Commit Graph

89528 Commits

Author SHA1 Message Date
Kevin Wolf
87ab880252 block: Fix in_flight leak in request padding error path
When bdrv_pad_request() fails in bdrv_co_preadv_part(), bs->in_flight
has been increased, but is never decreased again. This leads to a hang
when trying to drain the block node.

This bug was observed with Windows guests which issue a request that
fully uses IOV_MAX during installation, so that when padding is
necessary (O_DIRECT with a 4k sector size block device on the host),
adding another entry causes failure.

Call bdrv_dec_in_flight() to fix this. There is a larger problem to
solve here because this request shouldn't even fail, but Windows doesn't
seem to care and with this minimal fix the installation succeeds. So
given that we're already in freeze, let's take this minimal fix for 6.1.

Fixes: 98ca45494f
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1972079
Reported-by: Qing Wang <qinwang@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210727154923.91067-1-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-08-03 15:43:30 +02:00
Jonathan Albrecht
50e36dd616 tests/tcg: Test that compare-and-trap raises SIGFPE
Signed-off-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com>
Message-Id: <20210709160459.4962-3-jonathan.albrecht@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:38 +02:00
Jonathan Albrecht
ccb5f2708f linux-user/s390x: signal with SIGFPE on compare-and-trap
Currently when a compare-and-trap instruction is executed, qemu will
always raise a SIGILL signal. On real hardware, a SIGFPE is raised.

Change the PGM_DATA case in cpu_loop to follow the behavior in
linux kernel /arch/s390/kernel/traps.c.
 * Only raise SIGILL if DXC == 0
 * If DXC matches a non-simulated IEEE exception, raise SIGFPE with
   correct si_code
 * Raise SIGFPE with si_code == 0 for everything else

When applied on 20210705210434.45824-2-iii@linux.ibm.com, this fixes
crashes in the java jdk such as the linked bug.

Signed-off-by: Jonathan Albrecht <jonathan.albrecht@linux.vnet.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Buglink: https://bugs.launchpad.net/qemu/+bug/1920913
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/319
Message-Id: <20210709160459.4962-2-jonathan.albrecht@linux.vnet.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:38 +02:00
Ilya Leoshkevich
54ba2161d8 target/s390x: Fix SIGILL and SIGFPE psw.addr reporting
For SIGILL, SIGFPE and SIGTRAP the PSW must point after the
instruction, and at the instruction for other signals. Currently under
qemu-user for SIGFILL and SIGFPE it points at the instruction.

Fix by advancing psw.addr for these signals.

Co-developed-by: Ulrich Weigand <ulrich.weigand@de.ibm.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/319
Message-Id: <20210705210434.45824-2-iii@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-08-03 15:17:32 +02:00
Marc-André Lureau
43f547b73d Update libslirp to v4.6.1
Switch from stable-4.2 branch to upstream v4.6.1 release + fixes.

## [Unreleased]

### Fixed

 - Haiku fixes. !98 !99
 - Fix a minor DHCP regression introduced in 4.6.0. !97

## [4.6.1] - 2021-06-18

### Fixed

 - Fix DHCP regression introduced in 4.6.0. !95

## [4.6.0] - 2021-06-14

### Added

 - mbuf: Add debugging helpers for allocation. !90

### Changed

 -  Revert "Set macOS deployment target to macOS 10.4". !93

### Fixed

 - mtod()-related buffer overflows (CVE-2021-3592 #44, CVE-2021-3593 #45,
   CVE-2021-3594 #47, CVE-2021-3595 #46).
 - poll_fd: add missing fd registration for UDP and ICMP
 - ncsi: make ncsi_calculate_checksum work with unaligned data. !89
 - Various typos and doc fixes. !88

## [4.5.0] - 2021-05-18

### Added

 - IPv6 forwarding. !62 !75 !77
 - slirp_neighbor_info() to dump the ARP/NDP tables. !71

### Changed

 - Lazy guest address resolution for IPv6. !81
 - Improve signal handling when spawning a child. !61
 - Set macOS deployment target to macOS 10.4. !72
 - slirp_add_hostfwd: Ensure all error paths set errno. !80
 - More API documentation.

### Fixed

 - Assertion failure on unspecified IPv6 address. !86
 - Disable polling for PRI on MacOS, fixing some closing streams issues. !73
 - Various memory leak fixes on fastq/batchq. !68
 - Memory leak on IPv6 fast-send. !67
 - Slow socket response on Windows. !64
 - Misc build and code cleanups. !60 !63 !76 !79 !84

## [4.4.0] - 2020-12-02

### Added

 - udp, udp6, icmp: handle TTL value. !48
 - Enable forwarding ICMP errors. !49
 - Add DNS resolving for iOS. !54

### Changed

 - Improve meson subproject() support. !53
 - Removed Makefile-based build system. !56

### Fixed

 - socket: consume empty packets. !55
 - check pkt_len before reading protocol header (CVE-2020-29129). !57
 - ip_stripoptions use memmove (fixes undefined behaviour). !47
 - various Coverity-related changes/fixes.

## [4.3.1] - 2020-07-08

### Changed

 - A silent truncation could occur in `slirp_fmt()`, which will now print a
   critical message. See also #22.

### Fixed

 - CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data leakage.
   See !44 and !42.
 - Fix win32 builds by using the SLIRP_PACKED definition.
 - Various coverity scan errors fixed. !41
 - Fix new GCC warnings. !43

## [4.3.0] - 2020-04-22

### Added

 - `SLIRP_VERSION_STRING` macro, with the git sha suffix when building from git
 - `SlirpConfig.disable_dns`, to disable DNS redirection #16

### Changed

 - `slirp_version_string()` now has the git sha suffix when building form git
 - Limit DNS redirection to port 53 #16

### Fixed

 - Fix build regression with mingw & NetBSD
 - Fix use-afte-free in `ip_reass()` (CVE-2020-1983)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Doug Evans <dje@google.com>
2021-08-03 16:07:22 +04:00
Michael Roth
e300858ed4 qga-win/msi: fix missing libstdc++-6 DLL in MSI installer
libstdc++ is required for the qga-vss.dll that provides fsfreeze
functionality. Currently it is not provided by the MSI installer,
resulting in fsfreeze being disabled in guest environments where it has
not been installed by other means.

In the future this would be better handled via gcc-cpp ComponentGroup
provided by msitools, but that would be better handled with a general
rework of DLL dependency handling in the installer build. Keep it
simple for now to fix this regression.

Tested with Fedora 34 mingw build environment.

Cc: Gerd Hoffmann <kraxel@redhat.com>
Cc: Kostiantyn Kostiuk <konstantin@daynix.com>
Cc: Marc-André Lureau <marcandre.lureau@redhat.com>
Cc: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-03 07:01:36 -05:00
Gerd Hoffmann
5f2a8b1fc1 qemu-ga/msi: fix w32 libgcc name
This is what I find on my Fedora 34 mingw install.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:20:01 -05:00
Kostiantyn Kostiuk
24328b7a83 qga-win: Free GMatchInfo properly
The g_regex_match function creates match_info even if it
returns FALSE. So we should always call g_match_info_free.
A better solution is using g_autoptr for match_info variable.

Signed-off-by: Kostiantyn Kostiuk <konstantin@daynix.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Basil Salman
ce72f11274 qga-win: Fix handle leak in ga_get_win_product_name()
In ga_get_win_product_name() a handle to Registry key was open but not
closed.

In this patch the handle is closed as part of the free routine.

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1929144

Signed-off-by: Basil Salman <basil@daynix.com>
Signed-off-by: Basil Salman <bsalman@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Basil Salman
02ac3f4b95 qga-win: Fix build_guest_fsinfo() close of nonexistent
On the current error path of build_guest_fsinfo(), a non existent handle
is passed to CloseHandle().

This patch adds initialization of hLocalDiskHandle to
INVALID_HANDLE_VALUE, and checks for handle validity before the handle
is closed.

Signed-off-by: Basil Salman <basil@daynix.com>
Signed-off-by: Basil Salman <basil@redhat.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Basil Salman
3d98f9b68d qga-win: Increase VSS freeze timeout to 60 secs instead of 10
Currently Requester freeze times out after 10 seconds, while
the default timeout for Writer Freeze is 60 seconds. according to
VSS Documentation [1].
[1]: https://docs.microsoft.com/en-us/windows/win32/vss/overview-of-processing-a-backup-under-vss

Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1909073

Signed-off-by: Basil Salman <bsalman@daynix.com>
Signed-off-by: Basil Salman <basil@daynix.com>
Signed-off-by: Michael Roth <michael.roth@amd.com>
2021-08-02 22:11:45 -05:00
Peter Maydell
7f1cab9c62 Fix for smp-opts in configuration file.
Update Coverity model to what's currently uploaded.
 -----BEGIN PGP SIGNATURE-----
 
 iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmEHw7EUHHBib256aW5p
 QHJlZGhhdC5jb20ACgkQv/vSX3jHroPIHwf+OOr857Wkn70dckPGG5MOejR+eATn
 WXdkb6J9mo953fhiEH3/7tgyAEwh3qHHxCKwJQdY5beTXu2h5fC2WyNadqTBi2ol
 PnT9T05beFAqyq0SsmMH/0hHNVOO/rPp2FjFce7+8FinW+oqvI9NVkJtjiBdReQw
 K8ychTJet0UxvQgL755ujT3CcB7q4W3fbPg/a86K14hQndRsjyHiqYb96oNOnHgo
 vkfI1kA0ljX2A59+nkUzQZwZ00P/6bpk/tXVgLcHWQQHUS+QLMHu+HdvdySeK5mt
 7fjEZnELF640YnIHtF8QKgXf1MS0wE4VGL9AmHjCV1zsm7JPiI8sdp2AzQ==
 =ScAY
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

Fix for smp-opts in configuration file.
Update Coverity model to what's currently uploaded.

# gpg: Signature made Mon 02 Aug 2021 11:06:41 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream:
  coverity-model: write models fully for non-array allocation functions
  coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL
  coverity-model: clean up the models for array allocation functions
  coverity-model: remove model for more allocation functions
  coverity-model: make g_free a synonym of free
  coverity-model: update address_space_read/write models
  vl: stop recording -smp in QemuOpts
  vl: introduce machine_merge_property

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-02 17:21:50 +01:00
Peter Maydell
526f1f3a5c target-arm queue:
* Add documentation of Arm 'mainstone', 'kzm', 'imx25-pdk' boards
  * MAINTAINERS: Don't list Andrzej Zaborowski for various components
  * docs: Remove stale TODO comments about license and version
  * docs: Move licence/copyright from HTML output to rST comments
  * docs: Format literal text correctly
  * hw/arm/boot: Report error if there is no fw_cfg device in the machine
  * docs: rSTify barrier.txt and bootindex.txt
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmEH3asZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3i1EEACwXfeHLiGtaSB9VpAHPLQq
 euUAhLO44aKyg2ZC6OmMhobyW5YtsWMgtMs0kEdcXLLpjzbVBvJOzLN2ZvaqbVRn
 bKT6JSE1ez5264LZHLSKwL7QzYiBjYe9ie1L1BT1bUzfyxuOVIZIQjbe71Wkd94f
 itcYg5cpqvd0mhXCh3aoSaFUGitEK1AV4Sp/rwVfM5CBTX832pwPFhtzItOqOxMG
 EOwNkw41qwPh7d06QNEYqICsRxwA9olAybbZJLd4hw/ilLYDPmMQtsD7nAqT47pw
 KFa+WvQNHytPn5VFM67W9s02DB25LeqThctL+pwRi1qeJGavEl0P+0Hh227WTzK5
 VMi9AnTvq+WjkKCUknS5/DukjueQXm6ltsQwXh9wC/ebvRUUg4AAmUNfxdVFFC0L
 Anp5Vq8KAY/MLudYggjeI6qwhKNU/6aDob3BdD+x7/vK1qZK5+cNF/JxzW08JYsI
 n6FR2nYZCowWgKEbnid8qVkaCQGCkOsMl7xwMmHPZkBMNFhD+3CoWRbb6t444E39
 shCsIUAfWlQxb8Xgql/KRHHTv86fuyQtCFA/QAN4a7Zc5bYld++UL8UKQIKDaLeT
 ++xGswoyALw3khJ+1jMLBRELojmUZPlWTkEqwK78KsxCpktQ6hJ6zyt0hKy4hlaQ
 SuRUnUCF4Fvbm+x3EHVnIw==
 =dwM4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210802' into staging

target-arm queue:
 * Add documentation of Arm 'mainstone', 'kzm', 'imx25-pdk' boards
 * MAINTAINERS: Don't list Andrzej Zaborowski for various components
 * docs: Remove stale TODO comments about license and version
 * docs: Move licence/copyright from HTML output to rST comments
 * docs: Format literal text correctly
 * hw/arm/boot: Report error if there is no fw_cfg device in the machine
 * docs: rSTify barrier.txt and bootindex.txt

# gpg: Signature made Mon 02 Aug 2021 12:57:31 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210802: (21 commits)
  docs: Move user-facing barrier docs into system manual
  ui/input-barrier: Move TODOs from barrier.txt to a comment
  docs: Move the protocol part of barrier.txt into interop
  docs: Move bootindex.txt into system section and rstify
  hw/arm/boot: Report error if there is no fw_cfg device in the machine
  docs/tools/virtiofsd.rst: Delete stray backtick
  docs/about/removed-features: Fix markup error
  docs: Format literals correctly
  docs/system/arm/cpu-features.rst: Format literals correctly
  docs/system/s390x/protvirt.rst: Format literals correctly
  docs/devel: Format literals correctly
  docs/devel/migration.rst: Format literals correctly
  docs/devel/ebpf_rss.rst: Format literals correctly
  docs/devel/build-system.rst: Correct typo in example code
  docs/devel/build-system.rst: Format literals correctly
  docs: Move licence/copyright from HTML output to rST comments
  docs: Remove stale TODO comments about license and version
  MAINTAINERS: Don't list Andrzej Zaborowski for various components
  docs: Add documentation of Arm 'imx25-pdk' board
  docs: Add documentation of Arm 'kzm' board
  ...

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-02 12:59:00 +01:00
Peter Maydell
4a64939db7 docs: Move user-facing barrier docs into system manual
The remaining text in docs/barrier.txt is user-facing description
of what the device is and how to use it. Move this into the
system manual and rstify it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210727204112.12579-4-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
399a04775e ui/input-barrier: Move TODOs from barrier.txt to a comment
docs/barrier.txt has a couple of TODO notes about things to be
implemented in this device; move them into a comment in the
source code.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210727204112.12579-3-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
6cb02f1522 docs: Move the protocol part of barrier.txt into interop
Most of docs/barrier.txt is describing the protocol implemented
by the input-barrier device. Move this into the interop
section of the manual, and rstify it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-id: 20210727204112.12579-2-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
bd77bc8b89 docs: Move bootindex.txt into system section and rstify
Move bootindex.txt into the system section of the manual and turn it
into rST format.  To make the document make more sense in the context
of the system manual, expand the title and introductory paragraphs to
give more context.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20210727194955.7764-1-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
dae257394a hw/arm/boot: Report error if there is no fw_cfg device in the machine
If the user provides both a BIOS/firmware image and also a guest
kernel filename, arm_setup_firmware_boot() will pass the
kernel image to the firmware via the fw_cfg device. However we
weren't checking whether there really was a fw_cfg device present,
and if there wasn't we would crash.

This crash can be provoked with a command line such as
 qemu-system-aarch64 -M raspi3 -kernel /dev/null -bios /dev/null -display none

It is currently only possible on the raspi3 machine, because unless
the machine sets info->firmware_loaded we won't call
arm_setup_firmware_boot(), and the only machines which set that are:
 * virt (has a fw-cfg device)
 * sbsa-ref (checks itself for kernel_filename && firmware_loaded)
 * raspi3 (crashes)

But this is an unfortunate beartrap to leave for future machine
model implementors, so we should handle this situation in boot.c.

Check in arm_setup_firmware_boot() whether the fw-cfg device exists
before trying to load files into it, and if it doesn't exist then
exit with a hopefully helpful error message.

Because we now handle this check in a machine-agnostic way, we
can remove the check from sbsa-ref.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/503
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210726163351.32086-1-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
4d6646c7de docs/tools/virtiofsd.rst: Delete stray backtick
The documentation of the posix_acl option has a stray backtick
at the end of the text (which is rendered literally into the HTML).
Delete it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20210726142338.31872-11-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
1662ea9f4b docs/about/removed-features: Fix markup error
The section describing the removed feature "-usbdevice ccid" had a
typo so the markup started with single backtick and ended with double
backtick; fix it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-10-peter.maydell@linaro.org
2021-08-02 12:55:51 +01:00
Peter Maydell
6df743dc31 docs: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

This commit fixes various places in the manual which were
using single backticks when double backticks (for literal text)
were intended, and covers those files where only one or two
instances of these errors were made.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2021-08-02 11:42:38 +01:00
Peter Maydell
8a48a7c2e0 docs/system/arm/cpu-features.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

To format a literal (generally rendered as fixed-width font),
double-backticks are required.

cpu-features.rst consistently uses single backticks when double backticks
are required; correct it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-8-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
9c372ecfec docs/system/s390x/protvirt.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

To format a literal (generally rendered as fixed-width font),
double-backticks are required.

protvirt.rst consistently uses single backticks when double backticks
are required; correct it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Cornelia Huck <cohuck@redhat.com>
Message-id: 20210726142338.31872-7-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
1e235edab8 docs/devel: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

Fix various places in the devel section of the manual which were
using single backticks when double backticks (for literal text)
were intended.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-6-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
4df3a7bf8f docs/devel/migration.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

To format a literal (generally rendered as fixed-width font),
double-backticks are required.

Mostly migration.rst gets this right, but some places incorrectly use
single backticks where double backticks were intended; correct them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-id: 20210726142338.31872-5-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
f0d7b970ac docs/devel/ebpf_rss.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

To format a literal (generally rendered as fixed-width font),
double-backticks are required.

ebpf_rss.rst gets this wrong in a few places; correct them.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-4-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
d463f3c79a docs/devel/build-system.rst: Correct typo in example code
One of the example meson.build fragments incorrectly quotes some
symbols as 'CONFIG_FOO`; the correct syntax here is 'CONFIG_FOO'.
(This isn't a rST formatting mistake because the example is displayed
literally; it's just the wrong kind of quote.)

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-id: 20210726142338.31872-3-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
35a4ca4031 docs/devel/build-system.rst: Format literals correctly
In rST markup, single backticks `like this` represent "interpreted
text", which can be handled as a bunch of different things if tagged
with a specific "role":
https://docutils.sourceforge.io/docs/ref/rst/restructuredtext.html#interpreted-text
(the most common one for us is "reference to a URL, which gets
hyperlinked").

The default "role" if none is specified is "title_reference",
intended for references to book or article titles, and it renders
into the HTML as <cite>...</cite> (usually comes out as italics).

build-system.rst seems to have been written under the mistaken
assumption that single-backticks mark up literal text (function
names, etc) which should be rendered in a fixed-width font.
The rST markup for this is ``double backticks``.

Update all the markup.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210726142338.31872-2-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
4e0b15c252 docs: Move licence/copyright from HTML output to rST comments
Our built HTML documentation now has a standard footer which
gives the license for QEMU (and its documentation as a whole).
In almost all pages, we either don't bother to state the
copyright/license for the individual rST sources, or we put
it in an rST comment. There are just three pages which render
copyright or license information into the user-visible HTML.

Quoting a specific (different) license for an individual HTML
page within the manual is confusing. Downgrade the license
and copyright info to a comment within the rST source, bringing
these pages in line with the rest of our documents.

Suggested-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-id: 20210722192016.24915-3-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
199a436305 docs: Remove stale TODO comments about license and version
Since commits 13f934e79f and 3a50c8f306, our HTML docs include a
footer to all pages stating the license and version.  We can
therefore delete the TODO comments suggesting we should do that from
our .rst files.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Cleber Rosa <crosa@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20210722192016.24915-2-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
7c6ef61a5c MAINTAINERS: Don't list Andrzej Zaborowski for various components
Andrzej Zaborowski is listed as an "Odd Fixes" maintainer for the
nSeries, Palm and PXA2XX boards, as well as the "Maintained" status
Arm 32-bit TCG backend.

Andrzej's last email to qemu-devel was back in 2017, and the email
before that was all the way back in 2013.  We don't really need to
fill his email up with CCs on QEMU patches any more...

Remove Andrzej from the various boards sections (leaving them still
Odd Fixes with me as the backup patch reviewer).  Add Richard
Henderson as the maintainer for the Arm TCG backend, since removing
Andrzej would otherwise leave that section with no M: line at all.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210722180951.29802-1-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
b1b3e3e3bf docs: Add documentation of Arm 'imx25-pdk' board
Add brief documentation of the Arm 'imx25-pdk' board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210722175229.29065-4-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
fa6c93944a docs: Add documentation of Arm 'kzm' board
Add brief documentation of the Arm 'kzm' board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210722175229.29065-3-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
c9543db4cc docs: Add documentation of Arm 'mainstone' board
Add brief documentation of the Arm 'mainstone' board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20210722175229.29065-2-peter.maydell@linaro.org
2021-08-02 11:42:38 +01:00
Peter Maydell
10a3c4a4b3 -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJhB3M3AAoJEO8Ells5jWIRFB0H/1U2ZTqIrIz41kU4twRdcj8z
 npX1cJvXtFRymh2Sp3flh4UWg6RtGn0rkKBbGeQjlvLLFHXm6HyTTfO0ZJ+5zyd3
 MRzkU8HU/GnDJ1eiYC+FwJr8cKcapdcANMd2YE2j29kifX4lO2NHfkIPVXjpR732
 qEDVm6kiM/XPid4fmpfLz1Lemibn7dwmIQuYtmuhxBQ+8H1uxhLtx1nz5pJcOQcs
 JOiNgeyJzH7vosI2zOB2JGtXr39JOJJ2IQjwH687sluOXc1DmkY9DsiN0gNSn+Fh
 sETodE56Zd3aTumQ+5+IImG5N4rpzgyjA5FRFLmS0dmtiMrulNLaE5w3zzlbgXI=
 =xI/1
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Mon 02 Aug 2021 05:23:19 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  hw/net: e1000e: Don't zero out the VLAN tag in the legacy RX descriptor
  hw/net: e1000e: Correct the initial value of VET register
  hw/net: e1000: Correct the initial value of VET register
  hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes
  hw/net/vmxnet3: Do not abort QEMU if guest specified bad queue numbers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-08-02 09:47:07 +01:00
Christina Wang
cfe6d6841f hw/net: e1000e: Don't zero out the VLAN tag in the legacy RX descriptor
In the legacy RX descriptor mode, VLAN tag was saved to d->special
by e1000e_build_rx_metadata() in e1000e_write_lgcy_rx_descr(), but
it was then zeroed out again at the end of the call, which is wrong.

Fixes: c89d416a2b ("e1000e: Don't zero out buffer address in rx descriptor")
Reported-by: Markus Carlstedt <markus.carlstedt@windriver.com>
Signed-off-by: Christina Wang <christina.wang@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-08-02 12:19:18 +08:00
Christina Wang
d897056960 hw/net: e1000e: Correct the initial value of VET register
The initial value of VLAN Ether Type (VET) register is 0x8100, as per
the manual and real hardware.

While Linux e1000e driver always writes VET register to 0x8100, it is
not always the case for everyone. Drivers relying on the reset value
of VET won't be able to transmit and receive VLAN frames in QEMU.

Unlike e1000 in QEMU, e1000e uses a field 'vet' in "struct E1000Core"
to cache the value of VET register, but the cache only gets updated
when VET register is written. To always get a consistent VET value
no matter VET is written or remains its reset value, drop the 'vet'
field and use 'core->mac[VET]' directly.

Reported-by: Markus Carlstedt <markus.carlstedt@windriver.com>
Signed-off-by: Christina Wang <christina.wang@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-08-02 12:19:18 +08:00
Christina Wang
a1d7e475be hw/net: e1000: Correct the initial value of VET register
The initial value of VLAN Ether Type (VET) register is 0x8100, as per
the manual and real hardware.

While Linux e1000 driver always writes VET register to 0x8100, it is
not always the case for everyone. Drivers relying on the reset value
of VET won't be able to transmit and receive VLAN frames in QEMU.

Reported-by: Markus Carlstedt <markus.carlstedt@windriver.com>
Signed-off-by: Christina Wang <christina.wang@windriver.com>
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-08-02 12:19:18 +08:00
Pavel Pisa
11744862f2 hw/net/can: sja1000 fix buff2frame_bas and buff2frame_pel when dlc is out of std CAN 8 bytes
Problem reported by openEuler fuzz-sig group.

The buff2frame_bas function (hw\net\can\can_sja1000.c)
infoleak(qemu5.x~qemu6.x) or stack-overflow(qemu 4.x).

Reported-by: Qiang Ning <ningqiang1@huawei.com>
Cc: qemu-stable@nongnu.org
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Pavel Pisa <pisa@cmp.felk.cvut.cz>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-08-02 12:19:18 +08:00
Thomas Huth
9010b0c7a9 hw/net/vmxnet3: Do not abort QEMU if guest specified bad queue numbers
QEMU should never terminate unexpectedly just because the guest is
doing something wrong like specifying wrong queue numbers. Let's
simply refuse to set the device active in this case.

Buglink: https://bugs.launchpad.net/qemu/+bug/1890160
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-08-02 12:19:18 +08:00
Peter Maydell
0c633cf0c2 Fix double bswap in 16-byte atomic store
Mark nios2 raise_exception noreturn
 -----BEGIN PGP SIGNATURE-----
 
 iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmEEQ+wdHHJpY2hhcmQu
 aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+rcAf/UQDtjvdLvyeytQTI
 1fhb6SFM4oSAyHQ2keSQR5tpCRY1kzBhiIxzDQ1hwffMxsZ6cTxDlXPdxlfAl/zs
 qeKQ0UI9QlQWzC9q5FI/qCaGtcEjkiXdWTab9w82Es3PSNKU38e438ZirPzejHRr
 yqj4JfVFTW4YEXEWFqL8cwOOUYrHCIcdzsJ4Qu0M1e1IYjUGma9yZaG65vYbheEZ
 CxTaQibeYia7nrTOaJIc5U2ZH8jLgOgbI4bn5uKIgoqODVLyhkTN2Wxmqz9Z3bx9
 6uk+fnaHiHc3r0ri4XNvuSfuMbFsprKYokUHXa91UvYt2cVtHuD8VCnlhmx95tbj
 2nokQg==
 =rbz2
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210730' into staging

Fix double bswap in 16-byte atomic store
Mark nios2 raise_exception noreturn

# gpg: Signature made Fri 30 Jul 2021 19:24:44 BST
# gpg:                using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg:                issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A  05C0 64DF 38E8 AF7E 215F

* remotes/rth-gitlab/tags/pull-tcg-20210730:
  target/nios2: Mark raise_exception() as noreturn
  accel/tcg: Remove double bswap for helper_atomic_sto_*_mmu

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-07-31 21:29:57 +01:00
Philippe Mathieu-Daudé
236f6709ae target/nios2: Mark raise_exception() as noreturn
Raised exceptions don't return, so mark the helper with noreturn.

Fixes: 032c76bc6f ("nios2: Add architecture emulation support")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210729101315.2318714-1-f4bug@amsat.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-30 08:23:12 -10:00
Richard Henderson
7039e1f604 accel/tcg: Remove double bswap for helper_atomic_sto_*_mmu
This crept in as either a cut-and-paste error, or rebase error.

Fixes: cfec388518 ("atomic_template: add inline trace/plugin helpers")
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210729004647.282017-24-richard.henderson@linaro.org>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-07-30 08:23:12 -10:00
Paolo Bonzini
e17bdaab2b coverity-model: write models fully for non-array allocation functions
Coverity seems to have issues figuring out the properties of g_malloc0
and other non *_n functions.  While this was "fixed" by removing the
custom second argument to __coverity_mark_as_afm_allocated__, inline
the code from the array-based allocation functions to avoid future
issues.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30 12:04:01 +02:00
Paolo Bonzini
0da41187df coverity-model: constrain g_malloc/g_malloc0/g_realloc as never returning NULL
g_malloc/g_malloc0/g_realloc only return NULL if the size is 0; we do not need
to cover that in the model, and so far have expected __coverity_alloc__
to model a non-NULL return value.  But that apparently does not work
anymore, so add some extra conditionals that invoke __coverity_panic__
for NULL pointers.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30 12:04:01 +02:00
Paolo Bonzini
05ad6857a5 coverity-model: clean up the models for array allocation functions
sz is only used in one place, so replace it with nmemb * size in
that one place.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30 12:04:01 +02:00
Paolo Bonzini
96915d638c coverity-model: remove model for more allocation functions
These models are not needed anymore now that Coverity does not check
anymore that the result is used with "g_free".  Coverity understands
GCC attributes and uses them to detect leaks.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30 12:04:01 +02:00
Paolo Bonzini
243a545bff coverity-model: make g_free a synonym of free
Recently, Coverity has started complaining about using g_free() to free
memory areas allocated by GLib functions not included in model.c,
such as g_strfreev.  This unfortunately goes against the GLib
documentation, which suggests that g_malloc() should be matched
with g_free() and plain malloc() with free(); since GLib 2.46 however
g_malloc() is hardcoded to always use the system malloc implementation,
and g_free is just "free" plus a tracepoint.  Therefore, this
should not cause any problem in practice.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30 12:04:01 +02:00
Paolo Bonzini
d4b3d152ee coverity-model: update address_space_read/write models
Use void * for consistency with the actual function; provide a model
for MemoryRegionCache functions and for address_space_rw.  These
let Coverity understand the bounds of the data that various functions
read and write even at very high levels of inlining (e.g. pci_dma_read).

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30 12:04:01 +02:00
Paolo Bonzini
e4383ca240 vl: stop recording -smp in QemuOpts
-readconfig is still recording SMP options in QemuOpts instead of
using machine_opts_dict.  This means that SMP options from -readconfig
are ignored.

Just stop using QemuOpts for -smp, making it return false for
is_qemuopts_group.  Configuration files will merge the values in
machine_opts_dict using the new function machine_merge_property.

At the same time, fix -mem-prealloc which looked at QemuOpts to find the
number of guest CPUs, which it used as the default number of preallocation
threads.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-07-30 12:04:01 +02:00