Commit Graph

79045 Commits

Author SHA1 Message Date
Markus Armbruster
cf4e3d000e virtio: Drop broken and superfluous object_property_set_link()
virtio_crypto_pci_realize() and copies the value of vcrypto->vdev's
property "cryptodev" to vcrypto's property:

    object_property_set_link(OBJECT(vrng), "rng", OBJECT(vrng->vdev.conf.rng),
                             NULL);

Since it does so only after realize, this always fails, but the error
is ignored.

It's actually superfluous: vcrypto's property is an alias of
vcrypto->vdev's property, created by virtio_instance_init_common().

Drop the call.

Same for virtio_ccw_crypto_realize(), virtio_rng_pci_realize(),
virtio_ccw_rng_realize().

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200721121153.1128844-1-armbru@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-07-22 07:57:07 -04:00
Michael Tokarev
dba04c3488 acpi: accept byte and word access to core ACPI registers
All ISA registers should be accessible as bytes, words or dwords
(if wide enough).  Fix the access constraints for acpi-pm-evt,
acpi-pm-tmr & acpi-cnt registers.

Fixes: 5d971f9e67 (memory: Revert "memory: accept mismatching sizes in memory_region_access_valid")
Fixes: afafe4bbe0 (apci: switch cnt to memory api)
Fixes: 77d58b1e47 (apci: switch timer to memory api)
Fixes: b5a7c024d2 (apci: switch evt to memory api)
Buglink: https://lore.kernel.org/xen-devel/20200630170913.123646-1-anthony.perard@citrix.com/T/
Buglink: https://bugs.debian.org/964793
BugLink: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964247
BugLink: https://bugs.launchpad.net/bugs/1886318
Reported-By: Simon John <git@the-jedi.co.uk>
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Message-Id: <20200720160627.15491-1-mjt@msgid.tls.msk.ru>
Cc: qemu-stable@nongnu.org
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-07-22 07:57:07 -04:00
Peter Maydell
c8004fe6bb Update version for v5.1.0-rc1 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 20:28:59 +01:00
Peter Maydell
0c1fd2f41f Block layer patches:
- file-posix: Handle `EINVAL` fallocate return value
 - qemu-img convert -n: Keep qcow2 v2 target sparse
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEE3D3rFZqa+V09dFb+fwmycsiPL9YFAl8XDZgRHGt3b2xmQHJl
 ZGhhdC5jb20ACgkQfwmycsiPL9bpFQ/9EnS4iV9w0KW/NuJ4FIVdBD/VZFzokDLi
 1vXVVEjoxAxxiP8KlGM9HRi5NtvOMgzKhNGias0wOFiBorx8Ppfc+3sqwygc2dnw
 Vbl/od2D7xQZkddnp4Upo70m+eWRW6xaxX+lAcl6iS3gBPDwExLaYfBN8lFUyRrs
 T4C0miD+abEEyL3C5A4cEZJ7CIs0n7AqZkqgytWA7clwy79VgDSuMOgP6DOP1tGH
 1uK4gMCB0xbn+PHk96lXPORcLwDBOP0PIluo/zBmffzsEZN1Lv5ddVmxMQWSivin
 UmAbpeEtSw9Py5lRVmLSBYvolVOUleE/Rlzad2iue2be5/G8VP8xiRYMp9mUVpLO
 +LPMUd9NRkPx7wjUJMPKF0G9FgVO7R0+9J6rC33aKBj2XAlxY6qQlqUN2Jo11/fK
 2+9AkU7WVqx3vuW2Zz7wjq3Rjvpg/sK+V3P3Cm6HTwwwPbEwv8GcFe6eKdvJrZ9K
 hhwiFSUOd90OUAdKOQXKMFSZ/t1TrZhdX882Hvth11/AlQAUY4cxQbSKcc2nrvLu
 Axk0Va3haOD+ReRTs8W/iYNdrXGZmbr3MCkNiK3QSvnrdj602ompco7xyDTX1/qH
 6Hu28q7jUG3p3cApLQIZVjmogfqcGU7SWIY4lp9HZqtGP0z+pmWg46UNqzlKLyv5
 Y/fVHHshlRU=
 =QhOf
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- file-posix: Handle `EINVAL` fallocate return value
- qemu-img convert -n: Keep qcow2 v2 target sparse

# gpg: Signature made Tue 21 Jul 2020 16:45:28 BST
# gpg:                using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6
# gpg:                issuer "kwolf@redhat.com"
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  iotests: Test sparseness for qemu-img convert -n
  qcow2: Implement v2 zero writes with discard if possible
  file-posix: Handle `EINVAL` fallocate return value

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 19:25:48 +01:00
Peter Maydell
b50dab9eca QOM patches for 2020-07-21
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl8XDGsSHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTPTYP/11AHdREDvz+KDl7AXtndxE9wo6GPGUy
 GhMSXODgOm6a4/nk4xQQR7MU+57C2IMnYbAAdrNXA3YVHjUPMURVsAeTsl9ruchC
 1JiNrtXKgaWv5P8WeNzuXcH9B7n3UZ/mV4FH8v0FhjZhsH6EHP0zOhgNScPyQurz
 AsmYN5hSoSz8jRFQ8xlNzBhNrYX5dG6fOs4M6yBRUgzaCuRcSn/+cgjngfAmcH4k
 F0KK+rBQA+KUAKYp0QUaUcbD5oj/6KaQMsfqsFROR8m+AAJrhkP2ffmcDCHfCW8A
 SQsp8k2SkdHXNgRoDJSea1TYMitCFrTBDv+MfBWOLH4ewQrGAzvsuG5o3FlnVeN7
 CKHkkxqOEifJ/vnThVBTIsqxf8/HefDXi1B5BXSKYSvnPKnnh8HCZ7VxvAsNGZiR
 epr4gEGBCcb9/bXFUmVVPz6H+lUWORzhF4P0spNJwH5BT9FLybWgJt9o4KH+pxYA
 DL4GF5vOkBgIhgUR+vn535vik7M38u6gsB8m22s2FRkZmIxTpxp9eH2ehHGSoVYM
 Yl1kVzJmFMPakl0gG1dMmM4+DJGRTHLCfBFS4pzMs9DaCNHUF3CB8FjXQs3NIFCS
 XGnChbri/wF83DEueTIrUAqF2w0XgEy55aVBOZkmFT6DXPXbx+Y3Q/AomaktBLyv
 FFUe9SfMn63P
 =HTNj
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qom-2020-07-21' into staging

QOM patches for 2020-07-21

# gpg: Signature made Tue 21 Jul 2020 16:40:27 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qom-2020-07-21:
  qom: Make info qom-tree sort children more efficiently
  qom: Document object_get_canonical_path() returns malloced string
  qom: Change object_get_canonical_path_component() not to malloc

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 18:31:52 +01:00
Peter Maydell
a418695e1b fixes for xhci and modular builds.
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQIcBAABCgAGBQJfFvV5AAoJEEy22O7T6HE4AvsQAKiPiFrhDKfGxnlb5p9eo4QZ
 y3OYmQiYoy3V+9zHpJhhIKPh/oDOxKanGTH3gjhU/25uJC/fsLcPm8T9nQCZG+j4
 XG/nY1SJM0YPpZfHEVitEzYM2dYvsmhynOBS8Hqbi07SVUs0XnpgtdKwjeasoLsG
 R7hOX7vpsA/pf5hcgWe5cHsWiQwR09SBrzRa8OVwQFyEFtYnkIxjjDT//cmb37Ca
 kCm2LZt7qaDY1UUV47LdD5Slw7sC3cUx4+8kwllhiKsqzSiy/r80Gjia59lrRCGz
 cifmJx504rDVVdEnxQlhizk04XYtG+HlKYGx/9H3HKLKpsntyz88rwziQeIwj29T
 78xeT0H0/+y4CHQiBZDVeNINH7jw5uvYKDUZjRT7SFT0Yz3OZ/tTIuWdaXatap2s
 ONdGdsNvtkjx+eb47xpZp+mLPOm0Rht60f+4dWSsPWR2jpbJZyKrQ1dfh1zjifEi
 5UEV3BdcaVvLfqMBe6uYquOfUH+Z7B5VjbBo8N7/5IPKjqW8veBSWcQNicZ5r9/P
 UeFKUC6ODXQTr8JUpSHPIiMAc1z+QaQQyEVtk87xJxTJD7rGlVnT1oJrIebnmZJq
 /kDTcdZpiOuM/hHvbaer914YG20GibIxCoG/mqqcUp6zNUTKhsSgiUEObxq6MHyL
 V2dQPbnH7GT7bB85mDTR
 =+Bpn
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20200721-pull-request' into staging

fixes for xhci and modular builds.

# gpg: Signature made Tue 21 Jul 2020 15:02:33 BST
# gpg:                using RSA key 4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/fixes-20200721-pull-request:
  module: ignore NULL type
  qxl: fix modular builds with dtrace
  xhci: fix valid.max_access_size to access address registers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 17:36:14 +01:00
Peter Maydell
5252220dbf -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
 
 iQEcBAABAgAGBQJfFu4hAAoJEO8Ells5jWIR10oH/1QlUjIdOY9/AgCi7yxof3iG
 F5ea/AJvYICTwleRSoUY8ZRtGlPw/FMJr/CBmSLuSGgGjAV86eHSih9dYNHUoFc/
 jXNq5E/92xV4Ht55YF6AibIEEV5WSUNTF14XpqyL6UCmjZyAvoJwMwjPCDiTiqtY
 EjiLhDxHgUj2kKGlthVy5xUjDJ2XSH65NKrVIzdhCmahazA3m1L6ucP7ZBlGw7QJ
 XFxqf8cC3qwaYbPWDsGmQK8Q9KGB7g0Xgvoc8wWPpOpW0wGzRzMcAPzIl9HaMJkr
 oL+hJtMUxkN53ZR+RnnbmQqACaeu12T77RL0hljG3HQQDPQ1YtJ3G+QhkEaXlNg=
 =WAG7
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into staging

# gpg: Signature made Tue 21 Jul 2020 14:31:13 BST
# gpg:                using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg:          It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F  3562 EF04 965B 398D 6211

* remotes/jasowang/tags/net-pull-request:
  hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
  hw/net: Added plen fix for IPv6

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 16:50:42 +01:00
Kevin Wolf
4a01e27ddc iotests: Test sparseness for qemu-img convert -n
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200721135520.72355-3-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-07-21 17:44:35 +02:00
Markus Armbruster
0dde9fd12f qom: Make info qom-tree sort children more efficiently
Commit e8c9e65816 "qom: Make "info qom-tree" show children sorted"
sorts children the simple, stupid, quadratic way.  I thought the
number of children would be small enough for this not to matter.  I
was wrong: there are outliers with several hundred children, e.g ARM
machines nuri and smdkc210 each have a node with 513 children.

While n^2 sorting isn't noticeable in normal, human usage even for
n=513, it can be quite noticeable in certain automated tests.  In
particular, the sort made device-introspect-test even slower.  Commit
3e7b80f84d "tests: improve performance of device-introspect-test" just
fixed that by cutting back its excessive use of "info qom-tree".
Sorting more efficiently makes sense regardless, so do it.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200714160202.3121879-6-armbru@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-07-21 17:39:37 +02:00
Peter Maydell
8856755eb8 QAPI patches patches for 2020-07-21
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl8W6AESHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTvtQP/1XR55Ad/iyidill56Pj0W2wVzneXHIF
 mr8lHiFH/bouXPEG4fTS6Nqex1W5TZIvpiNqIK3d/2K6vk/LIkPs9c3B99qIFrP8
 U3+ROUYlBCA9buE7mH85Cji5AGPbPbRN8xgszAbWJ3iCvH8Dq5Iiymr05glq+gAk
 23vG62cOJsa9UD1gJdk89wST+9M5AEEK34V4pWkPClGtdPnK8/4DFf1ZUz6ybK4u
 bP7J1I4tBzIx8JTv6zGE0kNZHM0KJCsEIM+LL4CsDxBBcL5p0Qnnrn05sXNT2cM1
 oBjVWEiz9O1uAZcS1SXTANqKUCZ2Mj+sOcfKWxJOPDB/fTwqTYUPGJtcsqEWWIum
 lw1+PlcIE19WTxyDllU/WFTvlljU+KbVXEFsI08nNm2A5ZrDjVRJUTP7pZOQqo5E
 jjeeXk/PZv6D+7EQU37HIf8gDTEJ4AiNVY1kwswo6kTfAxNe7xUx8P9+Vh2p4pzN
 k7zib/TsaniLXYtKlXsckE7Wm6lilhopo8K23zdaQj/AIxtTG/75j+V01mPsNivb
 zGpC4iSjs2fg6wjXCTFmfi724JXhC2yT6FwnNSeW0Geq7Oy6NSHGBNCjoNTp7d6k
 4C6H9FVZJ+EGlP0cc67ocRVz7PR3supi3EEcpEAhkdVtlvWe296/DXDcPVyA1DI2
 0deaCVTjY6yK
 =v3wA
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2020-07-21' into staging

QAPI patches patches for 2020-07-21

# gpg: Signature made Tue 21 Jul 2020 14:05:05 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-qapi-2020-07-21:
  qapi: Fix visit_type_STRUCT() not to fail for null object

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 16:10:38 +01:00
Kevin Wolf
61b3043965 qcow2: Implement v2 zero writes with discard if possible
qcow2 version 2 images don't support the zero flag for clusters, so for
write_zeroes requests, we return -ENOTSUP and get explicit zero buffer
writes. If the image doesn't have a backing file, we can do better: Just
discard the respective clusters.

This is relevant for 'qemu-img convert -O qcow2 -n', where qemu-img has
to assume that the existing target image may contain any data, so it has
to write zeroes. Without this patch, this results in a fully allocated
target image, even if the source image was empty.

Reported-by: Nir Soffer <nsoffer@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20200721135520.72355-2-kwolf@redhat.com>
Reviewed-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-07-21 16:28:57 +02:00
Antoine Damhet
bae127d4dc file-posix: Handle EINVAL fallocate return value
The `detect-zeroes=unmap` option may issue unaligned
`FALLOC_FL_PUNCH_HOLE` requests, raw block devices can (and will) return
`EINVAL`, qemu should then write the zeroes to the blockdev instead of
issuing an `IO_ERROR`.

The problem can be reprodced like this:

$ qemu-io -c 'write -P 0 42 1234' --image-opts driver=host_device,filename=/dev/loop0,detect-zeroes=unmap
write failed: Invalid argument

Signed-off-by: Antoine Damhet <antoine.damhet@blade-group.com>
Message-Id: <20200717135603.51180-1-antoine.damhet@blade-group.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-07-21 16:28:57 +02:00
Markus Armbruster
5bd929d2ff qom: Document object_get_canonical_path() returns malloced string
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200714160202.3121879-5-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-07-21 16:23:43 +02:00
Markus Armbruster
7a309cc95b qom: Change object_get_canonical_path_component() not to malloc
object_get_canonical_path_component() returns a malloced copy of a
property name on success, null on failure.

19 of its 25 callers immediately free the returned copy.

Change object_get_canonical_path_component() to return the property
name directly.  Since modifying the name would be wrong, adjust the
return type to const char *.

Drop the free from the 19 callers become simpler, add the g_strdup()
to the other six.

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200714160202.3121879-4-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
2020-07-21 16:23:43 +02:00
Mauro Matteo Cascella
5519724a13 hw/net/xgmac: Fix buffer overflow in xgmac_enet_send()
A buffer overflow issue was reported by Mr. Ziming Zhang, CC'd here. It
occurs while sending an Ethernet frame due to missing break statements
and improper checking of the buffer size.

Reported-by: Ziming Zhang <ezrakiez@gmail.com>
Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-21 21:30:39 +08:00
Andrew
e219d30910 hw/net: Added plen fix for IPv6
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1708065
With network backend with 'virtual header' - there was an issue
in 'plen' field. Overall, during TSO, 'plen' would be changed,
but with 'vheader' this field should be set to the size of the
payload itself instead of '0'.

Signed-off-by: Andrew Melnychenko <andrew@daynix.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-07-21 21:30:39 +08:00
Peter Maydell
98d897eb4b Block patches for 5.1:
- Let LUKS images only be shared between VMs if the guest device was
   configured to allow that
 - Fix abort() from bdrv_aio_cancel() for guest devices without a BDS
 -----BEGIN PGP SIGNATURE-----
 
 iQFGBAABCAAwFiEEkb62CjDbPohX0Rgp9AfbAGHVz0AFAl8W1cUSHG1yZWl0ekBy
 ZWRoYXQuY29tAAoJEPQH2wBh1c9AA7wH/1ckTrSDMroVi1adBrz+KycA3O9kSmzl
 Z4qvLEdj/j7oc3ud96faCguPBv36ogjq/Wu7wl2/5ufNCVtr39LQLi7LeUiuzcuM
 mZaov8BaFPWcVnEyqJKES/VfOB4AbT2LfFhqC+L2VGShsxFDTVOAno6R87Onkkuy
 87qN9gs2b77pyhUQxvgKJzfvjDy0YRDyYn30eBo/WisEjfDfLrf2Fv/wpZze0OC8
 9cqEvczTU2nQzX5k2NnANbf8Vr/U6H3tay/f/C3FZ0lWHcqWEieIKlWp4iYezsTk
 B/LKDMWtvPgrZGxmsHrwOs9Y1Tfre3w86PrLXAC44WpX6OghhXKNKrQ=
 =BV7d
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2020-07-21' into staging

Block patches for 5.1:
- Let LUKS images only be shared between VMs if the guest device was
  configured to allow that
- Fix abort() from bdrv_aio_cancel() for guest devices without a BDS

# gpg: Signature made Tue 21 Jul 2020 12:47:17 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2020-07-21:
  block: fix bdrv_aio_cancel() for ENOMEDIUM requests
  qemu-iotests: add testcase for bz #1857490
  block/crypto: disallow write sharing by default

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 14:03:45 +01:00
Markus Armbruster
cbf97d5b79 qapi: Fix visit_type_STRUCT() not to fail for null object
To make deallocating partially constructed objects work, the
visit_type_STRUCT() need to succeed without doing anything when passed
a null object.

Commit cdd2b228b9 "qapi: Smooth visitor error checking in generated
code" broke that.  To reproduce, run tests/test-qobject-input-visitor
with AddressSanitizer:

    ==4353==ERROR: LeakSanitizer: detected memory leaks

    Direct leak of 16 byte(s) in 1 object(s) allocated from:
	#0 0x7f192d0c5d28 in __interceptor_calloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xded28)
	#1 0x7f192cd21b10 in g_malloc0 (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x51b10)
	#2 0x556725f6bbee in visit_next_list qapi/qapi-visit-core.c:86
	#3 0x556725f49e15 in visit_type_UserDefOneList tests/test-qapi-visit.c:474
	#4 0x556725f4489b in test_visitor_in_fail_struct_in_list tests/test-qobject-input-visitor.c:1086
	#5 0x7f192cd42f29  (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x72f29)

    SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).

Test case /visitor/input/fail/struct-in-list feeds a list with a bad
element to the QObject input visitor.  Visiting that element duly
fails, and aborts the visit with the list only partially constructed:
the faulty object is null.  Cleaning up the partially constructed list
visits that null object, fails, and aborts the visit before the list
node gets freed.

Fix the the generated visit_type_STRUCT() to succeed for null objects.

Fixes: cdd2b228b9
Reported-by: Li Qiang <liq3ea@163.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200716150617.4027356-1-armbru@redhat.com>
Tested-by: Li Qiang <liq3ea@gmail.com>
Reviewed-by: Li Qiang <liq3ea@gmail.com>
2020-07-21 14:38:23 +02:00
Stefan Hajnoczi
1d719ddc35 block: fix bdrv_aio_cancel() for ENOMEDIUM requests
bdrv_aio_cancel() calls aio_poll() on the AioContext for the given I/O
request until it has completed. ENOMEDIUM requests are special because
there is no BlockDriverState when the drive has no medium!

Define a .get_aio_context() function for BlkAioEmAIOCB requests so that
bdrv_aio_cancel() can find the AioContext where the completion BH is
pending. Without this function bdrv_aio_cancel() aborts on ENOMEDIUM
requests!

libFuzzer triggered the following assertion:

  cat << EOF | qemu-system-i386 -M pc-q35-5.0 \
    -nographic -monitor none -serial none \
    -qtest stdio -trace ide\*
  outl 0xcf8 0x8000fa24
  outl 0xcfc 0xe106c000
  outl 0xcf8 0x8000fa04
  outw 0xcfc 0x7
  outl 0xcf8 0x8000fb20
  write 0x0 0x3 0x2780e7
  write 0xe106c22c 0xd 0x1130c218021130c218021130c2
  write 0xe106c218 0x15 0x110010110010110010110010110010110010110010
  EOF
  ide_exec_cmd IDE exec cmd: bus 0x56170a77a2b8; state 0x56170a77a340; cmd 0xe7
  ide_reset IDEstate 0x56170a77a340
  Aborted (core dumped)

  (gdb) bt
  #1  0x00007ffff4f93895 in abort () at /lib64/libc.so.6
  #2  0x0000555555dc6c00 in bdrv_aio_cancel (acb=0x555556765550) at block/io.c:2745
  #3  0x0000555555dac202 in blk_aio_cancel (acb=0x555556765550) at block/block-backend.c:1546
  #4  0x0000555555b1bd74 in ide_reset (s=0x555557213340) at hw/ide/core.c:1318
  #5  0x0000555555b1e3a1 in ide_bus_reset (bus=0x5555572132b8) at hw/ide/core.c:2422
  #6  0x0000555555b2aa27 in ahci_reset_port (s=0x55555720eb50, port=2) at hw/ide/ahci.c:650
  #7  0x0000555555b29fd7 in ahci_port_write (s=0x55555720eb50, port=2, offset=44, val=16) at hw/ide/ahci.c:360
  #8  0x0000555555b2a564 in ahci_mem_write (opaque=0x55555720eb50, addr=556, val=16, size=1) at hw/ide/ahci.c:513
  #9  0x000055555598415b in memory_region_write_accessor (mr=0x55555720eb80, addr=556, value=0x7fffffffb838, size=1, shift=0, mask=255, attrs=...) at softmmu/memory.c:483

Looking at bdrv_aio_cancel:

2728 /* async I/Os */
2729
2730 void bdrv_aio_cancel(BlockAIOCB *acb)
2731 {
2732     qemu_aio_ref(acb);
2733     bdrv_aio_cancel_async(acb);
2734     while (acb->refcnt > 1) {
2735         if (acb->aiocb_info->get_aio_context) {
2736             aio_poll(acb->aiocb_info->get_aio_context(acb), true);
2737         } else if (acb->bs) {
2738             /* qemu_aio_ref and qemu_aio_unref are not thread-safe, so
2739              * assert that we're not using an I/O thread.  Thread-safe
2740              * code should use bdrv_aio_cancel_async exclusively.
2741              */
2742             assert(bdrv_get_aio_context(acb->bs) == qemu_get_aio_context());
2743             aio_poll(bdrv_get_aio_context(acb->bs), true);
2744         } else {
2745             abort();     <===============
2746         }
2747     }
2748     qemu_aio_unref(acb);
2749 }

Fixes: 02c50efe08 ("block: Add bdrv_aio_cancel_async")
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Buglink: https://bugs.launchpad.net/qemu/+bug/1878255
Originally-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20200720100141.129739-1-stefanha@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-07-21 12:00:38 +02:00
Peter Maydell
90218a9a39 * Fix memory leak in fuzzer
* Fuzzer documentation updates
 * Some other minor fuzzer updates
 * Fix "make check-qtest SPEED=slow" (bug in msf2 instance_init)
 -----BEGIN PGP SIGNATURE-----
 
 iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAl8Wj6oRHHRodXRoQHJl
 ZGhhdC5jb20ACgkQLtnXdP5wLbWHSA//QBjJ3mLlFXTyKzgloDCRi8Y7f3TtpGNo
 A1oyub/TIpUFif7/57nOD3XYwwYwaAhxY19cgQsEwXFXOxWEhkLg2QMaLimop31K
 mKwoXrJiuzrpVWcDZLdLpxCUQbljo2pT7QJDnPLAA14c6/32Frxoh2BO8B/RyFeq
 mReSVpwL0lfmdxVZpHk/61fluVikT0NJEBaDXf1zcNt09ejPR6hC423aqc9Dzt5t
 IyacpGUDIS4miY2VM4FZm9MnSTTqMjuKEUKFS+VtdEuEzxqiM2+uqikfHIDjIpQz
 JBOzI0b9PTXO3WGfN2ZDPmgiCCh68EMX2lM4RlrqMcCagW6KLyBvANfMnblyZFHK
 Ufz8vjp542o9j145y9wOyMJ0DQR9njaWbR+v+BeJ6T25Qb8XZgEv18H4M73yJdRa
 jTcd78punfpJf1vSVP7S1JiRlgh7EPLjJZF48Nk7kDtxl/zc8QG221p/Rm8QtGTq
 gPZdZocbVj/rv8qVEzSRpDRb2MdSYt5acTzXS/DGb0fhr2KEf5zr6snBY9V+G8un
 sH2OpVgJiBwyuNqg+3D3SjH4aWK83RL6WvPPaUfEdW8sATow0yXRwQhKKvnGUl2L
 bH9YAvInJgmvxr1tZcQOji12QfM4ZYMrMhKbblVlyh2V4IyhhXIXfvauuyUSLt6A
 Kw0Su8gq2Ic=
 =xq1/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2020-07-21' into staging

* Fix memory leak in fuzzer
* Fuzzer documentation updates
* Some other minor fuzzer updates
* Fix "make check-qtest SPEED=slow" (bug in msf2 instance_init)

# gpg: Signature made Tue 21 Jul 2020 07:48:10 BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/huth-gitlab/tags/pull-request-2020-07-21:
  hw: Mark nd_table[] misuse in realize methods FIXME
  msf2: Unbreak device-list-properties for "msf-soc"
  MAINTAINERS: Extend the device fuzzing section
  docs/fuzz: add instructions for generating a coverage report
  docs/fuzz: add information about useful libFuzzer flags
  docs/fuzz: describe building fuzzers with enable-sanitizers
  fuzz: build without AddressSanitizer, by default
  gitlab-ci.yml: Add oss-fuzz build tests
  fuzz: Fix leak when assembling datadir path string
  scripts/oss-fuzz: Limit target list to i386-softmmu

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-21 10:24:38 +01:00
Gerd Hoffmann
d87350b065 module: ignore NULL type
Just return in case module_load_qom_one(NULL) is called.
vga_interface_available() can do that.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200720100352.2477-3-kraxel@redhat.com>
2020-07-21 10:56:51 +02:00
Gerd Hoffmann
d97df4b84b qxl: fix modular builds with dtrace
Checking the enable/disable state of tracepoints via
trace_event_get_state_backends() does not work for modules.

qxl checks the state for a small optimization (avoid g_strndup
call in case log_buf will not be used anyway), so we can just
drop that check for modular builds.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20200720100352.2477-2-kraxel@redhat.com>
2020-07-21 10:56:47 +02:00
Laurent Vivier
8e67fda2dd xhci: fix valid.max_access_size to access address registers
QEMU XHCI advertises AC64 (64-bit addressing) but doesn't allow
64-bit mode access in "runtime" and "operational" MemoryRegionOps.

Set the max_access_size based on sizeof(dma_addr_t) as AC64 is set.

XHCI specs:
"If the xHC supports 64-bit addressing (AC64 = ‘1’), then software
should write 64-bit registers using only Qword accesses.  If a
system is incapable of issuing Qword accesses, then writes to the
64-bit address fields shall be performed using 2 Dword accesses;
low Dword-first, high-Dword second.  If the xHC supports 32-bit
addressing (AC64 = ‘0’), then the high Dword of registers containing
64-bit address fields are unused and software should write addresses
using only Dword accesses"

The problem has been detected with SLOF, as linux kernel always accesses
registers using 32-bit access even if AC64 is set and revealed by
5d971f9e67 ("memory: Revert "memory: accept mismatching sizes in memory_region_access_valid"")

Suggested-by: Alexey Kardashevskiy <aik@au1.ibm.com>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-id: 20200721083322.90651-1-lvivier@redhat.com
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2020-07-21 10:56:38 +02:00
Maxim Levitsky
0fca43de1b qemu-iotests: add testcase for bz #1857490
Test that we can't write-share raw luks images by default,
but we still can with share-rw=on

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20200719122059.59843-3-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-07-21 10:49:02 +02:00
Maxim Levitsky
662d0c5392 block/crypto: disallow write sharing by default
My commit 'block/crypto: implement the encryption key management'
accidently allowed raw luks images to be shared between different
qemu processes without share-rw=on explicit override.
Fix that.

Fixes: bbfdae91fb ("block/crypto: implement the encryption key management")
Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=1857490

Signed-off-by: Maxim Levitsky <mlevitsk@redhat.com>
Message-Id: <20200719122059.59843-2-mlevitsk@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-07-21 10:49:02 +02:00
Markus Armbruster
7ad36e2e24 hw: Mark nd_table[] misuse in realize methods FIXME
nd_table[] contains NIC configuration for boards to pick up.  Device
code has no business looking there.  Several devices do it anyway.
Two of them already have a suitable FIXME comment: "allwinner-a10" and
"msf2-soc".  Copy it to the others: "allwinner-h3", "xlnx-versal",
"xlnx,zynqmp", "sparc32-ledma", "riscv.sifive.u.soc".

Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200715140440.3540942-3-armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Niek Linnenbank <nieklinnenbank@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 08:41:15 +02:00
Markus Armbruster
2b0650205b msf2: Unbreak device-list-properties for "msf-soc"
Watch this:

    $ qemu-system-aarch64 -M ast2600-evb -S -display none -qmp stdio
    {"QMP": {"version": {"qemu": {"micro": 50, "minor": 0, "major": 5}, "package": "v5.0.0-2464-g3a9163af4e"}, "capabilities": ["oob"]}}
    {"execute": "qmp_capabilities"}
    {"return": {}}
    {"execute": "device-list-properties", "arguments": {"typename": "msf2-soc"}}
    Unsupported NIC model: ftgmac100
    armbru@dusky:~/work/images$ echo $?
    1

This is what breaks "make check SPEED=slow".

Root cause is m2sxxx_soc_initfn()'s messing with nd_table[] via
qemu_check_nic_model().  That's wrong.

We fixed the exact same bug for device "allwinner-a10" in commit
8aabc5437b "hw/arm/allwinner-a10: Do not use nd_table in instance_init
function".  Fix this instance the same way: move the offending code to
m2sxxx_soc_realize(), where it's less wrong, and add a FIXME comment.

Fixes: 05b7374a58 ("msf2: Add EMAC block to SmartFusion2 SoC")
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20200715140440.3540942-2-armbru@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 08:40:54 +02:00
Thomas Huth
6184e5fb42 MAINTAINERS: Extend the device fuzzing section
The file docs/devel/fuzzing.txt should be in this section, too, and add
myself as a reviewer (since I often take the fuzzer patches through the
qtest-next tree, I should be notified on patches, too).

Message-Id: <20200721053926.17197-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 08:40:42 +02:00
Alexander Bulekov
09a14f586c docs/fuzz: add instructions for generating a coverage report
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-5-alxndr@bu.edu>
[thuth: Replaced --enable-sanitizers with --enable-fuzzing]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 07:29:18 +02:00
Alexander Bulekov
19a91e4af8 docs/fuzz: add information about useful libFuzzer flags
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-4-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 07:27:28 +02:00
Alexander Bulekov
ee16da12d7 docs/fuzz: describe building fuzzers with enable-sanitizers
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-3-alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 07:27:28 +02:00
Alexander Bulekov
dd0162653c fuzz: build without AddressSanitizer, by default
We already have a nice --enable-sanitizers option to enable
AddressSanitizer. There is no reason to duplicate and force this
functionality in --enable-fuzzing. In the future, if more sanitizers are
added to --enable-sanitizers, it might be impossible to build with both
--enable-sanitizers and --enable-fuzzing, since not all sanitizers are
compatible with libFuzzer. In that case, we could enable ASAN with
--extra-cflags="-fsanitize=address"

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200706195534.14962-2-alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
[thuth: Added missing $CFLAGS]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 07:27:06 +02:00
Alexander Bulekov
48eac10197 gitlab-ci.yml: Add oss-fuzz build tests
This tries to build and run the fuzzers with the same build-script used
by oss-fuzz. This doesn't guarantee that the builds on oss-fuzz will
also succeed, since oss-fuzz provides its own compiler and fuzzer vars,
but it can catch changes that are not compatible with the the
./scripts/oss-fuzz/build.sh script.
The strange way of finding fuzzer binaries stems from the method used by
oss-fuzz:
https://github.com/google/oss-fuzz/blob/master/infra/base-images/base-runner/targets_list

Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200720073223.22945-1-thuth@redhat.com>
[thuth: Tweak the "script" to make it work, exclude slirp test, etc.]
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 07:21:54 +02:00
Alexander Bulekov
bcbad8b05c fuzz: Fix leak when assembling datadir path string
We freed the string containing the final datadir path, but did not free
the path to the executable's directory that we get from
g_path_get_dirname(). Fix that.

Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20200717163523.1591-1-alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 07:21:54 +02:00
Thomas Huth
7cee363bc2 scripts/oss-fuzz: Limit target list to i386-softmmu
The build.sh script only copies qemu-fuzz-i386 to the destination folder,
so we can speed up the compilation step quite a bit by not compiling the
other targets here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-07-21 07:21:54 +02:00
Peter Maydell
af3d69058e target-arm queue:
* virt: Don't enable MTE emulation by default
  * virt: Diagnose attempts to use MTE with memory-hotplug or KVM
    (rather than silently not working correctly)
  * util: Implement qemu_get_thread_id() for OpenBSD
  * qdev: Add doc comments for qdev_unrealize and GPIO functions,
    and standardize on doc-comments-in-header-file
  * hw/arm/armsse: Assert info->num_cpus is in-bounds in armsse_realize()
  * docs/system: Document canon-a1100, collie, gumstix, virt boards
 -----BEGIN PGP SIGNATURE-----
 
 iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAl8VlEgZHHBldGVyLm1h
 eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3u4dD/9YxtaKEbpQRk1FeZJPZwxO
 /UL/B91nKrKUiJ+1ep4vfotx02UF90k0U95nm/bMGof/Yb6BAYs3hHIK7YlVutcM
 +E2PGptcZn1MIuzvI/kxEWuzm0Z2oIqpqlpvC+poXhlCoIytUSFVF3jDMkJrQgUs
 aN/i8owTSI/VvkHpxz0DB5ELof6fME1zO7YuXSBV6aupmeVj8iVVLSuOOZznyg4/
 7Lx+J/0YP3jdmTYNF4nx/g4UTr67049PTjsZ9VjInX3qdU1XNfyQglukm/DwWPEb
 7+l7KphPfviLsQaKeRvpEdn1+XnydQgKRf/gjdf8AMKYzAokCjTGOaXihtNcmbMz
 lCQEZrm4eZqV5eQq9zaguorwBB/+WmCGSE8FXDo+MDmAIzY8qQxqIfN1gaCl9a2f
 xiObgjj+CAqsoylHdtTlrctGkG0rWH28ZV8h6qf1w3ol4D/Zzx/T1e46M96UNJYR
 lsZb+BGlkSD7MJLiNOy/XIWXrEzXV2gqtvNCCPnHHkLFG1yGxYnqo/WvIteAD8zI
 dh8gycxF40l/0Sqd8vR0yJQ0VJio7Cn4ZU+vl7eN3SNgqH9YxxRx+urCZ2C81e9y
 gWFJv5XUSCjw/cJUAjgSRQKfJw0FUmGRAxs4zna154PO+J1I52cXV2r5qNThPxPB
 zvLyJTDI34cnK7EcqSBXfg==
 =yuLi
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20200720' into staging

target-arm queue:
 * virt: Don't enable MTE emulation by default
 * virt: Diagnose attempts to use MTE with memory-hotplug or KVM
   (rather than silently not working correctly)
 * util: Implement qemu_get_thread_id() for OpenBSD
 * qdev: Add doc comments for qdev_unrealize and GPIO functions,
   and standardize on doc-comments-in-header-file
 * hw/arm/armsse: Assert info->num_cpus is in-bounds in armsse_realize()
 * docs/system: Document canon-a1100, collie, gumstix, virt boards

# gpg: Signature made Mon 20 Jul 2020 13:55:36 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20200720:
  docs/system: Document the arm virt board
  docs/system: Briefly document gumstix boards
  docs/system: Briefly document collie board
  docs/system: Briefly document canon-a1100 board
  hw/arm/armsse: Assert info->num_cpus is in-bounds in armsse_realize()
  qdev: Document GPIO related functions
  qdev: Document qdev_unrealize()
  qdev: Move doc comments from qdev.c to qdev-core.h
  util: Implement qemu_get_thread_id() for OpenBSD
  hw/arm/virt: Disable memory hotplug when MTE is enabled
  hw/arm/virt: Error for MTE enabled with KVM
  hw/arm/virt: Enable MTE via a machine property

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-20 15:58:07 +01:00
Peter Maydell
6a0b7505f1 docs/system: Document the arm virt board
Document the arm 'virt' board, which has been undocumented
for far too long given that it is the main recommended board
type for arm guests.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200713175746.5936-5-peter.maydell@linaro.org
2020-07-20 11:35:17 +01:00
Peter Maydell
bb309000c8 docs/system: Briefly document gumstix boards
Add skeletal documentation of the gumstix boards
('connex' and 'verdex').

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200713175746.5936-4-peter.maydell@linaro.org
2020-07-20 11:35:17 +01:00
Peter Maydell
b76b60f59b docs/system: Briefly document collie board
Add skeletal documentation of the collie board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200713175746.5936-3-peter.maydell@linaro.org
2020-07-20 11:35:17 +01:00
Peter Maydell
2d21dd17c5 docs/system: Briefly document canon-a1100 board
Add skeletal documentation of the canon-a1100 board.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-id: 20200713175746.5936-2-peter.maydell@linaro.org
2020-07-20 11:35:17 +01:00
Peter Maydell
3f410039b7 hw/arm/armsse: Assert info->num_cpus is in-bounds in armsse_realize()
In armsse_realize() we have a loop over [0, info->num_cpus), which
indexes into various fixed-size arrays in the ARMSSE struct.  This
confuses Coverity, which warns that we might overrun those arrays
(CID 1430326, 1430337, 1430371, 1430414, 1430430).  This can't
actually happen, because the info struct is always one of the entries
in the armsse_variants[] array and num_cpus is either 1 or 2; we also
already assert in armsse_init() that num_cpus is not too large.
However, adding an assert to armsse_realize() like the one in
armsse_init() should help Coverity figure out that these code paths
aren't possible.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20200713143716.9881-1-peter.maydell@linaro.org
2020-07-20 11:35:17 +01:00
Peter Maydell
cd07d7f9f5 qdev: Document GPIO related functions
Add documentation comments for the various qdev functions
related to creating and connecting GPIO lines.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200711142425.16283-4-peter.maydell@linaro.org
2020-07-20 11:35:17 +01:00
Peter Maydell
46ea1be1ee qdev: Document qdev_unrealize()
Add a doc comment for qdev_unrealize(), to go with the new
documentation for the realize part of the qdev lifecycle.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200711142425.16283-3-peter.maydell@linaro.org
2020-07-20 11:35:17 +01:00
Peter Maydell
b51238e251 qdev: Move doc comments from qdev.c to qdev-core.h
The doc-comments which document the qdev API are split between the
header file and the C source files, because as a project we haven't
been consistent about where we put them.

Move all the doc-comments in qdev.c to the header files, so that
users of the APIs don't have to look at the implementation files for
this information.

In the process, unify them into our doc-comment format and expand on
them in some cases to clarify expected use cases.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200711142425.16283-2-peter.maydell@linaro.org
2020-07-20 11:35:17 +01:00
David CARLIER
8edbca515c util: Implement qemu_get_thread_id() for OpenBSD
Implement qemu_get_thread_id() for OpenBSD hosts, using
getthrid().

Signed-off-by: David Carlier <devnexen@gmail.com>
Reviewed-by: Brad Smith <brad@comstyle.com>
Message-id: CA+XhMqxD6gQDBaj8tX0CMEj3si7qYKsM8u1km47e_-U7MC37Pg@mail.gmail.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: tidied up commit message]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-20 11:35:17 +01:00
Richard Henderson
19bd6aafbd hw/arm/virt: Disable memory hotplug when MTE is enabled
When MTE is enabled, tag memory must exist for all RAM.

It might be possible to simultaneously hot plug tag memory
alongside the corresponding normal memory, but for now just
disable hotplug.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200713213341.590275-4-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-20 11:35:17 +01:00
Richard Henderson
7f6185ed9c hw/arm/virt: Error for MTE enabled with KVM
While we expect KVM to support MTE at some future point,
it certainly won't be ready in time for qemu 5.1.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200713213341.590275-3-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-20 11:35:17 +01:00
Richard Henderson
6f4e1405b9 hw/arm/virt: Enable MTE via a machine property
Control this cpu feature via a machine property, much as we do
with secure=on, since both require specialized support in the
machine setup to be functional.

Default MTE to off, since this feature implies extra overhead.

Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-id: 20200713213341.590275-2-richard.henderson@linaro.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-20 11:35:15 +01:00
Peter Maydell
1e6c50ad85 ppc patch queue 20200720
Here are some assorted fixes for qemu-5.1:
  * SLOF update with improved TPM handling, and fix for possible stack
    overflows on many-vcpu machines
  * Fix for NUMA distances on NVLink2 attached GPU memory nodes
  * Fixes to fail more gracefully on attempting to plug unsupported PCI bridge types
  * Don't allow pnv-psi device to be user created
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEEdfRlhq5hpmzETofcbDjKyiDZs5IFAl8VK7EACgkQbDjKyiDZ
 s5K7HxAAjFAzlKD7AiF7u0TbuvBFx3J3zxIcCnd3W0ViBiZ4FOybjf7/q8R8Wu94
 MrNv/15fZLbS6rcUCERFnEr+TpFgZ/mUn0JuoJWI0AUrI+FtUaCj9kznjwfzU0jN
 gU75F6R5q1GzS8ENHZWm1xWHVTk3OBj1eWQu8ialx9Kx4TMc9hTdgIYhQoB6+WD3
 nyIR6FUlMutYvPcODJS/HHLLT9Nc3w0zQAOYz7B+OgBKWkM61H3L17ITg9eo9YDz
 /xPz+41DqYC1FsTcTB91572lbePCURScJc2xE8GvuGMwNmdDoTMq+EALCLlTawIJ
 68w6e+y4uymnDwSGRn0j3Wopc6iggEbeIukgO1GZLUwyACOLWXtwGh3SOxEcmsYH
 CiUgBkZ0k07lyXAlMmpIwrc90qPXh7Ox4m24DsH+A0eSNPUtuWOht4dLrHbuAkkf
 5KMhTBWMOnLxUilrp+U3Xsuo5BUQVAy6eBI1sCYaLHTJIFoBg0G0g7xg7q/23nnc
 DX0RtZgjJdlFjfbzFzetSJYzd8Xf5P9Giqx0XZ+w6vpPTXBsDA57MqpICXiEQGSk
 OeVp51dWrWL1FIRoEL1O7YZBu57Oi1hpl1JVG3bxCKa+lxiVw6ZLXGL9m8otOc1/
 iSr3WpTI9wOo5Ele3lkl0NQjNeGnJ401UpmGCkEclp2zmMdCGrU=
 =CYAQ
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/dgibson/tags/ppc-for-5.1-20200720' into staging

ppc patch queue 20200720

Here are some assorted fixes for qemu-5.1:
 * SLOF update with improved TPM handling, and fix for possible stack
   overflows on many-vcpu machines
 * Fix for NUMA distances on NVLink2 attached GPU memory nodes
 * Fixes to fail more gracefully on attempting to plug unsupported PCI bridge types
 * Don't allow pnv-psi device to be user created

# gpg: Signature made Mon 20 Jul 2020 06:29:21 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dgibson/tags/ppc-for-5.1-20200720:
  pseries: Update SLOF firmware image
  spapr: Add a new level of NUMA for GPUs
  spapr_pci: Robustify support of PCI bridges
  ppc/pnv: Make PSI device types not user creatable

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-20 11:34:10 +01:00
Peter Maydell
873ec69aeb Minor changes to:
Add an SMBus config entry
 
 Cleanup/simplify/document some I2C interfaces
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE/Q1c5nzg9ZpmiCaGYfOMkJGb/4EFAl8Qko8ACgkQYfOMkJGb
 /4FZTw//bMJWaXncOCYGJS8k4mCAgE7Bbo7tz2AkIqE59ty6kQ0fjDX/olMa9bLi
 mxFEEPw1mO2A65A6najWMjhxJnuNa+a66xWpQQRfuWXTXO4zM7I8QxC6pnYjCXrN
 iYPfv6IS5TQMsKrRP3kvXueW3jkpYYyUocww9CF/CoB1YiNhVpx/p7Ov4nwdBV+6
 GU7EBenu+X0a4mk5mX7DZJ7IPvIXUSa8HTfhpiV3doAe+31W2c839+u6ZcuN6JQ5
 Vxdg5ApWasoMdEyaFvWowx2cKMZK/TYNRLJcKtxHgS5ZpfXr+lwMe3Hiv++QJw6a
 aedaZl1eYklHcY6qOD9JFlbSOx6y4pJUi2NB4SXHtji7tcTgErygRVf8PukyXuU3
 laKsavBmM0Lc/w4BbyUP+L+a/YTY+vv8WHi+bOQH06HohQpZGrycf7iPL3MwYmdG
 oCf8uls5MPdPL1N6wNcGbd1F921IVd5mnNwuSfAau5ocgyUjHMuxlXradeFuJfY4
 ihIp49i3dS+f01txeM+zPIMAxImM+tpuH02nzDK9isztCZIo34P4iNMYTB0v4e4L
 ESRqohhyC55Tg6vudJBpjJLK/trz7TpyZnEOnCo5pwHvbnFyWOZY0F8Pj1LTfDMf
 sD+Nvm9yk6bNIvmRHBCvCiWX2D/Y6OC5vZdVNt+kqpSkUavxMGE=
 =SsWF
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cminyard/tags/for-qemu-i2c-5' into staging

Minor changes to:

Add an SMBus config entry

Cleanup/simplify/document some I2C interfaces

# gpg: Signature made Thu 16 Jul 2020 18:46:55 BST
# gpg:                using RSA key FD0D5CE67CE0F59A6688268661F38C90919BFF81
# gpg: Good signature from "Corey Minyard <cminyard@mvista.com>" [unknown]
# gpg:                 aka "Corey Minyard <minyard@acm.org>" [unknown]
# gpg:                 aka "Corey Minyard <corey@minyard.net>" [unknown]
# gpg:                 aka "Corey Minyard <minyard@mvista.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FD0D 5CE6 7CE0 F59A 6688  2686 61F3 8C90 919B FF81

* remotes/cminyard/tags/for-qemu-i2c-5:
  hw/i2c: Document the I2C qdev helpers
  hw/i2c: Rename i2c_create_slave() as i2c_slave_create_simple()
  hw/i2c: Rename i2c_realize_and_unref() as i2c_slave_realize_and_unref()
  hw/i2c: Rename i2c_try_create_slave() as i2c_slave_new()
  hw/i2c/aspeed_i2c: Simplify aspeed_i2c_get_bus()
  hw/i2c/Kconfig: Add an entry for the SMBus

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-20 11:03:09 +01:00