Commit Graph

98557 Commits

Author SHA1 Message Date
Michael Brown
a89003780d usbnet: Add missing usb_wakeup() call in usbnet_receive()
usbnet_receive() does not currently wake up the USB endpoint, leading
to a dead RX datapath when used with a host controller such as xHCI
that relies on being woken up.

Fix by adding a call to usb_wakeup() at the end of usbnet_receive().

Signed-off-by: Michael Brown <mcb30@ipxe.org>
Message-Id: <20220906183053.3625472-2-mcb30@ipxe.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Qiang Liu
145cdaba0f hcd-xhci: drop operation with secondary stream arrays enabled
The abort() in xhci_find_stream() can be triggered via enabling the secondary
stream arrays by setting linear stream array (LSA) bit (in endpoint context) to
0. We may show warnings and drop this operation.

Fixes: 024426acc0 ("usb-xhci: usb3 streams")
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1192
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220904125926.2141607-1-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Gerd Hoffmann
12b69878fc usb/msd: add usb_msd_fatal_error() and fix guest-triggerable assert
Add handler for fatal errors.  Moves device into error state where it
stops responding until the guest resets it.

Guest can send illegal requests where scsi command and usb packet
transfer directions are inconsistent.  Use the new usb_msd_fatal_error()
function instead of assert() in that case.

Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220830063827.813053-3-kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Gerd Hoffmann
cea5aa8569 usb/msd: move usb_msd_packet_complete()
Change ordering to avoid adding forward declarations in
following patches.  Fix comment code style while being
at it.  No functional change.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20220830063827.813053-2-kraxel@redhat.com>
2022-09-27 07:32:30 +02:00
Yang Liu
a3ab69f9f6 target/riscv: rvv-1.0: vf[w]redsum distinguish between ordered/unordered
Starting with RVV1.0, the original vf[w]redsum_vs instruction was renamed
to vf[w]redusum_vs. The distinction between ordered and unordered is also
more consistent with other instructions, although there is no difference
in implementation between the two for QEMU.

Signed-off-by: Yang Liu <liuyang22@iscas.ac.cn>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <20220817074802.20765-2-liuyang22@iscas.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Yang Liu
5bda21c0ea target/riscv: rvv-1.0: Simplify vfwredsum code
Remove duplicate code by wrapping vfwredsum_vs's OP function.

Signed-off-by: Yang Liu <liuyang22@iscas.ac.cn>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Frank Chang <frank.chang@sifive.com>
Message-Id: <20220817074802.20765-1-liuyang22@iscas.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Frank Chang
c472c142a7 target/riscv: debug: Add initial support of type 6 trigger
Type 6 trigger is similar to a type 2 trigger, but provides additional
functionality and should be used instead of type 2 in newer
implementations.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-9-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Frank Chang
c32461d8ee target/riscv: debug: Check VU/VS modes for type 2 trigger
Type 2 trigger cannot be fired in VU/VS modes.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-8-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Frank Chang
d1c111411e target/riscv: debug: Create common trigger actions function
Trigger actions are shared among all triggers. Extract to a common
function.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: handle the DBG_ACTION_NONE case]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-7-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Frank Chang
31b9798d82 target/riscv: debug: Introduce tinfo CSR
tinfo.info:
  One bit for each possible type enumerated in tdata1.
  If the bit is set, then that type is supported by the currently
  selected trigger.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-6-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Frank Chang
6ea8d3fc40 target/riscv: debug: Restrict the range of tselect value can be written
The value of tselect CSR can be written should be limited within the
range of supported triggers number.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-5-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Frank Chang
9495c4888a target/riscv: debug: Introduce tdata1, tdata2, and tdata3 CSRs
Replace type2_trigger_t with the real tdata1, tdata2, and tdata3 CSRs,
which allows us to support more types of triggers in the future.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220909134215.1843865-4-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Frank Chang
9d5a84db91 target/riscv: debug: Introduce build_tdata1() to build tdata1 register content
Introduce build_tdata1() to build tdata1 register content, which can be
shared among all types of triggers.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: moved RV{32,64}_DATA_MASK definition to this patch]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-3-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Frank Chang
a42bd00166 target/riscv: debug: Determine the trigger type from tdata1.type
Current RISC-V debug assumes that only type 2 trigger is supported.
To allow more types of triggers to be supported in the future
(e.g. type 6 trigger, which is similar to type 2 trigger with additional
 functionality), we should determine the trigger type from tdata1.type.

RV_MAX_TRIGGERS is also introduced in replacement of TRIGGER_TYPE2_NUM.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
[bmeng: fixed MXL_RV128 case, and moved macros to the following patch]
Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20220909134215.1843865-2-bmeng.cn@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 11:23:57 +10:00
Jason A. Donenfeld
2cfa963126 m68k: align bootinfo strings and data to 4 bytes
Various tools, such as kexec-tools and m68k-bootinfo, expect each
bootinfo entry to be aligned to 4 bytes, not 2 bytes. So adjust the
padding to fill this out as such.

Also, break apart the padding additions from the other field length
additions, so that it's more clear why these magic numbers are being
added, and comment them too.

Reported-by: Geert Uytterhoeven <geert@linux-m68k.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220926113900.1256630-2-Jason@zx2c4.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-09-26 23:37:22 +02:00
Mark Cave-Ayland
b342e56b23 target/m68k: use M68K_FEATURE_MOVEFROMSR_PRIV feature for move_from_sr privilege check
Now that M68K_FEATURE_M68000 has been renamed to M68K_FEATURE_M68K it is easier
to see that the privilege exception check is wrong: it is currently only generated
for ColdFire CPUs when in fact it should also be generated for Motorola CPUs from
the 68010 onwards.

Introduce a new M68K_FEATURE_MOVEFROMSR_PRIV feature which is set for all non-
Motorola CPUs, and for all Motorola CPUs from the 68010 onwards and use it to
determine whether a privilege exception should be generated for the MOVE-from-SR
instruction.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220925134804.139706-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-09-26 23:37:22 +02:00
Mark Cave-Ayland
2dc7bf63cf target/m68k: increase size of m68k CPU features from uint32_t to uint64_t
There are already 32 feature bits in use, so change the size of the m68k
CPU features to uint64_t (along with the associated m68k_feature()
functions) to allow up to 64 feature bits to be used.

At the same time make use of the BIT_ULL() macro when reading/writing
the CPU feature bits to improve readability, and also update m68k_feature()
to return a bool rather than an int.

Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220925134804.139706-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-09-26 23:37:04 +02:00
Bernhard Beschow
9dfa6c2aec hw/riscv/sifive_e: Fix inheritance of SiFiveEState
SiFiveEState inherits from SysBusDevice while it's TypeInfo claims it to
inherit from TYPE_MACHINE. This is an inconsistency which can cause
undefined behavior such as memory corruption.

Change SiFiveEState to inherit from MachineState since it is registered
as a machine.

Fixes: 0869490b1c ("riscv: sifive_e: Manually define the machine")

Signed-off-by: Bernhard Beschow <shentey@gmail.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220922075232.33653-1-shentey@gmail.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Frank Chang
9e37653b5c target/riscv: Check the correct exception cause in vector GDB stub
After RISCVException enum is introduced, riscv_csrrw_debug() returns
RISCV_EXCP_NONE to indicate there's no error. RISC-V vector GDB stub
should check the result against RISCV_EXCP_NONE instead of value 0.
Otherwise, 'E14' packet would be incorrectly reported for vector CSRs
when using "info reg vector" GDB command.

Signed-off-by: Frank Chang <frank.chang@sifive.com>
Reviewed-by: Jim Shu <jim.shu@sifive.com>
Reviewed-by: Tommy Wu <tommy.wu@sifive.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: LIU Zhiwei <zhiwei_liu@linux.alibaba.com>
Message-Id: <20220918083245.13028-1-frank.chang@sifive.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Alistair Francis
a06fded82e hw/riscv: opentitan: Expose the resetvec as a SoC property
On the OpenTitan hardware the resetvec is fixed at the start of ROM. In
QEMU we don't run the ROM code and instead just jump to the next stage.
This means we need to be a little more flexible about what the resetvec
is.

This patch allows us to set the resetvec from the command line with
something like this:
    -global driver=riscv.lowrisc.ibex.soc,property=resetvec,value=0x20000400

This way as the next stage changes we can update the resetvec.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220914101108.82571-4-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Alistair Francis
d057aaece7 hw/riscv: opentitan: Fixup resetvec
The resetvec for the OpenTitan machine ended up being set to an out of
date value, so let's fix that and bump it to the correct start address
(after the boot ROM)

Fixes: bf8803c64d "hw/riscv: opentitan: bump opentitan version"
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220914101108.82571-3-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Alistair Francis
277b210dd8 target/riscv: Set the CPU resetvec directly
Instead of using our properties to set a config value which then might
be used to set the resetvec (depending on your timing), let's instead
just set the resetvec directly in the env struct.

This allows us to set the reset vec from the command line with:
    -global driver=riscv.hart_array,property=resetvec,value=0x20000400

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220914101108.82571-2-alistair.francis@wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Andrew Burgess
4c0f0b6619 target/riscv: remove fixed numbering from GDB xml feature files
The fixed register numbering in the various GDB feature files for
RISC-V only exists because these files were originally copied from the
GDB source tree.

However, the fixed numbering only exists in the GDB source tree so
that GDB, when it connects to a target that doesn't provide a target
description, will use a specific numbering scheme.

That numbering scheme is designed to be compatible with the first
versions of QEMU (for RISC-V), that didn't send a target description,
and relied on a fixed numbering scheme.

Because of the way that QEMU manages its target descriptions,
recording the number of registers in each feature, and just relying on
GDB's numbering starting from 0, then I propose that we remove all the
fixed numbering from the RISC-V feature xml files, and just rely on
the standard numbering scheme.  Plenty of other targets manage their
xml files this way, e.g. ARM, AArch64, Loongarch, m68k, rx, and s390.

Signed-off-by: Andrew Burgess <aburgess@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Palmer Dabbelt <palmer@rivosinc.com>
Message-Id: <6069395f90e6fc24dac92197be815fedf42f5974.1661934573.git.aburgess@redhat.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Andrew Burgess
94452ac4cf target/riscv: remove fflags, frm, and fcsr from riscv-*-fpu.xml
While testing some changes to GDB's handling for the RISC-V registers
fcsr, fflags, and frm, I spotted that QEMU includes these registers
twice in the target description it sends to GDB, once in the fpu
feature, and once in the csr feature.

Right now things basically work OK, QEMU maps these registers onto two
different register numbers, e.g. fcsr maps to both 68 and 73, and GDB
can use either of these to access the register.

However, GDB's target descriptions don't really work this way, each
register should appear just once in a target description, mapping the
register name onto the number GDB should use when accessing the
register on the target.  Duplicate register names actually result in
duplicate registers on the GDB side, however, as the registers have
the same name, the user can only access one of these registers.

Currently GDB has a hack in place, specifically for RISC-V, to spot
the duplicate copies of these three registers, and hide them from the
user, ensuring the user only ever sees a single copy of each.

In this commit I propose fixing this issue on the QEMU side, and in
the process, simplify the fpu register handling a little.

I think we should, remove fflags, frm, and fcsr from the two (32-bit
and 64-bit) fpu feature xml files.  These files will only contain the
32 core floating point register f0 to f31.  The fflags, frm, and fcsr
registers will continue to be advertised in the csr feature as they
currently are.

With that change made, I will simplify riscv_gdb_get_fpu and
riscv_gdb_set_fpu, removing the extra handling for the 3 status
registers.

Signed-off-by: Andrew Burgess <aburgess@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <0fbf2a5b12e3210ff3867d5cf7022b3f3462c9c8.1661934573.git.aburgess@redhat.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Weiwei Li
a412829406 target/riscv: fix csr check for cycle{h}, instret{h}, time{h}, hpmcounter3-31{h}
- modify check for mcounteren to work in all less-privilege mode
- modify check for scounteren to work only when S mode is enabled
- distinguish the exception type raised by check for scounteren between U
and VU mode

Signed-off-by: Weiwei Li <liweiwei@iscas.ac.cn>
Signed-off-by: Junqiang Wang <wangjunqiang@iscas.ac.cn>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220817083756.12471-1-liweiwei@iscas.ac.cn>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Rahul Pathak
513eb437ae target/riscv: Remove sideleg and sedeleg
sideleg and sedeleg csrs are not part of riscv isa spec
anymore, these csrs were part of N extension which
is removed from the riscv isa specification.

These commits removed all traces of these csrs from
riscv spec (https://github.com/riscv/riscv-isa-manual) -

commit f8d27f805b65 ("Remove or downgrade more references to N extension (#674)")
commit b6cade07034d ("Remove N extension chapter for now")

Signed-off-by: Rahul Pathak <rpathak@ventanamicro.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220824145255.400040-1-rpathak@ventanamicro.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Alex Bennée
0c2d467191 docs/system: clean up code escape for riscv virt platform
The example code is rendered slightly mangled due to missing code
block. Properly escape the code block and add shell prompt and qemu to
fit in with the other examples on the page.

Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220905163939.1599368-1-alex.bennee@linaro.org>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Wilfred Mallawa
7a426f83c3 hw/ssi: ibex_spi: update reg addr
Updates the `EVENT_ENABLE` register to offset `0x34` as per
OpenTitan spec [1].

[1] https://docs.opentitan.org/hw/ip/spi_host/doc/#Reg_event_enable

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20220823061201.132342-5-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Wilfred Mallawa
a44558636a hw/ssi: ibex_spi: fixup typos in ibex_spi_host
This patch fixes up minor typos in ibex_spi_host

Signed-off-by: Wilfred Mallawa <wilfred.mallawa@wdc.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Andrew Jones <ajones@ventanamicro.com>
Message-Id: <20220823061201.132342-2-wilfred.mallawa@opensource.wdc.com>
Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-09-27 07:04:38 +10:00
Stefan Hajnoczi
15aa08a405 Pull request
-----BEGIN PGP SIGNATURE-----
 
 iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmMsmAMACgkQnKSrs4Gr
 c8gRYgf9F7B/Ncv+FrucAh8y17PxiMLt2ZNcAjsrghhp7GbYcJuqx6u4gvbkm7Na
 42DbYBnM98dhx5tQaACi4GjvJ+E+SyNZvxQxerzRoCgUvYY/fCsIN/6jEzQw4EVs
 w9H3zh9fuagIeip7YuIAg9KUgAz1ApWxjJJm9q6aY85xkpvZjiVaHjDRVuOR4zX3
 6srHj41218QHI9ksV1ZKA0LenqL6QtqfUrk+4/BT91TNKVBpHygD11idrhPObZIR
 psGoQutgKRuiyZSt+8+5TI6uRiTAt7VMOi3v7COozY/zY0s7D3kdVRrpuq7CJJt9
 MV2T/j/ZWk+WLqDW3EnFvRPXBv4JNg==
 =WUSL
 -----END PGP SIGNATURE-----

Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into staging

Pull request

# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmMsmAMACgkQnKSrs4Gr
# c8gRYgf9F7B/Ncv+FrucAh8y17PxiMLt2ZNcAjsrghhp7GbYcJuqx6u4gvbkm7Na
# 42DbYBnM98dhx5tQaACi4GjvJ+E+SyNZvxQxerzRoCgUvYY/fCsIN/6jEzQw4EVs
# w9H3zh9fuagIeip7YuIAg9KUgAz1ApWxjJJm9q6aY85xkpvZjiVaHjDRVuOR4zX3
# 6srHj41218QHI9ksV1ZKA0LenqL6QtqfUrk+4/BT91TNKVBpHygD11idrhPObZIR
# psGoQutgKRuiyZSt+8+5TI6uRiTAt7VMOi3v7COozY/zY0s7D3kdVRrpuq7CJJt9
# MV2T/j/ZWk+WLqDW3EnFvRPXBv4JNg==
# =WUSL
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 Sep 2022 13:14:43 EDT
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [ultimate]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [ultimate]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* tag 'block-pull-request' of https://gitlab.com/stefanha/qemu:
  virtiofsd: use g_date_time_get_microsecond to get subsecond

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-26 15:23:58 -04:00
Stefan Hajnoczi
99d6b11b5b target-arm queue:
* hw/net/can: fix Xilinx ZynqMP CAN RX FIFO logic
  * Fix alignment for Neon VLD4.32
  * Refactoring of page-table-walk code
  * hw/acpi: Add ospm_status hook implementation for acpi-ged
  * hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
  * chardev/baum: avoid variable-length arrays
  * io/channel-websock: avoid variable-length arrays
  * hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
  * hw/ppc/pnv: Avoid dynamic stack allocation
  * hw/intc/xics: Avoid dynamic stack allocation
  * hw/i386/multiboot: Avoid dynamic stack allocation
  * hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
  * ui/curses: Avoid dynamic stack allocation
  * tests/unit/test-vmstate: Avoid dynamic stack allocation
  * configure: fix various shellcheck-spotted issues and nits
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmMsjocZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3s0vEACuUs7nGGX5vd96EPN+sO5s
 HstP16G6/Xnlw2z0BaXi0MMWapQRhSQJ+MIeDJmqIyZKQ3geJGP7pbFTxI3zreYM
 UTKjdI/wWRYMKPYfxlIBZ8TPugj4a4paFJlyqmpHXtkwiWRv6rF70HQ9Yku5id93
 FN9js/dyF74S2AaDppBuTWp31cM1k6kBTg/v5tXSxE8kDUKkO+HZ1VujOqIG/4nJ
 6urNJ7jlHSiFdXya2QiR+CAkyXyy551rLETeO8VJg9tOO7Ys7Olj7lqv6kHJY/X1
 01RbN5A5WXhqCvTLM3UYTvFHmbZtS/C5iUhHRtlZkOoeSv2jS6IRDB8BrBtIbOwF
 XKpaYf1jyFLFwX++hpvySD9Vbcu8KgKId8iKTuDcxjQlEjL3fTbt1ulKo4y+rJ8O
 6G1k4yZc8/nAvttNoKCn7/Jr1dC+HsANa+1s1L+6w+f1gARV0VXs4gqsveNnbe1+
 WzzaHvHt+hCaiWkSZlyisyw3fbEXMrEyKewi+SZu3c8PvJ6DHa+rYjkhem7muBVF
 iR48FRTjFiS+o402KMwXfMdiGjXyZFi09yn5diowlVjkNAaZVZfgu/wUMD5QBhbh
 fNDSw7LpXGUHML/O98MiXznkgGvTEQNxZdp2qIQrTiinUgmV4ZRLR23ZpEibdJPX
 kiOkr46SbWvksCXnRlTf8w==
 =hec8
 -----END PGP SIGNATURE-----

Merge tag 'pull-target-arm-20220922' of https://git.linaro.org/people/pmaydell/qemu-arm into staging

target-arm queue:
 * hw/net/can: fix Xilinx ZynqMP CAN RX FIFO logic
 * Fix alignment for Neon VLD4.32
 * Refactoring of page-table-walk code
 * hw/acpi: Add ospm_status hook implementation for acpi-ged
 * hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
 * chardev/baum: avoid variable-length arrays
 * io/channel-websock: avoid variable-length arrays
 * hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
 * hw/ppc/pnv: Avoid dynamic stack allocation
 * hw/intc/xics: Avoid dynamic stack allocation
 * hw/i386/multiboot: Avoid dynamic stack allocation
 * hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
 * ui/curses: Avoid dynamic stack allocation
 * tests/unit/test-vmstate: Avoid dynamic stack allocation
 * configure: fix various shellcheck-spotted issues and nits

# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmMsjocZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3s0vEACuUs7nGGX5vd96EPN+sO5s
# HstP16G6/Xnlw2z0BaXi0MMWapQRhSQJ+MIeDJmqIyZKQ3geJGP7pbFTxI3zreYM
# UTKjdI/wWRYMKPYfxlIBZ8TPugj4a4paFJlyqmpHXtkwiWRv6rF70HQ9Yku5id93
# FN9js/dyF74S2AaDppBuTWp31cM1k6kBTg/v5tXSxE8kDUKkO+HZ1VujOqIG/4nJ
# 6urNJ7jlHSiFdXya2QiR+CAkyXyy551rLETeO8VJg9tOO7Ys7Olj7lqv6kHJY/X1
# 01RbN5A5WXhqCvTLM3UYTvFHmbZtS/C5iUhHRtlZkOoeSv2jS6IRDB8BrBtIbOwF
# XKpaYf1jyFLFwX++hpvySD9Vbcu8KgKId8iKTuDcxjQlEjL3fTbt1ulKo4y+rJ8O
# 6G1k4yZc8/nAvttNoKCn7/Jr1dC+HsANa+1s1L+6w+f1gARV0VXs4gqsveNnbe1+
# WzzaHvHt+hCaiWkSZlyisyw3fbEXMrEyKewi+SZu3c8PvJ6DHa+rYjkhem7muBVF
# iR48FRTjFiS+o402KMwXfMdiGjXyZFi09yn5diowlVjkNAaZVZfgu/wUMD5QBhbh
# fNDSw7LpXGUHML/O98MiXznkgGvTEQNxZdp2qIQrTiinUgmV4ZRLR23ZpEibdJPX
# kiOkr46SbWvksCXnRlTf8w==
# =hec8
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 22 Sep 2022 12:34:15 EDT
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg:                 aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* tag 'pull-target-arm-20220922' of https://git.linaro.org/people/pmaydell/qemu-arm: (39 commits)
  configure: Avoid use of 'local' as it is non-POSIX
  configure: Check mkdir result directly, not via $?
  configure: Remove use of backtick `...` syntax
  configure: Add './' on front of glob of */config-devices.mak.d
  configure: Add missing quoting for some easy cases
  configure: Remove unused meson_args variable
  configure: Remove unused python_version variable
  tests/unit/test-vmstate: Avoid dynamic stack allocation
  ui/curses: Avoid dynamic stack allocation
  hw/usb/hcd-ohci: Use definition to avoid dynamic stack allocation
  hw/i386/multiboot: Avoid dynamic stack allocation
  hw/intc/xics: Avoid dynamic stack allocation
  hw/ppc/pnv: Avoid dynamic stack allocation
  hw/net/e1000e_core: Use definition to avoid dynamic stack allocation
  io/channel-websock: Replace strlen(const_str) by sizeof(const_str) - 1
  chardev/baum: Avoid dynamic stack allocation
  chardev/baum: Use definitions to avoid dynamic stack allocation
  chardev/baum: Replace magic values by X_MAX / Y_MAX definitions
  hw/net/lan9118: Signal TSFL_INT flag when TX FIFO reaches specified level
  hw/acpi: Add ospm_status hook implementation for acpi-ged
  ...

Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2022-09-26 13:38:26 -04:00
Thomas Huth
5890258aee Remove the slirp submodule (i.e. compile only with an external libslirp)
Since QEMU 7.1 we don't support Ubuntu 18.04 anymore, so the last big
important Linux distro that did not have a pre-packaged libslirp has
been dismissed. All other major distros seem to have a libslirp package
in their distribution already - according to repology.org:

          Fedora 35: 4.6.1
  CentOS 8 (RHEL-8): 4.4.0
          Debian 11: 4.4.0
 OpenSUSE Leap 15.3: 4.3.1
   Ubuntu LTS 20.04: 4.1.0
      FreeBSD Ports: 4.7.0
      NetBSD pkgsrc: 4.7.0
           Homebrew: 4.7.0
        MSYS2 mingw: 4.7.0

The only one that was still missing a libslirp package is OpenBSD - but
the next version (OpenBSD 7.2 which will be shipped in October) is going
to include a libslirp package. Since QEMU 7.2 will be published after
OpenBSD 7.2, we should be fine there, too.

So there is no real urgent need for keeping the slirp submodule in
the QEMU tree anymore. Thus let's drop the slirp submodule now and
rely on the libslirp packages from the distributions instead.

Message-Id: <20220824151122.704946-7-thuth@redhat.com>
Acked-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato
59d1ce4439 s390x/s390-virtio-ccw: add zpcii-disable machine property
The zpcii-disable machine property can be used to force-disable the use
of zPCI interpretation facilities for a VM.  By default, this setting
will be off for machine 7.2 and newer.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <20220902172737.170349-9-mjrosato@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
[thuth: Fix contextual conflict in ccw_machine_7_1_instance_options()]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato
9ee8f7e46a s390x/pci: reflect proper maxstbl for groups of interpreted devices
The maximum supported store block length might be different depending
on whether the instruction is interpretively executed (firmware-reported
maximum) or handled via userspace intercept (host kernel API maximum).
Choose the best available value during group creation.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20220902172737.170349-8-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato
30dcf4f7fd s390x/pci: let intercept devices have separate PCI groups
Let's use the reserved pool of simulated PCI groups to allow intercept
devices to have separate groups from interpreted devices as some group
values may be different. If we run out of simulated PCI groups, subsequent
intercept devices just get the default group.
Furthermore, if we encounter any PCI groups from hostdevs that are marked
as simulated, let's just assign them to the default group to avoid
conflicts between host simulated groups and our own simulated groups.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20220902172737.170349-7-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato
d0bc7091c2 s390x/pci: enable adapter event notification for interpreted devices
Use the associated kvm ioctl operation to enable adapter event notification
and forwarding for devices when requested.  This feature will be set up
with or without firmware assist based upon the 'forwarding_assist' setting.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Message-Id: <20220902172737.170349-6-mjrosato@linux.ibm.com>
[thuth: Rename "forwarding_assist" property to "forwarding-assist"]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato
15d0e7942d s390x/pci: don't fence interpreted devices without MSI-X
Lack of MSI-X support is not an issue for interpreted passthrough
devices, so let's let these in.  This will allow, for example, ISM
devices to be passed through -- but only when interpretation is
available and being used.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20220902172737.170349-5-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato
dd1d5fd968 s390x/pci: enable for load/store interpretation
If the ZPCI_OP ioctl reports that is is available and usable, then the
underlying KVM host will enable load/store intepretation for any guest
device without a SHM bit in the guest function handle.  For a device that
will be using interpretation support, ensure the guest function handle
matches the host function handle; this value is re-checked every time the
guest issues a SET PCI FN to enable the guest device as it is the only
opportunity to reflect function handle changes.

By default, unless interpret=off is specified, interpretation support will
always be assumed and exploited if the necessary ioctl and features are
available on the host kernel.  When these are unavailable, we will silently
revert to the interception model; this allows existing guest configurations
to work unmodified on hosts with and without zPCI interpretation support,
allowing QEMU to choose the best support model available.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220902172737.170349-4-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Matthew Rosato
21fa15298d s390x/pci: add routine to get host function handle from CLP info
In order to interface with the underlying host zPCI device, we need
to know its function handle. Add a routine to grab this from the
vfio CLP capabilities chain.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Reviewed-by: Pierre Morel <pmorel@linux.ibm.com>
Message-Id: <20220902172737.170349-3-mjrosato@linux.ibm.com>
[thuth: Replace free(info) with g_free(info)]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Chenyi Qiang
d525f73f91 Update linux headers to v6.0-rc4
commit 7e18e42e4b280c85b76967a9106a13ca61c16179

Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20220915091035.3897-3-chenyi.qiang@intel.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Chenyi Qiang
28d01b1d69 configure: Add -Wno-gnu-variable-sized-type-not-at-end
A Linux headers update to v6.0-rc switches some definitions from GNU
'zero-length-array' extension to the C-standard-defined flexible array
member. e.g.

struct kvm_msrs {
        __u32 nmsrs; /* number of msrs in entries */
        __u32 pad;

-       struct kvm_msr_entry entries[0];
+       struct kvm_msr_entry entries[];
};

Those (unlike the GNU zero-length-array) have some extra restrictions like
'this must be put at the end of a struct', which clang build would complain
about. e.g. the current code

struct {
        struct kvm_msrs info;
        struct kvm_msr_entry entries[1];
} msr_data = { }

generates the warning like:

target/i386/kvm/kvm.c:2868:25: error: field 'info' with variable sized
type 'struct kvm_msrs' not at the end of a struct or class is a GNU
extension [-Werror,-Wgnu-variable-sized-type-not-at-end]
        struct kvm_msrs info;
                        ^
In fact, the variable length 'entries[]' field in 'info' is zero-sized in
GNU defined semantics, which can give predictable offset for 'entries[1]'
in local msr_data. The local defined struct is just there to force a stack
allocation large enough for 1 kvm_msr_entry, a clever trick but requires to
turn off this clang warning.

Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Chenyi Qiang <chenyi.qiang@intel.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Cornelia Huck <cohuck@redhat.com>
Message-Id: <20220915091035.3897-2-chenyi.qiang@intel.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:47 +02:00
Jason A. Donenfeld
3dbc5fdacb target/s390x: support PRNO_TRNG instruction
In order for hosts running inside of TCG to initialize the kernel's
random number generator, we should support the PRNO_TRNG instruction,
backed in the usual way with the qemu_guest_getrandom helper. This is
confirmed working on Linux 5.19.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
Message-Id: <20220921100729.2942008-2-Jason@zx2c4.com>
Reviewed-by: David Hildenbrand <david@redhat.com>
[thuth: turn prno-trng off in avocado test to avoid breaking it]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-26 17:23:11 +02:00
Jameson Nash
65d4830dac linux-user: fix readlinkat handling with magic exe symlink
Exactly the same as f17f4989fa before was
for readlink. I suppose this was simply missed at the time.

Signed-off-by: Jameson Nash <vtjnash@gmail.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220808190727.875155-1-vtjnash@gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2022-09-23 23:43:45 +02:00
Jason A. Donenfeld
9f17bfdab4 target/s390x: support SHA-512 extensions
In order to fully support MSA_EXT_5, we have to support the SHA-512
special instructions. So implement those.

The implementation began as something TweetNacl-like, and then was
adjusted to be useful here. It's not very beautiful, but it is quite
short and compact, which is what we're going for.

Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com>
[ restructure, add missing exception, add comments, fixup CPU model ]
Signed-off-by: David Hildenbrand <david@redhat.com>
Message-Id: <20220922153820.221811-1-david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-23 15:18:52 +02:00
Ilya Leoshkevich
ab9ccfa850 linux-user/host/s390: Add vector instructions to host_signal_write()
The new noexec test fails on s390x with "unexpected SEGV". This test
overwrites code using libc's memcpy(), which uses VSTL instruction.
host_signal_write() does not recognize it, which causes SEGV to be
incorrectly forwarded to the test.

Add all vector instructions that write to memory to
host_signal_write().

Fixes: ab12c95d3f ("target/s390x: Make translator stop before the end of a page")
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20220920113907.334144-1-iii@linux.ibm.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-09-23 15:16:16 +02:00
Qiang Liu
d8c2e6f2f6 hcd-ohci: Drop ohci_service_iso_td() if ed->head & OHCI_DPTR_MASK is zero
An abort happens in ohci_frame_boundary() when ohci->done is 0 [1].

``` c
static void ohci_frame_boundary(void *opaque)
{
    // ...
    if (ohci->done_count == 0 && !(ohci->intr_status & OHCI_INTR_WD)) {
        if (!ohci->done)
            abort(); <----------------------------------------- [1]
```

This was reported in https://bugs.launchpad.net/qemu/+bug/1911216/,
https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html, and
https://gitlab.com/qemu-project/qemu/-/issues/545. I can still reproduce it with
the latest QEMU.

This happends due to crafted ED with putting ISO_TD at physical address 0.

Suppose ed->head & OHCI_DPTR_MASK is 0 [2], and we memset 0 to the phyiscal
memory from 0 to sizeof(ohci_iso_td). Then, starting_frame [3] and frame_count
[4] are both 0. As we can control the value of ohci->frame_number (0 to 0x1f,
suppose 1), we then control the value of relative_frame_number to be 1 [6]. The
control flow goes to [7] where ohci->done is 0. Have returned from
ohci_service_iso_td(), ohci_frame_boundary() will abort() [1].

``` c
static int ohci_service_iso_td(OHCIState *ohci, struct ohci_ed *ed)
{
    // ...
    addr = ed->head & OHCI_DPTR_MASK; // <--------------------- [2]

    if (ohci_read_iso_td(ohci, addr, &iso_td)) {   // <-------- [3]
        // ...

    starting_frame = OHCI_BM(iso_td.flags, TD_SF); // <-------- [4]
    frame_count = OHCI_BM(iso_td.flags, TD_FC);    // <-------- [5]
    relative_frame_number = USUB(ohci->frame_number, starting_frame);
                                                   // <-------- [6]
    if (relative_frame_number < 0) {
        return 1;
    } else if (relative_frame_number > frame_count) {
        // ...
        ohci->done = addr;                         // <-------- [7]
        // ...
    }
```

As only (afaik) a guest root user can manipulate ED, TD and the physical memory,
this assertion failure is not a security bug.

The idea to fix this issue is to drop ohci_service_iso_td() if ed->head &
OHCI_DPTR_MASK is 0, which is similar to the drop operation for
ohci_service_ed_list() when head is 0. Probably, a similar issue is in
ohci_service_td(). I drop ohci_service_td() if ed->head & OHCI_DPTR_MASK is 0.

Fixes: 7bfe577702 ("OHCI USB isochronous transfers support (Arnon Gilboa)")
Reported-by: Gaoning Pan <pgn@zju.edu.cn>
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Qiang Liu <cyruscyliu@gmail.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/545
Buglink: https://lists.gnu.org/archive/html/qemu-devel/2021-06/msg03613.html
Buglink: https://bugs.launchpad.net/qemu/+bug/1911216
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <20220826051557.119570-1-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-23 14:38:27 +02:00
Thomas Huth
0b33bb394d hw/usb/hcd-xhci: Check whether DMA accesses fail
If a guest sets up bad descriptors, it could force QEMU to access
non-existing memory regions. Thus we should check the return value
of dma_memory_read/write() to make sure that these errors don't go
unnoticed.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220817160016.49752-1-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-23 14:38:27 +02:00
Volker Rümelin
17b55372b5 ui/console: fix three double frees in png_save()
The png_destroy_write_struct() function frees all memory used by
libpng. Don't use the glib auto cleanup mechanism to free the
memory allocated by libpng again. For the pixman image, use only the
auto cleanup mechanism and remove the qemu_pixman_image_unref()
function call to prevent another double free.

Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1210
Fixes: 9a0a119a38 ("Added parameter to take screenshot with screendump as PNG")
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Volker Rümelin <vr_qemu@t-online.de>
Message-Id: <20220919061956.30929-1-vr_qemu@t-online.de>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-23 14:38:27 +02:00
Marc-André Lureau
d18431547f ui/vdagent: fix serial reset of guest agent
In order to reset the guest agent, we send CLOSED & OPENED events.

They are correctly received by the guest kernel. However, they might not
be noticed by the guest agent process, as the IO task (poll() for
example) might be wake up after both CLOSED & OPENED have been
processed.

Wait until the guest agent is disconnected to re-open our side.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-6-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-23 14:38:27 +02:00
Marc-André Lureau
72ce36f77c ui/clipboard: reset the serial state on reset
Not only we have to reset the vdagent clipboards serial state, but also
the current QEMU clipboards info serial (the value is currently used by
qemu_clipboard_check_serial, only used by -display dbus).

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220912102455.111765-5-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-09-23 14:38:27 +02:00