Commit Graph

70928 Commits

Author SHA1 Message Date
Jiri Slaby
d4b976c0a8 target/i386: sev: fix failed message typos
In these multiline messages, there were typos. Fix them -- add a missing
space and remove a superfluous apostrophe.

Inspired by Tom's patch.

Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <rth@twiddle.net>
Cc: Eduardo Habkost <ehabkost@redhat.com>
Cc: qemu-trivial@nongnu.org
Cc: Brijesh Singh <brijesh.singh@amd.com>
Cc: Tom Lendacky <thomas.lendacky@amd.com>
Message-Id: <20190719104118.17735-1-jslaby@suse.cz>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 23:45:28 +02:00
Denis V. Lunev
2924ab02c2 i386: indicate that 'pconfig' feature was removed intentionally
pconfig feature was added in 5131dc433d and removed in 712f807e19.
This patch mark this feature as known to QEMU and removed by
intentinally. This follows the convention of 9ccb9784b5 and f1a23522b0
dealing with 'osxsave' and 'ospke'.

Signed-off-by: Denis V. Lunev <den@openvz.org>
CC: Paolo Bonzini <pbonzini@redhat.com>
CC: Richard Henderson <rth@twiddle.net>
CC: Eduardo Habkost <ehabkost@redhat.com>
Message-Id: <20190719111222.14943-1-den@openvz.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 23:45:28 +02:00
Eric Blake
5cf42b1c1f nbd: Initialize reply on failure
We've had two separate reports of different callers running into use
of uninitialized data if s->quit is set (one detected by gcc -O3,
another by valgrind), due to checking 'nbd_reply_is_simple(reply) ||
s->quit' in the wrong order. Rather than chasing down which callers
need to pre-initialize reply, and whether there are any other
uninitialized uses, it's easier to guarantee that reply will always be
set by nbd_co_receive_one_chunk() even on failure.

The uninitialized use happens to be harmless (the only time the
variable is uninitialized is if s->quit is set, so the conditional
results in the same action regardless of what was read from reply),
and was introduced in commit 65e01d47.

In fixing the problem, it can also be seen that all (one) callers pass
in a non-NULL reply, so there is a dead conditional to also be cleaned
up.

Reported-by: Thomas Huth <thuth@redhat.com>
Reported-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-Id: <20190719172001.19770-1-eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-07-19 13:19:18 -05:00
Marc-André Lureau
21e709aa07 build-sys: do no support modules on Windows
Our module system does not support Windows, because it relies on
resolving symbols from the main executable.

If there is enough interest in supporting modules on Windows, we could
generate an import library for the executable and link with it:
https://stackoverflow.com/questions/15454968/dll-plugin-that-uses-functions-defined-in-the-main-executable

However, there is a small chicken egg problem, since the executable
link and exports extra symbols needed by the library...

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20190718120413.27678-1-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 19:05:05 +02:00
Nicholas Piggin
3bf5de5240 qmp: don't emit the RESET event on wakeup
Commit 1405819637 ("qmp: don't emit the RESET event on wakeup from
S3") changed system wakeup to avoid calling qapi_event_send_reset.
Commit 76ed4b18de ("s390/ipl: fix ipl with -no-reboot") appears to
have inadvertently broken that logic.

Acked-by: Cornelia Huck <cohuck@redhat.com>
Signed-off-by: Nicholas Piggin <npiggin@gmail.com>
Message-Id: <20190718103951.10027-2-npiggin@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 19:04:59 +02:00
Alexey Kardashevskiy
8072aae377 hmp: Print if memory section is registered with an accelerator
This adds an accelerator name to the "into mtree -f" to tell the user if
a particular memory section is registered with the accelerator;
the primary user for this is KVM and such information is useful
for debugging purposes.

This adds a has_memory() callback to the accelerator class allowing any
accelerator to have a label in that memory tree dump.

Since memory sections are passed to memory listeners and get registered
in accelerators (rather than memory regions), this only prints new labels
for flatviews attached to the system address space.

An example:
 Root memory region: system
  0000000000000000-0000002fffffffff (prio 0, ram): /objects/mem0 kvm
  0000003000000000-0000005fffffffff (prio 0, ram): /objects/mem1 kvm
  0000200000000020-000020000000003f (prio 1, i/o): virtio-pci
  0000200080000000-000020008000003f (prio 0, i/o): capabilities

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20190614015237.82463-1-aik@ozlabs.ru>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 19:04:49 +02:00
Wei Yang
2f950b1e44 test-bitmap: add test for bitmap_set
Add a test for bitmap_set. There are three cases:

  * Both start and end is BITS_PER_LONG aligned
  * Only start is BITS_PER_LONG aligned
  * Only end is BITS_PER_LONG aligned

Signed-off-by: Wei Yang <richardw.yang@linux.intel.com>
Message-Id: <20190718010456.4234-3-richardw.yang@linux.intel.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 19:04:49 +02:00
Shin'ichiro Kawasaki
1849f297f5 scsi-generic: Check sense key before request snooping and patching
When READ CAPACITY command completes, scsi_read_complete() function
snoops the command result and updates SCSIDevice members blocksize and
max_lba . However, this update is executed even when READ CAPACITY
command indicates an error in sense data. This causes unexpected
blocksize update with zero value for SCSI devices without
READ CAPACITY(10) command support and eventually results in a divide
by zero. An emulated device by TCMU-runner is an example of a device
that doesn't support READ CAPACITY(10) command.

To avoid the unexpected update, add sense key check in
scsi_read_complete() function. The function already checks the sense key
for VPD Block Limits emulation. Do the scsi_parse_sense_buf() call for
all requests rather than just for VPD Block Limits emulation, so that
blocksize and max_lba are only updated if READ CAPACITY returns zero
sense key.

Signed-off-by: Shin'ichiro Kawasaki <shinichiro.kawasaki@wdc.com>
[Extend the check to all requests, not just READ CAPACITY]
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 19:04:49 +02:00
Xie Yongji
68fa7ca015 vhost-user-scsi: Call virtio_scsi_common_unrealize() when device realize failed
This avoids memory leak when device hotplug is failed.

Signed-off-by: Xie Yongji <xieyongji@baidu.com>
Message-Id: <20190717004606.12444-2-xieyongji@baidu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 19:04:49 +02:00
Xie Yongji
934443c37b vhost-scsi: Call virtio_scsi_common_unrealize() when device realize failed
This avoids memory leak when device hotplug is failed.

Signed-off-by: Xie Yongji <xieyongji@baidu.com>
Message-Id: <20190717004606.12444-1-xieyongji@baidu.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 19:04:49 +02:00
Paolo Bonzini
12e1dc4939 virtio-scsi: remove unused argument to virtio_scsi_common_realize
The argument is not used and passing it clutters error propagation in the
callers.  So, get rid of it.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 19:04:38 +02:00
Paolo Bonzini
1e44f3ab71 target/i386: skip KVM_GET/SET_NESTED_STATE if VMX disabled, or for SVM
Do not allocate env->nested_state unless we later need to migrate the
nested virtualization state.

With this change, nested_state_needed() will return false if the
VMX flag is not included in the virtual machine.  KVM_GET/SET_NESTED_STATE
is also disabled for SVM which is safer (we know that at least the NPT
root and paging mode have to be saved/loaded), and thus the corresponding
subsection can go away as well.

Inspired by a patch from Liran Alon.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 18:02:22 +02:00
Liran Alon
79a197ab18 target/i386: kvm: Demand nested migration kernel capabilities only when vCPU may have enabled VMX
Previous to this change, a vCPU exposed with VMX running on a kernel
without KVM_CAP_NESTED_STATE or KVM_CAP_EXCEPTION_PAYLOAD resulted in
adding a migration blocker. This was because when the code was written
it was thought there is no way to reliably know if a vCPU is utilising
VMX or not at runtime. However, it turns out that this can be known to
some extent:

In order for a vCPU to enter VMX operation it must have CR4.VMXE set.
Since it was set, CR4.VMXE must remain set as long as the vCPU is in
VMX operation. This is because CR4.VMXE is one of the bits set
in MSR_IA32_VMX_CR4_FIXED1.
There is one exception to the above statement when vCPU enters SMM mode.
When a vCPU enters SMM mode, it temporarily exits VMX operation and
may also reset CR4.VMXE during execution in SMM mode.
When the vCPU exits SMM mode, vCPU state is restored to be in VMX operation
and CR4.VMXE is restored to its original state of being set.
Therefore, when the vCPU is not in SMM mode, we can infer whether
VMX is being used by examining CR4.VMXE. Otherwise, we cannot
know for certain but assume the worse that vCPU may utilise VMX.

Summaring all the above, a vCPU may have enabled VMX in case
CR4.VMXE is set or vCPU is in SMM mode.

Therefore, remove migration blocker and check before migration
(cpu_pre_save()) if the vCPU may have enabled VMX. If true, only then
require relevant kernel capabilities.

While at it, demand KVM_CAP_EXCEPTION_PAYLOAD only when the vCPU is in
guest-mode and there is a pending/injected exception. Otherwise, this
kernel capability is not required for proper migration.

Reviewed-by: Joao Martins <joao.m.martins@oracle.com>
Signed-off-by: Liran Alon <liran.alon@oracle.com>
Reviewed-by: Maran Wilson <maran.wilson@oracle.com>
Tested-by: Maran Wilson <maran.wilson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2019-07-19 18:01:47 +02:00
Peter Maydell
4a10982c32 Block layer patches:
- block: Fix forbidden use of polling in drained_end
 - block: Don't wait for I/O throttling while exiting QEMU
 - iotests: Use read-zeroes for the null driver to be Valgrind-friendly
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdMcXmAAoJEH8JsnLIjy/WD4MP/iQuIpHIxLy5YzOiOXEo+Ofj
 Zw9qVndHn8/6J8gEZUbjblS94OKmlNWdCsSMApg8GWmgaGwZyHX59jDhqe+ZcFnq
 l6J8Qu+MW4b+UEk8JaAH5Y0Q1ZMwEmJOoUha587cgMB6aatGEUfeuN5mE3DGMHAF
 BAYDPl4W0Gd/na/cEcLTX8wio7+nQZooUW0htPuOOwdtU1aUMo8KFTXjMfnAKbDI
 3Vje+mtt1ica1PCyEdud7mwkQcvOpsKNdDPKwMhpZY4BQ8xnAK5xhmd2XOyK8YoN
 Pkc0inyltqWwv9OhRp4CBxWorZJtULhKhwdYLZtCuAdujSACseZQDr+3ZxASCjkU
 auKQAwViBLB4e2bVsm/4xYNmAQug8RYixGjyiAxjb8YUfikQbsJnNYG64Yvs6uKJ
 miMKkjtNtcpkugKTY7gJI0uPO4Hyv9sSv/VRkxJIq5zq0avmUClA23MgbtteWHf6
 K1TW1pfVrBNOIsrTjtjH9YdZemJcEl2ecP/cYGZTnDW4ZQ8q1bbex4vuL1ssNhZX
 T3+yq0fIqtXvNHODmUeSkPRMValGiJA7+R31z4im0qefrB7zRJzuqz+RztiYBZn7
 bJKOFDySCkqmPHxwM4ZNn8+qXK5S6DCzpRKmc5b48yNRTf5ge4d12kNjhwOttgiJ
 KxgWkLWxjRwpRnVawXGZ
 =4ELS
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into staging

Block layer patches:

- block: Fix forbidden use of polling in drained_end
- block: Don't wait for I/O throttling while exiting QEMU
- iotests: Use read-zeroes for the null driver to be Valgrind-friendly

# gpg: Signature made Fri 19 Jul 2019 14:30:14 BST
# gpg:                using RSA key 7F09B272C88F2FD6
# gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full]
# Primary key fingerprint: DC3D EB15 9A9A F95D 3D74  56FE 7F09 B272 C88F 2FD6

* remotes/kevin/tags/for-upstream:
  iotests: Test quitting with job on throttled node
  vl: Drain before (block) job cancel when quitting
  iotests: Test commit with a filter on the chain
  iotests: Add @has_quit to vm.shutdown()
  block: Loop unsafely in bdrv*drained_end()
  tests: Extend commit by drained_end test
  block: Do not poll in bdrv_do_drained_end()
  tests: Lock AioContexts in test-block-iothread
  block: Make bdrv_parent_drained_[^_]*() static
  block: Add @drained_end_counter
  tests: Add job commit by drained_end test
  block: Introduce BdrvChild.parent_quiesce_counter
  iotests: Set read-zeroes on in null block driver for Valgrind

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-19 14:59:13 +01:00
Peter Maydell
e2b47666fe Merge misc fixes
A collection of patches I have fixing crypto code and other pieces
 without an assigned maintainer
 
  * Fixes crypto function signatures to be compatible with
    both old and new versions of nettle
  * Fixes deprecation warnings on new nettle
  * Fixes GPL license header typos
  * Documents security implications of monitor usage
  * Optimize linking of capstone to avoid it in tools
 -----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAl0xxJUACgkQvobrtBUQ
 T98e/g/+MG0T2JUWs3RiG32frJQSogLle112Nyyoonbbf1nmJ2gBUfURR8b33eCH
 R+iS6NUoeeo7MxZ7DZDWJhAzqhJS/HwMtfBBf0JmpWZkRS9iitUAoPPMYOb+gYe/
 xEPW13AKAR2PgDBzpnIdN36x3WWo87vuA5x56qtdK7NYHWzS2GHjI4hzqI3+t9xB
 E7f3KWIHpNAXdnHlaweMu/qZ9Md+Zu4GbJQzsVGRR7PGSCKq50GEf3ssk6RFd3Hh
 dtz/oZiRlfDXwlJTaI8pW/JsvUyJtFG/iQjOiRYkvKnKxdskJki9v+fB/cv8220o
 ytGQKdFfc+E2+qFWd+OBZbExeRO2SYVKF9aLQiNeESKEL/UpVpJs1MO7FDN5CoNy
 6+PU7gVVjV40XVOLHdVza5wRwencR2fUmewE4INcFfiMqad8rbOZoCcodkfIxFpI
 UAj6js2/DfSMbrXL+7X9L2URUO1NS6YuB2OdP9E04IDTkGLdIs+3G56nZUM+E8eu
 Fhw1BMG6d4ytxF6QOtPCTJ7gwHMZWE3A64pwwMFZaDyCF++aIeVgpIvGNNSgOIVG
 tQIQ7WihDCuIgHFvd2tUSrLCVq6pDOWeiYde56AfrFJg34+GrsUlnrT38Us+aVaB
 rKC/bSO88y4Swz58PH2QvX0Sd1+yvcrk0GZEcNIRWXJUfhx/GTk=
 =iE4/
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/berrange/tags/misc-next-pull-request' into staging

Merge misc fixes

A collection of patches I have fixing crypto code and other pieces
without an assigned maintainer

 * Fixes crypto function signatures to be compatible with
   both old and new versions of nettle
 * Fixes deprecation warnings on new nettle
 * Fixes GPL license header typos
 * Documents security implications of monitor usage
 * Optimize linking of capstone to avoid it in tools

# gpg: Signature made Fri 19 Jul 2019 14:24:37 BST
# gpg:                using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg:                 aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E  8E3F BE86 EBB4 1510 4FDF

* remotes/berrange/tags/misc-next-pull-request:
  crypto: Fix LGPL information in the file headers
  doc: document that the monitor console is a privileged control interface
  configure: only link capstone to emulation targets
  crypto: fix function signatures for nettle 2.7 vs 3
  crypto: switch to modern nettle AES APIs

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-19 14:29:13 +01:00
Thomas Huth
b7cbb8741b crypto: Fix LGPL information in the file headers
It's either "GNU *Library* General Public License version 2" or "GNU
Lesser General Public License version *2.1*", but there was no "version
2.0" of the "Lesser" license. So assume that version 2.1 is meant here.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-19 14:21:25 +01:00
Daniel P. Berrangé
4f24430821 doc: document that the monitor console is a privileged control interface
A supposed exploit of QEMU was recently announced as CVE-2019-12928
claiming that the monitor console was insecure because the "migrate"
command enabled arbitrary command execution for a remote attacker.

To be a security risk the user launching QEMU must have configured
the monitor in a way that allows for other users to access it. The
exploit report quoted use of the "tcp" character device backend for
QMP.

This would indeed allow any network user to connect to QEMU and
execute arbitrary commands, however, this is not a flaw in QEMU.
It is the normal expected behaviour of the monitor console and the
commands it supports. Given a monitor connection, there are many
ways to access host file system content besides the migrate command.

The reality is that the monitor console (whether QMP or HMP) is
considered a privileged interface to QEMU and as such must only
be made available to trusted users. IOW, making it available with
no authentication over TCP is simply a, very serious, user
configuration error not a security flaw in QEMU itself.

The one thing this bogus security report highlights though is that
we have not clearly documented the security implications around the
use of the monitor. Add a few paragraphs of text to the security
docs explaining why the monitor is a privileged interface and making
a recommendation to only use the UNIX socket character device backend.

Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Prasad J Pandit <pjp@fedoraproject.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-19 14:21:08 +01:00
Max Reitz
49278ec065 iotests: Test quitting with job on throttled node
When qemu quits, all throttling should be ignored.  That means, if there
is a mirror job running from a throttled node, it should be cancelled
immediately and qemu close without blocking.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 15:17:55 +02:00
Max Reitz
e6f0ac4d52 vl: Drain before (block) job cancel when quitting
If the main loop cancels all block jobs while the block layer is not
drained, this cancelling may not happen instantaneously.  We can start a
drained section before vm_shutdown(), which entails another
bdrv_drain_all(); this nested bdrv_drain_all() will thus be a no-op,
basically.

We do not have to end the drained section, because we actually do not
want any requests to happen from this point on.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 15:17:54 +02:00
Peter Maydell
c054147ecc Add missing fallthrough annotations.
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAl0xqzkSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vf78P/2b9JrNu1Pn8j/RRqwIqY/cHjtycxi7o
 N8GaElq+HTa7r98VZtqZ0a51Gk0IUyud6dZKosWuSFFV8izB3g0OMYR/7Nh8gtX4
 px/dNtudBVINQzL1ySwS4NBf+q3YvRdMik71YyTIU+iNacqSVciYa/fLTxj2IbVY
 krchoh8D/wIVp4ZLi4i2gmHa4cTh8xutKnbh+KyhQ+JpT1rhGjMHnqG5dTrKG4bX
 xITNhGpW77WqMzlVWjjNYk+yq7OIGX8XXPz73DjqE+YerqJvtMcf5pdEFDsSHi1q
 C7CDoDvsYCTGel8xzMeTFCJrIh9BnVWzbU9e6ZzM8AeC+8j8AX1h5XtntoEU1IsE
 XwFok9yHy0bk4Xs5ja5yJFlH23TGX+TXIv302NK+dMB4x4kSsP2FNgEhf0BpxoRk
 HobOyivvCVMHL/Yb6av0ntOi+KAwfuqXpDLdu4PBm/1Deo3Wtpu2HLf12Adh0Acx
 idyP6OHLgb6N+fbgkuaLgyUmFTkf04xR2VjpkIR0nP6Jd5iY9MMJIDXEX54ZKMqS
 zmXLIMBXPIJzMl60c3QMkP58wRFNqQTXL8d6zURcR1XtuBxlzkNo+Esw4YOu8OXX
 Mp0sAM2GQQSt8SzaWlhzlsLj+wbsQMUcxrQQ0YVKt5e09AF5IznfEUiNVZ8bXOxz
 sWUawVTFYLSD
 =23to
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190719' into staging

Add missing fallthrough annotations.

# gpg: Signature made Fri 19 Jul 2019 12:36:25 BST
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20190719:
  s390x/pci: add some fallthrough annotations

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-19 12:52:36 +01:00
Daniel P. Berrangé
02f9135be6 configure: only link capstone to emulation targets
Only the emulators link to code that uses capstone, so adding it to the
global LIBs places undesirable dependancies on other binaries, in
particular the tools.

There is no variable that covers both user emulation and machine
emulation, so add a new "$libs_cpu" for this purpose.

In particular this removes the 8 MB capstone dep from the things
qemu-img links against, allowing for a more minimal installation
in scenarios that don't want system emulators installed.

Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-19 12:52:04 +01:00
Daniel P. Berrangé
f887849007 crypto: fix function signatures for nettle 2.7 vs 3
Nettle version 2.7.x used 'unsigned int' instead of 'size_t' for length
parameters in functions. Use a local typedef so that we can build with
the correct signature depending on nettle version, as we already do in
the cipher code.

Reported-by: Amol Surati <suratiamol@gmail.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-19 12:48:22 +01:00
Daniel P. Berrangé
e8e67ca4c1 crypto: switch to modern nettle AES APIs
The aes_ctx struct and aes_* functions have been deprecated in nettle
3.5, in favour of keysize specific functions which were introduced
first in nettle 3.0.

Switch QEMU code to use the new APIs and add some backcompat defines
such that it still builds on nettle 2.7

Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2019-07-19 12:48:01 +01:00
Max Reitz
86472071f4 iotests: Test commit with a filter on the chain
Before the previous patches, the first case resulted in a failed
assertion (which is noted as qemu receiving a SIGABRT in the test
output), and the second usually triggered a segmentation fault.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:17 +02:00
Max Reitz
4687133b81 iotests: Add @has_quit to vm.shutdown()
If a test has issued a quit command already (which may be useful to do
explicitly because the test wants to show its effects),
QEMUMachine.shutdown() should not do so again.  Otherwise, the VM may
well return an ECONNRESET which will lead QEMUMachine.shutdown() to
killing it, which then turns into a "qemu received signal 9" line.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:17 +02:00
Max Reitz
61ad631cee block: Loop unsafely in bdrv*drained_end()
The graph must not change in these loops (or a QLIST_FOREACH_SAFE would
not even be enough).  We now ensure this by only polling once in the
root bdrv_drained_end() call, so we can drop the _SAFE suffix.  Doing so
makes it clear that the graph must not change.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:17 +02:00
Max Reitz
2afdc790ec tests: Extend commit by drained_end test
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:16 +02:00
Max Reitz
e037c09c78 block: Do not poll in bdrv_do_drained_end()
We should never poll anywhere in bdrv_do_drained_end() (including its
recursive callees like bdrv_drain_invoke()), because it does not cope
well with graph changes.  In fact, it has been written based on the
postulation that no graph changes will happen in it.

Instead, the callers that want to poll must poll, i.e. all currently
globally available wrappers: bdrv_drained_end(),
bdrv_subtree_drained_end(), bdrv_unapply_subtree_drain(), and
bdrv_drain_all_end().  Graph changes there do not matter.

They can poll simply by passing a pointer to a drained_end_counter and
wait until it reaches 0.

This patch also adds a non-polling global wrapper for
bdrv_do_drained_end() that takes a drained_end_counter pointer.  We need
such a variant because now no function called anywhere from
bdrv_do_drained_end() must poll.  This includes
BdrvChildRole.drained_end(), which already must not poll according to
its interface documentation, but bdrv_child_cb_drained_end() just
violates that by invoking bdrv_drained_end() (which does poll).
Therefore, BdrvChildRole.drained_end() must take a *drained_end_counter
parameter, which bdrv_child_cb_drained_end() can pass on to the new
bdrv_drained_end_no_poll() function.

Note that we now have a pattern of all drained_end-related functions
either polling or receiving a *drained_end_counter to let the caller
poll based on that.

A problem with a single poll loop is that when the drained section in
bdrv_set_aio_context_ignore() ends, some nodes in the subgraph may be in
the old contexts, while others are in the new context already.  To let
the collective poll in bdrv_drained_end() work correctly, we must not
hold a lock to the old context, so that the old context can make
progress in case it is different from the current context.

(In the process, remove the comment saying that the current context is
always the old context, because it is wrong.)

In all other places, all nodes in a subtree must be in the same context,
so we can just poll that.  The exception of course is
bdrv_drain_all_end(), but that always runs in the main context, so we
can just poll NULL (like bdrv_drain_all_begin() does).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:16 +02:00
Max Reitz
1b28565768 tests: Lock AioContexts in test-block-iothread
When changing a node's AioContext, the caller must acquire the old
AioContext (unless it currently runs in that old context).  Therefore,
unless the node currently is in the main context, we always have to
acquire the old context around calls that may change a node's
AioContext.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:16 +02:00
Max Reitz
f4c8a43be0 block: Make bdrv_parent_drained_[^_]*() static
These functions are not used outside of block/io.c, there is no reason
why they should be globally available.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:16 +02:00
Max Reitz
8e1da77e6e block: Add @drained_end_counter
Callers can now pass a pointer to an integer that bdrv_drain_invoke()
(and its recursive callees) will increment for every
bdrv_drain_invoke_entry() operation they schedule.
bdrv_drain_invoke_entry() in turn will decrement it once it has invoked
BlockDriver.bdrv_co_drain_end().

We use atomic operations to access the pointee, because the
bdrv_do_drained_end() caller may wish to end drained sections for
multiple nodes in different AioContexts (bdrv_drain_all_end() does, for
example).

This is the first step to moving the polling for BdrvCoDrainData.done to
become true out of bdrv_drain_invoke() and into the root drained_end
function.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:16 +02:00
Max Reitz
8e4428106a tests: Add job commit by drained_end test
Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:16 +02:00
Max Reitz
804db8ea00 block: Introduce BdrvChild.parent_quiesce_counter
Commit 5cb2737e92 laid out why
bdrv_do_drained_end() must decrement the quiesce_counter after
bdrv_drain_invoke().  It did not give a very good reason why it has to
happen after bdrv_parent_drained_end(), instead only claiming symmetry
to bdrv_do_drained_begin().

It turns out that delaying it for so long is wrong.

Situation: We have an active commit job (i.e. a mirror job) from top to
base for the following graph:

                  filter
                    |
                  [file]
                    |
                    v
top --[backing]--> base

Now the VM is closed, which results in the job being cancelled and a
bdrv_drain_all() happening pretty much simultaneously.

Beginning the drain means the job is paused once whenever one of its
nodes is quiesced.  This is reversed when the drain ends.

With how the code currently is, after base's drain ends (which means
that it will have unpaused the job once), its quiesce_counter remains at
1 while it goes to undrain its parents (bdrv_parent_drained_end()).  For
some reason or another, undraining filter causes the job to be kicked
and enter mirror_exit_common(), where it proceeds to invoke
block_job_remove_all_bdrv().

Now base will be detached from the job.  Because its quiesce_counter is
still 1, it will unpause the job once more.  So in total, undraining
base will unpause the job twice.  Eventually, this will lead to the
job's pause_count going negative -- well, it would, were there not an
assertion against this, which crashes qemu.

The general problem is that if in bdrv_parent_drained_end() we undrain
parent A, and then undrain parent B, which then leads to A detaching the
child, bdrv_replace_child_noperm() will undrain A as if we had not done
so yet; that is, one time too many.

It follows that we cannot decrement the quiesce_counter after invoking
bdrv_parent_drained_end().

Unfortunately, decrementing it before bdrv_parent_drained_end() would be
wrong, too.  Imagine the above situation in reverse: Undraining A leads
to B detaching the child.  If we had already decremented the
quiesce_counter by that point, bdrv_replace_child_noperm() would undrain
B one time too little; because it expects bdrv_parent_drained_end() to
issue this undrain.  But bdrv_parent_drained_end() won't do that,
because B is no longer a parent.

Therefore, we have to do something else.  This patch opts for
introducing a second quiesce_counter that counts how many times a
child's parent has been quiesced (though c->role->drained_*).  With
that, bdrv_replace_child_noperm() just has to undrain the parent exactly
that many times when removing a child, and it will always be right.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:16 +02:00
Andrey Shinkevich
a6862418fe iotests: Set read-zeroes on in null block driver for Valgrind
The Valgrind tool reports about the uninitialised buffer 'buf'
instantiated on the stack of the function guess_disk_lchs().
Pass 'read-zeroes=on' to the null block driver to make it deterministic.
The output of the tests 051, 186 and 227 now includes the parameter
'read-zeroes'. So, the benchmark output files are being changed too.

Suggested-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Andrey Shinkevich <andrey.shinkevich@virtuozzo.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2019-07-19 13:19:09 +02:00
Peter Maydell
1f7678fa6f RISC-V Patches for 4.2-rc2
This contains a pair of patches that add OpenSBI support to QEMU on
 RISC-V targets.  The patches have been floating around for a bit, but
 everything seems solid now.  These pass my standard test of booting
 OpenEmbedded, and also works when I swap around the various command-line
 arguments to use the new boot method.
 -----BEGIN PGP SIGNATURE-----
 
 iQJHBAABCAAxFiEEAM520YNJYN/OiG3470yhUCzLq0EFAl0xBrMTHHBhbG1lckBk
 YWJiZWx0LmNvbQAKCRDvTKFQLMurQY+wD/9ewP2nQqPaaLCkJJKKb4iYLkm7yqxu
 IY1xnCZvbRi5dB/5WJvZCKILB/6eaJfpH1GIx12jUS97lSgxleopSyAE9zSvcKXY
 guhbrblnsfA/Ogov7ivAWxqaLJD9QPFq7MaTMpserV+RAFaX7RHH7DIZX3Hizera
 IVkUxqNsrvWFPnEV0JiRvyYiQA7kz2Bd/Qro5S/UtalP/SQGQAxi4T+j78MI4df2
 L00VIs352wJ75wu+Rv3TFRjMWevVkqzCiM67ZemXDKLh25poyZr0ccWdWFq1aXRq
 w90ti0WHdd92EbWLH+0tajIaAQMn+jyXcD1VIQJbEsOeSKbd4zRInTlhXlR0gloq
 bUOH6F3tHucZ/l/O4D/Q1mgxeLPVc+Whlq/kVvpTVq3AyaOAGSccwvz/H5Pl/LDI
 U+YxMndeUn6wh56z/VFxNNc3OMo0HJIn7sLckBiqWUrvx2N+jr/nLUz3XZ3zaBme
 G0Xdepai2Dj+BDn7CP1Bzro37pVtkT7qtDIMi5n1r3K2W+kXtuET5f0nvP4wZi44
 ksFtPEuLZON0Jcu+PHCo/4haTV2guWc162iEC80vhfp4WjozKo42bt/m8wYyzI4u
 ZjZGJ9VqrHu7Zre8pydJXaik/xyWpdHoG4Xr859oYQJCD49Q0xBSz0eeBa9nmYyo
 rn4f5TTD99hEbA==
 =+N8r
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/palmer/tags/riscv-for-master-4.1-rc2' into staging

RISC-V Patches for 4.2-rc2

This contains a pair of patches that add OpenSBI support to QEMU on
RISC-V targets.  The patches have been floating around for a bit, but
everything seems solid now.  These pass my standard test of booting
OpenEmbedded, and also works when I swap around the various command-line
arguments to use the new boot method.

# gpg: Signature made Fri 19 Jul 2019 00:54:27 BST
# gpg:                using RSA key 00CE76D1834960DFCE886DF8EF4CA1502CCBAB41
# gpg:                issuer "palmer@dabbelt.com"
# gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown]
# gpg:                 aka "Palmer Dabbelt <palmer@sifive.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 00CE 76D1 8349 60DF CE88  6DF8 EF4C A150 2CCB AB41

* remotes/palmer/tags/riscv-for-master-4.1-rc2:
  hw/riscv: Load OpenSBI as the default firmware
  roms: Add OpenSBI version 0.4

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-19 11:17:33 +01:00
Peter Maydell
0274f45bde fix access_ok() to allow to run LTP on AARCH64,
fix SIOCGSTAMP with 5.2 kernel headers,
 fix structure target_ucontext for MIPS
 -----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAl0xecASHGxhdXJlbnRA
 dml2aWVyLmV1AAoJEPMMOL0/L748oyIQAK8KEW9GRKcp2Zh6KuT5kyjmnE8X33aJ
 r6Y9jsU1rPac10hvwemxDBPitlwhFKYvDIZFerYK91FzQNb2Tcs7arIUWv9hnKAk
 axVwrKrV58L0KwT87OhVexSSk8hcTrJh35TCevdBxAjO+oTMiLctJkXKNtGdY/kA
 Qk2cJo5WsYRUouwcSlO2Z0XAWYAj3a2phiQ6j8T45iHaNUllErF9Zyg7jPSAV/P6
 QO9zxqHCl93QaBiARtRrweH3icm+9560yIzWyZljjfPNer/eRw43cAo1ymm6SIGS
 lf5okWeaUKWaMmm8GnBq6uy9ZCkxcKrRSTEzDAOGdD2IExwzUZbsLTZ2OUSj9Mj+
 C56uPzqlVOj2tF44bGsU6JEc5GpuBlkEA+F1GnjxJ3LAhQWjJlOcl5bZGXXsZngq
 0dcnRjp2nHf1QhhxdV5gts2mDL8pRGjAV2nKmwbTokQC7dZLAsj/U1LXQ+9i5WUb
 OEXqFHAuuitmIsNFDuu1cIPFQBmuxUQ3YyUHeDzaU4T/gTJFrdLO4uMq3QiU+5lj
 QIhCSba8Sy1YExnD8gpxDUlGOxtHSb+aGVtyIjOL+DcrQzzS6141jBDJF0zyo4vd
 G60wXD99fkc8iuzbjSBVG7+JqGCXM/QINsQGOxRe27X6HicJRki2OLS6mtJHsPuV
 Xjn576coyNsQ
 =Jfbz
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-4.1-pull-request' into staging

fix access_ok() to allow to run LTP on AARCH64,
fix SIOCGSTAMP with 5.2 kernel headers,
fix structure target_ucontext for MIPS

# gpg: Signature made Fri 19 Jul 2019 09:05:20 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-4.1-pull-request:
  linux-user: fix to handle variably sized SIOCGSTAMP with new kernels
  linux-user: check valid address in access_ok()
  linux-user: Fix structure target_ucontext for MIPS

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-19 09:44:43 +01:00
Daniel P. Berrangé
6d5d5dde9a linux-user: fix to handle variably sized SIOCGSTAMP with new kernels
The SIOCGSTAMP symbol was previously defined in the
asm-generic/sockios.h header file. QEMU sees that header
indirectly via sys/socket.h

In linux kernel commit 0768e17073dc527ccd18ed5f96ce85f9985e9115
the asm-generic/sockios.h header no longer defines SIOCGSTAMP.
Instead it provides only SIOCGSTAMP_OLD, which only uses a
32-bit time_t on 32-bit architectures.

The linux/sockios.h header then defines SIOCGSTAMP using
either SIOCGSTAMP_OLD or SIOCGSTAMP_NEW as appropriate. If
SIOCGSTAMP_NEW is used, then the tv_sec field is 64-bit even
on 32-bit architectures

To cope with this we must now convert the old and new type from
the target to the host one.

Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Arnd Bergmann <arnd@arndb.de>
Message-Id: <20190718130641.15294-1-laurent@vivier.eu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-07-19 09:33:55 +02:00
Alistair Francis
fdd1bda4b4
hw/riscv: Load OpenSBI as the default firmware
If the user hasn't specified a firmware to load (with -bios) or
specified no bios (with -bios none) then load OpenSBI by default. This
allows users to boot a RISC-V kernel with just -kernel.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Tested-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-07-18 14:18:45 -07:00
Alistair Francis
91f3a2f0ce
roms: Add OpenSBI version 0.4
Add OpenSBI version 0.4 as a git submodule and as a prebult binary.

OpenSBI (https://github.com/riscv/opensbi) aims to provide an open-source
reference implementation of the RISC-V Supervisor Binary Interface (SBI)
specifications for platform-specific firmwares executing in M-mode. For all
supported platforms, OpenSBI provides several runtime firmware examples.
These example firmwares can be used to replace the legacy riscv-pk bootloader
and enable the use of well-known bootloaders such as U-Boot.

OpenSBI is distributed under the terms of the BSD 2-clause license
("Simplified BSD License" or "FreeBSD License", SPDX: BSD-2-Clause). OpenSBI
source code also contains code reused from other projects desribed here:
https://github.com/riscv/opensbi/blob/master/ThirdPartyNotices.md.

In this case all of the code we are using from OpenSBI is BSD 2-clause
as we aren't using the Kendryte code (Apache-2.0) with QEMU and libfdt
is dual licensed as BSD 2-clause (and GPL-2.0+). OpenSBI isn't being
linked with QEMU either it is just being included with QEMU.

Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Tested-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Palmer Dabbelt <palmer@sifive.com>
2019-07-18 14:18:43 -07:00
Rémi Denis-Courmont
0acd4ab849 linux-user: check valid address in access_ok()
Fix a crash with LTP testsuite and aarch64:

  tst_test.c:1015: INFO: Timeout per run is 0h 05m 00s
  qemu-aarch64: .../qemu/accel/tcg/translate-all.c:2522: page_check_range: Assertion `start < ((target_ulong)1 << L1_MAP_ADDR_SPACE_BITS)' failed.
  qemu:handle_cpu_signal received signal outside vCPU context @ pc=0x60001554

page_check_range() should never be called with address outside the guest
address space. This patch adds a guest_addr_valid() check in access_ok()
to only call page_check_range() with a valid address.

Fixes: f6768aa1b4 ("target/arm: fix AArch64 virtual address space size")
Signed-off-by: Rémi Denis-Courmont <remi@remlab.net>
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Message-Id: <20190704084115.24713-1-lvivier@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-07-18 13:57:28 +02:00
Cornelia Huck
efac5ae420 s390x/pci: add some fallthrough annotations
According to the comment, the bits are supposed to accumulate.

Reported-by: Stefan Weil <sw@weilnetz.de>
Fixes: 5d1abf2344 ("s390x/pci: enforce zPCI state checking")
Acked-by: Collin Walling <walling@linux.ibm.com>
Signed-off-by: Cornelia Huck <cohuck@redhat.com>
2019-07-18 11:29:50 +02:00
Peter Maydell
0b18cfb8f1 Update version for v4.1.0-rc1 release
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-16 18:01:28 +01:00
Aleksandar Markovic
4ced996ffe linux-user: Fix structure target_ucontext for MIPS
Structure ucontext for MIPS is defined in the following way in
Linux kernel:

(arch/mips/include/uapi/asm/ucontext.h, lines 54-64)

struct ucontext {
    /* Historic fields matching asm-generic */
    unsigned long       uc_flags;
    struct ucontext     *uc_link;
    stack_t             uc_stack;
    struct sigcontext   uc_mcontext;
    sigset_t            uc_sigmask;

    /* Extended context structures may follow ucontext */
    unsigned long long	uc_extcontext[0];
};

Fix the structure target_ucontext for MIPS to reflect the definition
above, except the correction for field uc_extcontext, which will
follow at some later time.

Fixes: 94c5495d

Reported-by: Dragan Mladjenovic <dmladjenovic@wavecomp.com>
Signed-off-by: Aleksandar Markovic <amarkovic@wavecomp.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <1562931470-3700-2-git-send-email-aleksandar.markovic@rt-rk.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2019-07-16 18:37:13 +02:00
Peter Maydell
a1a4d49f60 pflash-next patches for v4.1.0-rc1
Trivial pflash fixes for rc1.
 -----BEGIN PGP SIGNATURE-----
 
 iQIcBAABAgAGBQJdLfR5AAoJEOPjLCzercDeHfwP/j27GNRSUhkHzWNyygYJ9mj+
 K+EVtG4cnPuZr4zx138Gel+jm2Q2SIFEFMJWJN4NtHQ0Z3FGD0J+1+K8roUgP3M0
 gEspiMNFyzdNDewPkWbw3b2ftYYof/UMIfuWT+ClArUG6Tx4u2pdSIbCuHX9Bp7F
 kvh3/IZqnK2pNp71ocpfD48ZCGfwy4d7zOTD6dDax3I/yBVVXi7Dh5v8KPxafnL5
 fsgLQ1yaWS7ELO4h7LeRsyDioYSbEY+Se/uhGu3iXnfDgPGUM+RMaP2GuEWr6noK
 dKEIDmXL378stD0N3tKRWSwYmr9mhtDcX7Od+uIduZFnmWaRn3iTlO+eCuMtkbuO
 H3+pD7FUy4qHF+FqiETn4g+L3e9IbR2dYE/Blsew7s7Au/s8JY9ZZiszmSh01RGn
 i5LKyaGpRbsWVb5hkV1cqvPOXX/aClO+4yXO5+ZmUytmN9lXtJzZMtDnOi5vt1x0
 6yRhya+y2J8kPNQO2p+uVv8v78kgBd1bN8XlFIKbj0rE3/lsClbTxo0rINv+jwiI
 CNe/Oa+DFa7Wod4jMfLyzCljlRhZZ+p8yCCTRI5oQ4O6u6DnQ8jW/ezIUZGusYaF
 0AyBq7X/RSIr5gwRgy2KSulVtAKGumz+FHGgaTQmRRpCyKJR7EIHXXrTtl8F6i7s
 /7LRXXtrhaHNnds7FJq5
 =dN9Q
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/philmd-gitlab/tags/pflash-next-20190716' into staging

pflash-next patches for v4.1.0-rc1

Trivial pflash fixes for rc1.

# gpg: Signature made Tue 16 Jul 2019 16:59:53 BST
# gpg:                using RSA key E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD  6BB2 E3E3 2C2C DEAD C0DE

* remotes/philmd-gitlab/tags/pflash-next-20190716:
  hw/block/pflash_cfi01: Start state machine as READY to accept commands
  hw/block/pflash_cfi02: Explicit switch fallthrough for ERASE commands

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-16 17:02:44 +01:00
Philippe Mathieu-Daudé
611c749c3b hw/block/pflash_cfi01: Start state machine as READY to accept commands
When the state machine is ready to accept command, the bit 7 of
the status register (SR) is set to 1.
The guest polls the status register and check this bit before
writting command to the internal 'Write State Machine' (WSM).

Set SR.7 bit to 1 when the device is created.

There is no migration impact by this change.

Reference: Read Array Flowchart
  "Common Flash Interface (CFI) and Command Sets"
   (Intel Application Note 646)
   Appendix B "Basic Command Set"

Reviewed-by: John Snow <jsnow@redhat.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Regression-tested-by: Laszlo Ersek <lersek@redhat.com>
Message-Id: <20190715121338.20600-5-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-07-16 17:54:06 +02:00
Philippe Mathieu-Daudé
2658594ff6 hw/block/pflash_cfi02: Explicit switch fallthrough for ERASE commands
Previous to commit ddb6f2254, the DQ2 bit was incorrectly set
during PROGRAM command (0xA0). The commit reordered the switch
cases to only set the DQ2 bit for the ERASE commands using a
fallthrough, but did not explicit the fallthrough is intentional.

Mark the switch fallthrough with a comment interpretable by C
preprocessors and static analysis tools.

Reported-by: Coverity (CID 1403012)
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20190711130759.27720-1-philmd@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2019-07-16 17:54:06 +02:00
Peter Maydell
1a1c0995cd straighten out some things in the gen15 cpu model
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEEw9DWbcNiT/aowBjO3s9rk8bwL68FAl0t1ioSHGNvaHVja0By
 ZWRoYXQuY29tAAoJEN7Pa5PG8C+vUcsQAILxCowyvoc3606yKXuAQ/glZ7/mjx7t
 44/MYYuK4GHMDIKFmwvw3P7Da16i+bQo8f23i02P0TCZX8nwRW/7AYeOxLaMPEJt
 dBd/0gedpN2IENPlrRaGslgFbeIX5Jg5zaBwrWvRAfe5Gsduir1leJAT21umMhKq
 Gy5ks9MoXkca9QUHf7EXnnnpn5gRXvWTnKS0xGuqoKD91Vp9pkq9u4W6yaJtX5H6
 ZG/asnFeuoY4ubu3bHm6PjLmBNoUDKetXatqtGHOzGA2iHlTKsmEltKh9Ogw9eT3
 4S3pQCCzhMbkm6MXd0ZvXTdtGSd8K4AR6qECA+muVOuIsz9E9USOzaZ6/OXEfw6C
 vCTmTk0HWm9MgYB0SD3Zu+/J5llyVZ+04aLuepbVCPf6XbrwSbINSTz1yaja5eJe
 aL0aWsTa1qpD4aCHHKBYg2T0UPGoG1vYLwjeA1n8LLnz8//8cT20R0gbAIiZ7lQF
 u4e5mteS813jULjIg5AjYhsEp22VH2k7sLKfnOy/7vwrPcMZ8T8dJVnCg9GJwHOT
 EqZAWk94Kqa/PuPTeOnMoZsZsGOI5JDz9gS316unWMU8iuh4lkMb8cxHJpF6Pd3S
 iqH3+8aUrXGhz/DFHheKwVseUMhx6tHthzYAzoumPv/NBQSsKgkdUmBpGeZGeD0o
 53HfbXTqs1hP
 =q/R6
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20190716' into staging

straighten out some things in the gen15 cpu model

# gpg: Signature made Tue 16 Jul 2019 14:50:34 BST
# gpg:                using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF
# gpg:                issuer "cohuck@redhat.com"
# gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown]
# gpg:                 aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full]
# gpg:                 aka "Cornelia Huck <cohuck@kernel.org>" [unknown]
# gpg:                 aka "Cornelia Huck <cohuck@redhat.com>" [unknown]
# Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0  18CE DECF 6B93 C6F0 2FAF

* remotes/cohuck/tags/s390x-20190716:
  s390x/cpumodel: change internal name of vxpdeh to match description
  s390x/cpumodel: also change name of vxbeh
  s390x/cpumodel: remove esort from the default model

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-16 16:05:42 +01:00
Peter Maydell
697f59243f * VFIO bugfix for AMD SEV (Alex)
* Kconfig improvements (Julio, Philippe)
 * MemoryRegion reference counting bugfix (King Wang)
 * Build system cleanups (Marc-André, myself)
 * rdmacm-mux off-by-one (Marc-André)
 * ZBC passthrough fixes (Shinichiro, myself)
 * WHPX build fix (Stefan)
 * char-pty fix (Wei Yang)
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
 iQEcBAABAgAGBQJdLX1PAAoJEL/70l94x66DQ1YH/im8BbRRRPsm3Qg55fTolcWN
 0+dm/Vfv2P7nfxDMsZ4S+jrvCaCWOZb6ua75TdB74VIXpJTGPU7a3JxyTzRueP+2
 c4WH3owT8x9e4iyLNGZoIDAKtJXLSX6FInjHKTkupLVbs2UpAh0Mipq4zIoIambl
 wf83jFmJ6KCemayE9gfw8Z45YTJcLceIOLaEyXgqrPoHXTmerEj5ZMMIqEMag3W/
 dKszhVjRb6En5Ldn0jEqeC5fU10tKIs+y7VNwdJ8CZw41daBDiXDVmXemJyTF/Xn
 SYJCwrJUSdVU42AE2xXCpBfANCh7eGyg4loCitLv8Z393tN7bRufULsnM/rEreI=
 =tEVO
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into staging

* VFIO bugfix for AMD SEV (Alex)
* Kconfig improvements (Julio, Philippe)
* MemoryRegion reference counting bugfix (King Wang)
* Build system cleanups (Marc-André, myself)
* rdmacm-mux off-by-one (Marc-André)
* ZBC passthrough fixes (Shinichiro, myself)
* WHPX build fix (Stefan)
* char-pty fix (Wei Yang)

# gpg: Signature made Tue 16 Jul 2019 08:31:27 BST
# gpg:                using RSA key BFFBD25F78C7AE83
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini/tags/for-upstream:
  vl: make sure char-pty message displayed by moving setbuf to the beginning
  create_config: remove $(CONFIG_SOFTMMU) hack
  Makefile: do not repeat $(CONFIG_SOFTMMU) in hw/Makefile.objs
  hw/usb/Kconfig: USB_XHCI_NEC requires USB_XHCI
  hw/usb/Kconfig: Add CONFIG_USB_EHCI_PCI
  target/i386: sev: Do not unpin ram device memory region
  checkpatch: detect doubly-encoded UTF-8
  hw/lm32/Kconfig: Milkymist One provides a USB 1.1 Controller
  util: merge main-loop.c and iohandler.c
  Fix broken build with WHPX enabled
  memory: unref the memory region in simplify flatview
  hw/i386: turn off vmport if CONFIG_VMPORT is disabled
  rdmacm-mux: fix strcpy string warning
  build-sys: remove slirp cflags from main-loop.o
  iscsi: base all handling of check condition on scsi_sense_to_errno
  iscsi: fix busy/timeout/task set full
  scsi: add guest-recoverable ZBC errors
  scsi: explicitly list guest-recoverable sense codes
  scsi-disk: pass sense correctly for guest-recoverable errors

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-16 15:08:29 +01:00
Peter Maydell
d7179eca73 Build system and documentation patches for 2019-07-15
-----BEGIN PGP SIGNATURE-----
 
 iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAl0s0J4SHGFybWJydUBy
 ZWRoYXQuY29tAAoJEDhwtADrkYZTF5QQAIfAmJWWv0iD0Lajggaz4vzW68YWNFiy
 WrTS3EPht1JzFySEEVi5wHTOP0VfAp1V19LSmZAn3tTDrtjHq8k7N/XVo5ImGMSt
 neoTBRrySu3dyEpce/DBZdYw1gGe/ed2AaY0mCIgKkMvgZn/95ArgKWs683xt/fZ
 h7RaMZR1n2S33z2xKvMO7URpbrfiHSvghc0N0KrK8o4RzJ/dZsGVuIJNDraKTf64
 eYGw+S5rXEl5+xhd8ILJRX3DXZy1xqPhq7u7sS4AMT21D6CKOX9jF3CslLQ8AoRS
 YpOjDOdiEe1ZLzB5MSp1ckl5viQc8eL9/2UiQGs1peGm67jB5SGaJxV+KtlqWcAA
 /x0KbQtyj1wdgiMBFp0gc4mmUdmo9wJkX1G/Tcfiwrz2XKRqVUQlDuqxkr4/t/jP
 hDALjw4SQM0GGnUhhz72Rhyb0LWwXokeBNsVXwjvgLlVxKVe1CyLiz+oVr7N06rp
 Dpq35r2YEzSSj1Ar5yXaGfMPRAfqPfCvkg7EF8gXnWGnIbL3frAmv+dW+XY9erZY
 ajmGb5JP57FnvW2iGA0Zqzy98t/xYAp3CUus96fd1P1WTP5UhUTOniaVQEMudShD
 Y1PrrRYsKqU1ich4J0OOVyc1ol5Q7rj8h5dkGrAYstOgK/jG3vaoj+Kw7ElzIXr4
 PNco+mgevtOl
 =iJ+4
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/armbru/tags/pull-build-2019-07-15' into staging

Build system and documentation patches for 2019-07-15

# gpg: Signature made Mon 15 Jul 2019 20:14:38 BST
# gpg:                using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg:                issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg:                 aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867  4E5F 3870 B400 EB91 8653

* remotes/armbru/tags/pull-build-2019-07-15:
  qemu-tech: Fix dangling @menu entries
  Makefile: Fix missing dependency of on qemu-tech.texi
  Makefile: Fix "make install" when "make all" needs work

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-16 11:50:55 +01:00
Peter Maydell
6ed8682d9c MIPS queue for July 15th, 2019
-----BEGIN PGP SIGNATURE-----
 Version: GnuPG v1
 
 iQEcBAABAgAGBQJdLOC8AAoJENSXKoln91plF0IH/3rF9rMW4yv5ShkELOCAHmuK
 QaEvqS11fBEEFrhn0Zy7x85Ua++1Uo3rIGz45jrDOajbHSepG9dMn5edjWhCEKzr
 wQK2SP3/8y/aLcpqlRGE2PTHMhi32Fvxa4vdWekcIxnHEGpWSeNSkDfdBRg6SaNa
 JWrN6NpStK0qHDuxXV48WeZ4K2qd+c9Dxjoyw68SJaD5jEmsXH3XnVGlh4IowhyT
 hOjnof+Zc+x3Ltmea4pI+p74cLxMhMP98YpX+nMukzwydRIrDiUNQ06XSDm8g1qR
 vd5PHIE6XHSeOsWy+bifcFA/TsH/yCTKBukMmMwsiHv8g0fK9vvr5Y6XO3rNoMo=
 =0gFd
 -----END PGP SIGNATURE-----

Merge remote-tracking branch 'remotes/amarkovic/tags/mips-queue-jul-15-2019' into staging

MIPS queue for July 15th, 2019

# gpg: Signature made Mon 15 Jul 2019 21:23:24 BST
# gpg:                using RSA key D4972A8967F75A65
# gpg: Good signature from "Aleksandar Markovic <amarkovic@wavecomp.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 8526 FBF1 5DA3 811F 4A01  DD75 D497 2A89 67F7 5A65

* remotes/amarkovic/tags/mips-queue-jul-15-2019:
  target/mips: Add missing 'break' for certain cases of MTTR handling
  target/mips: Add missing 'break' for certain cases of MFTR handling
  target/mips: Add missing 'break' for a case of MTHC0 handling

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2019-07-16 10:51:59 +01:00