fails, there is a small window when it drops the
aio lock (in aio_wait_bh_oneshot) and the dataplane's AIO handler can
still run during that window.

This is done after the dataplane was marked as fenced, thus we use this flag
to avoid it doing any IO.

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20201217150040.906961-2-mlevitsk@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-02-25 14:14:32 +01:00