Update to QEMU 9.0.0 #67
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…into staging pull-loongarch-20240322 # -----BEGIN PGP SIGNATURE----- # # iLMEAAEKAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZf1WZgAKCRBAov/yOSY+ # 35zZBADDPLM3130Q/2zsGhol1C538i4+hYRbrX+OsLnlaldyE3NqCPcgaKwVE3xS # T9aOln91rDyQedz4DVYYSx+Oa1JpRjGko957REmopL50SJOYi6n7YhHJksaUirjJ # tMDZdPClOegieOpCu8LgJAVhaxTpZvfLedJVPt7O6Fl/uP3pLg== # =XLqh # -----END PGP SIGNATURE----- # gpg: Signature made Fri 22 Mar 2024 09:59:02 GMT # gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF # gpg: Good signature from "Song Gao <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF * tag 'pull-loongarch-20240322' of https://gitlab.com/gaosong/qemu: target/loongarch: Fix qemu-system-loongarch64 assert failed with the option '-d int' Signed-off-by: Peter Maydell <[email protected]>
This reverts commit decdc76 in full and also the relevant migration-tests from 7a09f09. After the addition of the new QAPI-based migration address API in 8.2 we've been converting an "fd:" URI into a SocketAddress, missing the fact that the "fd:" syntax could also be used for a plain file instead of a socket. This is a problem because the SocketAddress is part of the API, so we're effectively asking users to create a "socket" channel to pass in a plain file. The easiest way to fix this situation is to deprecate the usage of both SocketAddress and "fd:" when used with a plain file for migration. Since this has been possible since 8.2, we can wait until 9.1 to deprecate it. For 9.0, however, we should avoid adding further support to migration to a plain file using the old "fd:" syntax or the new SocketAddress API, and instead require the usage of either the old-style "file:" URI or the FileMigrationArgs::filename field of the new API with the "/dev/fdset/NN" syntax, both of which are already supported. Signed-off-by: Fabiano Rosas <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Peter Xu <[email protected]>
With current code base I can observe extremely high sync count during precopy, as long as one enables postcopy-ram=on before switchover to postcopy. To provide some context of when QEMU decides to do a full sync: it checks must_precopy (which implies "data must be sent during precopy phase"), and as long as it is lower than the threshold size we calculated (out of bandwidth and expected downtime) QEMU will kick off the slow/exact sync. However, when postcopy is enabled (even if still during precopy phase), RAM only reports all pages as can_postcopy, and report must_precopy==0. Then "must_precopy <= threshold_size" mostly always triggers and enforces a slow sync for every call to migration_iteration_run() when postcopy is enabled even if not used. That is insane. It turns out it was a regress bug introduced in the previous refactoring in 8.0 as reported by Nina [1]: (a) c8df4a7 ("migration: Split save_live_pending() into state_pending_*") Then a workaround patch is applied at the end of release (8.0-rc4) to fix it: (b) 28ef533 ("migration: fix ram_state_pending_exact()") However that "workaround" was overlooked when during the cleanup in this 9.0 release in this commit.. (c) b0504ed ("migration: Drop unnecessary check in ram's pending_exact()") Then the issue was re-exposed as reported by Nina [1]. The problem with (b) is that it only fixed the case for RAM, rather than all the rest of iterators. Here a slow sync should only be required if all dirty data (precopy+postcopy) is less than the threshold_size that QEMU calculated. It is even debatable whether a sync is needed when switched to postcopy. Currently ram_state_pending_exact() will be mostly noop if switched to postcopy, and that logic seems to apply too for all the rest of iterators, as sync dirty bitmap during a postcopy doesn't make much sense. However let's leave such change for later, as we're in rc phase. So rather than reusing commit (b), this patch provides the complete fix for all iterators. When at it, cleanup a little bit on the lines around. [1] https://gitlab.com/qemu-project/qemu/-/issues/1565 Reported-by: Nina Schoetterl-Glausch <[email protected]> Fixes: b0504ed ("migration: Drop unnecessary check in ram's pending_exact()") Reviewed-by: Fabiano Rosas <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Peter Xu <[email protected]>
When the zero page detection is done in the multifd threads, we need to iterate the second part of the pages->offset array and clear the file bitmap for each zero page. The piece of code we merged to do that is wrong. The reason this has passed all the tests is because the bitmap is initialized with zeroes already, so clearing the bits only really has an effect during live migration and when a data page goes from having data to no data. Fixes: 303e6f5 ("migration/multifd: Implement zero page transmission on the multifd thread.") Signed-off-by: Fabiano Rosas <[email protected]> Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Peter Xu <[email protected]>
The "[s390x] GCC (other-system)" and the "[s390x] GCC check-tcg" jobs are hitting the 50 minutes timeout in Travis quite frequently since a while. To fix it, we've got to drop a lot of the targets from the target list in the jobs to make them work again. With regards to the "check-tcg" test, we can move the check with "s390x-linux-user" to the "user" job instead which also builds the s390x-linux-user target. And while we're at it, remove the "--enable-fdt=system" configure switch (since this is not required nowadays anymore). Message-ID: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Drop the "xfslibs-dev" package which should not be necessary anymore since commit a5730b8 ("block/file-posix: Simplify the XFS_IOC_DIOINFO handling"). Message-ID: <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
…user Using xlnx-zynqmp-pmu-soc on the command line causes QEMU to crash: ./qemu-system-microblazeel -M petalogix-ml605 -device xlnx-zynqmp-pmu-soc ** ERROR:tcg/tcg.c:813:tcg_register_thread: assertion failed: (n < tcg_max_ctxs) Bail out! Aborted (core dumped) Mark the device with "user_creatable = false" to avoid that this can happen. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2229 Message-ID: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Aspeed SoCs are complex devices that can not be specified on the command line. Fix that to avoid QEMU aborts. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2227 Fixes: f25c0ae ("aspeed/soc: Add AST2600 support") Reported-by: Thomas Huth <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Aspeed SoCs are complex devices that can not be specified on the command line. Fix that to avoid QEMU aborts. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2227 Fixes: 356b230 ("aspeed/soc : Add AST1030 support") Reported-by: Thomas Huth <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
In test_rx() and test_tx() we allocate a GString *cmd_line but never free it. This is pretty harmless in a test case, but Coverity spotted it. Resolves: Coverity CID 1507122 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-id: [email protected]
In socket_check_afunix_support() we call socket(PF_UNIX, SOCK_STREAM, 0) to see if it works, but we call close() on the result whether it worked or not. Only close the fd if the socket() call succeeded. Spotted by Coverity. Resolves: Coverity CID 1497481 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-id: [email protected]
In net_init_af_xdp() we parse the arguments and allocate a buffer of ints into sock_fds. However, although we free this in the error exit path, we don't ever free it in the successful return path. Coverity spots this leak. Switch to g_autofree so we don't need to manually free the array. Resolves: Coverity CID 1534906 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-id: [email protected]
In pca9554_get_pin() and pca9554_set_pin(), we try to detect an incorrect pin value, but we get the condition wrong, using ">" when ">=" was intended. This has no actual effect, because in pca9554_initfn() we use the correct test when creating the properties and so we'll never be called with an out of range value. However, Coverity complains about the mismatch between the check and the later use of the pin value in a shift operation. Use the correct condition. Resolves: Coverity CID 1534917 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-id: [email protected]
There's no way for the macio_nvram device to report failure to write data, but we can at least report it to the user with error_report() as we do in other devices like xlnx-efuse. Spotted by Coverity. Resolves: Coverity CID 1507628 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected]
The PCA9552 and PCA9554 devices are both I2C GPIO controllers and the PCA9552 also can drive LEDs. Do all the necessary adjustments to move the models under hw/gpio. Cc: Glenn Miles <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> Message-ID: <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
In qvirtqueue_kick(), the 'flags' were previously being incorrectly read from vq->avail instead of the correct vq->used location. This update ensures 'flags' are read from the correct location as per the virtio standard. Signed-off-by: Zheyu Ma <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Message-ID: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Otherwise TCG would assume the register that holds t1 would be constant and reuse whenever it needs the value within it. Cc: [email protected] Fixes: f1ea739 ("target/s390x: Use tcg_constant_* in local contexts") Reviewed-by: Ilya Leoshkevich <[email protected]> Reviewed-by: Richard Henderson <[email protected]> [iii: Adjust a newline and capitalization, add tags] Signed-off-by: Ido Plat <[email protected]> Signed-off-by: Ilya Leoshkevich <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> Message-ID: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Add a small test to prevent regressions. Signed-off-by: Ilya Leoshkevich <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
In test_compute_wait() we do double units = bkt.max / 10; which does an integer division and then assigns it to a double variable, and similarly later on in the expression for an assertion. Use 10.0 so that we do a floating point division and calculate the exact value, rather than doing an integer division. Spotted by Coverity. Resolves: Coverity CID 1432564 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected]
Coverity points out that g_setenv() can fail and we don't check for this in qtest_inproc_init(). In practice this will only fail if a memory allocation failed in setenv() or if the caller passed an invalid architecture name (e.g. one with an '=' in it), so rather than requiring the callsite to check for failure, make g_setenv() failure fatal here, similarly to what we did in commit aca68d9. Resolves: Coverity CID 1497485 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected]
…erx/qemu into staging Migration pull for 9.0-rc1 - Fabiano's patch to revert fd: support on mapped-ram - Peter's fix on postcopy regression on unnecessary dirty syncs - Fabiano's fix on mapped-ram rare corrupt on zero page handling # -----BEGIN PGP SIGNATURE----- # # iIgEABYKADAWIQS5GE3CDMRX2s990ak7X8zN86vXBgUCZf2uIxIccGV0ZXJ4QHJl # ZGhhdC5jb20ACgkQO1/MzfOr1waqTgD/RjaWrcUYlHcfFcWlEQGrYqikCtZYI+oW # YYdbLcCBOlQBAL/ecCbsFyaWyPnB1Eg3YFcj5g8AgogDHdg37HSxydgL # =aWGi # -----END PGP SIGNATURE----- # gpg: Signature made Fri 22 Mar 2024 16:13:23 GMT # gpg: using EDDSA key B9184DC20CC457DACF7DD1A93B5FCCCDF3ABD706 # gpg: issuer "[email protected]" # gpg: Good signature from "Peter Xu <[email protected]>" [marginal] # gpg: aka "Peter Xu <[email protected]>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: B918 4DC2 0CC4 57DA CF7D D1A9 3B5F CCCD F3AB D706 * tag 'migration-20240322-pull-request' of https://gitlab.com/peterx/qemu: migration/multifd: Fix clearing of mapped-ram zero pages migration/postcopy: Fix high frequency sync migration: Revert mapped-ram multifd support to fd: URI Signed-off-by: Peter Maydell <[email protected]>
…le/pmaydell/qemu-arm into staging target-arm queue: * Fixes for seven minor coverity issues # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmYBh5wZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3lb8D/9XDbRFB3kIHVBaDxZyE4bs # QH8u80C08f/PzJ5SQos5D+R07xtPid1dyeiLND/RvwZUN3WAGKf9pmPUQL4aluz5 # gHMalq/+nGNam2qz+tKTI0q0otndiJrGNlOYhw2QqFJ9GUp2T9e61izgw0XeQtzF # GKm6aE8LytH7h2H9ndIpJFQDggqkQev/uZ625hwhYxo0ND5uRqBNE7Wjy104DULo # oEGZBhIB2CtyDiQdxgCfC8TOXVT3NAEbk6carbYdGshrMTpWNsjOHbLVcsuqUaZC # eeRnOprsQq+YE5aAByfipGgCuoGNE5rn6ZTrDpSdfLe8LFfU/hEASnOmIjMtMbSM # HKhKcKKzvLk/KQZZNJCbh+MKl1GsTvXMrB/DjLaVu2643MyQY7XZu3/XX3PE6Zee # WqJC+NazfXCdHDyYqfPELkmnpeS5Tka/PCoku1VNWmnr7Qr6SYIqzbxI+zCsbDCs # uqDfxzwN1lTKCkgUD3SVQrmrQ3u9nTLCpTqmaEd6H3+0UgpEUBpW51bMPUxO3KIk # ouvjVJ3oDSdNMyVrEl3zDoxykU99trRYbIRALrW+rd1ghn4SE0WorAGJ96GLGYP0 # QfFtveTmDqsfKOvxHfBx6gng0aQw0GK145uXLciRaPuX51wZGbAjp/Muhs6oswtR # j7GgfYAbVdc1QwKTqBK0tw== # =0H37 # -----END PGP SIGNATURE----- # gpg: Signature made Mon 25 Mar 2024 14:18:04 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "[email protected]" # gpg: Good signature from "Peter Maydell <[email protected]>" [ultimate] # gpg: aka "Peter Maydell <[email protected]>" [ultimate] # gpg: aka "Peter Maydell <[email protected]>" [ultimate] # gpg: aka "Peter Maydell <[email protected]>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * tag 'pull-target-arm-20240325-1' of https://git.linaro.org/people/pmaydell/qemu-arm: tests/qtest/libqtest.c: Check for g_setenv() failure tests/unit/test-throttle: Avoid unintended integer division hw/nvram/mac_nvram: Report failure to write data hw/misc/pca9554: Correct error check bounds in get/set pin functions net/af-xdp.c: Don't leak sock_fds array in net_init_af_xdp() tests/unit/socket-helpers: Don't close(-1) tests/qtest/npcm7xx_emc_test: Don't leak cmd_line Signed-off-by: Peter Maydell <[email protected]>
…into staging * Fix timeouts in Travis-CI jobs * Mark devices with user_creatable = false that can crash QEMU otherwise * Fix s390x TEST-AND-SET TCG instruction emulation * Move pc955* devices to hw/gpio/ # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmYBhdgRHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbVcfA/9FulEN4HrjD3ObyboA+WfibXURwChui98 # 8LvL/fAGe3BZXQtspuNmPyrKRtIOrIwHJyFuxf2N5+8BuvGhEHQIuvIhQIj/rvfy # X14KlldmQ3w3HlI3Ud4YiebLyK3AAFC2ApIywzFsnN+HoaHJR2EyDIb+T7OsGJZf # ZLE/Z7qANxoNeZ+a3+rQR3SVpijyS3fXxDSaILrq2uW4kCCs/55O8Rt3Qb+PFSVd # fF+OlpG6o+z73ACZc1u9Io4IO1ZZc/NdkmDTNz4HknkvJLTLF6kOECAxLl0ytgAG # YRzBGKes29Zpa9wn/9rc75/OYNS0Ks+B19sQnijWUNX0zq5FkReXNXiyVcbT7d4p # 6jFzlFnjj4ifB8uQkZTGcx/lL4s4VkPzF+f7fgHq9CKNrNsx8uca0TyQ8s4y+NGb # C98kJdHd+QhCcuNnAbifCwuFaxQ8C4BdgzxVbU/sGDKNkINNkiTp+uue4TxnRKvV # MfhqdnWRvqgZ0Rl4TxqcNfODK72Z1YNv3933OKE/mRJYS1Q529TIq4vfp8WIMsWQ # 7+ipo4WKXhkiSOJZD6AkCoFum1W8yaDzUDJTw2Xt2bPBL3+FXcQyKkKVUMfzIJ8M # KLe0Bb9W/pYU1ToTciTP0dkQF/02tG0Vik273445wPgH0x8OyHJkPF/ny1a7lKFO # 5jreYdMxWdc= # =lfZM # -----END PGP SIGNATURE----- # gpg: Signature made Mon 25 Mar 2024 14:10:32 GMT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "[email protected]" # gpg: Good signature from "Thomas Huth <[email protected]>" [full] # gpg: aka "Thomas Huth <[email protected]>" [full] # gpg: aka "Thomas Huth <[email protected]>" [full] # gpg: aka "Thomas Huth <[email protected]>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2024-03-25' of https://gitlab.com/thuth/qemu: tests/tcg/s390x: Test TEST AND SET target/s390x: Use mutable temporary value for op_ts libqos/virtio.c: Correct 'flags' reading in qvirtqueue_kick misc/pca955*: Move models under hw/gpio aspeed: Make the ast1030-a1 SoC not user creatable aspeed: Make the ast2600-a3 SoC not user creatable hw/microblaze: Do not allow xlnx-zynqmp-pmu-soc to be created by the user .travis.yml: Remove the unused xfslib-dev package .travis.yml: Shorten the runtime of the problematic jobs Signed-off-by: Peter Maydell <[email protected]>
MigrateSetParameters is about setting parameters, and MigrationParameters is about querying them. Their documentation of @tls-creds and @tls-hostname has residual damage from a failed attempt at de-duplicating them (see commit de63ab6 "migrate: Share common MigrationParameters struct" and commit 1bda8b3 "migration: Unshare MigrationParameters struct for now"). MigrateSetParameters documentation issues: * It claims plain text mode "was reported by omitting tls-creds" before 2.9. MigrateSetParameters is not used for reporting, so this is misleading. Delete. * It similarly claims hostname defaulting to migration URI "was reported by omitting tls-hostname" before 2.9. Delete as well. Rephrase the remaining @tls-hostname contents for clarity. Enum MigrationParameter mirrors the members of struct MigrateSetParameters. Differences to MigrateSetParameters's member documentation are pointless. Copy the new text to MigrationParameter. MigrationParameters documentation issues: * @tls-creds runs the two last sentences together without punctuation. Fix that. * Much of the contents on @tls-hostname only applies to setting parameters, resulting in confusion. Replace by a suitable abridged version of the new MigrateSetParameters text, and a note on @tls-hostname omission in 2.8. Additional damage is due to flawed doc fix commit 66fcb9d (qapi/migration: Add missing tls-authz documentation): since it copied the missing MigrateSetParameters text from MigrationParameters instead of MigrationParameter, the part on recreating @tls-authz on the fly is missing. Copy that, too. Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]> Reviewed-by: Peter Xu <[email protected]> [Some typos corrected]
Enum MigrationParameter mirrors the members of struct MigrateSetParameters. Differences to MigrateSetParameters's member documentation are pointless. Clean them up: * @compress-level, @compress-threads, @decompress-threads, and x-checkpoint-delay are more thoroughly documented for MigrationParameter, so use that version for both. * @max-cpu-throttle is almost the same. Use MigrationParameter's version for both. Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]> Reviewed-by: Fabiano Rosas <[email protected]> Reviewed-by: Peter Xu <[email protected]>
The doc comment documents an argument that doesn't exist. Would fail compilation if it was marked up correctly. Delete. The Returns: section fails to refer to the data type, leaving the user to guess. Fix that. The command name violates QAPI naming rules: it should be query-migration-threads. Too late to fix. Reported-by: John Snow <[email protected]> Fixes: 6713262 (migration: Introduce interface query-migrationthreads) Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]> Reviewed-by: Fabiano Rosas <[email protected]> Reviewed-by: Peter Xu <[email protected]> Reviewed-by: John Snow <[email protected]>
Reported-by: John Snow <[email protected]> Fixes: 119ebac (qapi-schema: use generated marshaller for 'qmp_capabilities') Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]> Reviewed-by: John Snow <[email protected]>
Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]>
Commit a937b6a (qapi: Reformat doc comments to conform to current conventions) reflowed some text that should have been left alone. Revert that. Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]>
Commit d23055b (qapi: Require descriptions and tagged sections to be indented) indented add_client's example too much. Revert that. Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]> [Move a stray hunk to the later patch it belongs to]
The magic 2048 is explained in the LAN9211 datasheet (DS00002414A) in chapter 1.4, "10/100 Ethernet MAC": The MAC Interface Layer (MIL), within the MAC, contains a 2K Byte transmit and a 128 Byte receive FIFO which is separate from the TX and RX FIFOs. [...] Note, the use of the constant in lan9118_receive() reveals that our implementation is using the same buffer for both tx and rx. Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Message-Id: <[email protected]>
When the MAC Interface Layer (MIL) transmit FIFO is full, truncate the packet, and raise the Transmitter Error (TXE) flag. Broken since model introduction in commit 2a42499 ("LAN9118 emulation"). When using the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/2267 we get: hw/net/lan9118.c:798:17: runtime error: index 2048 out of bounds for type 'uint8_t[2048]' (aka 'unsigned char[2048]') #0 0x563ec9a057b1 in tx_fifo_push hw/net/lan9118.c:798:43 #1 0x563ec99fbb28 in lan9118_writel hw/net/lan9118.c:1042:9 #2 0x563ec99f2de2 in lan9118_16bit_mode_write hw/net/lan9118.c:1205:9 #3 0x563ecbf78013 in memory_region_write_accessor system/memory.c:497:5 #4 0x563ecbf776f5 in access_with_adjusted_size system/memory.c:573:18 #5 0x563ecbf75643 in memory_region_dispatch_write system/memory.c:1521:16 #6 0x563ecc01bade in flatview_write_continue_step system/physmem.c:2713:18 #7 0x563ecc01b374 in flatview_write_continue system/physmem.c:2743:19 #8 0x563ecbff1c9b in flatview_write system/physmem.c:2774:12 #9 0x563ecbff1768 in address_space_write system/physmem.c:2894:18 ... [*] LAN9118 DS00002266B.pdf, Table 5.3.3 "INTERRUPT STATUS REGISTER" Cc: [email protected] Reported-by: Will Lester Reported-by: Chuhong Yuan <[email protected]> Suggested-by: Peter Maydell <[email protected]> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2267 Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Message-Id: <[email protected]>
Per "SD Host Controller Standard Specification Version 3.00":
* 2.2.5 Transfer Mode Register (Offset 00Ch)
Writes to this register shall be ignored when the Command
Inhibit (DAT) in the Present State register is 1.
Do not update the TRNMOD register when Command Inhibit (DAT)
bit is set to avoid the present-status register going out of
sync, leading to malicious guest using DMA mode and overflowing
the FIFO buffer:
$ cat << EOF | qemu-system-i386 \
-display none -nographic -nodefaults \
-machine accel=qtest -m 512M \
-device sdhci-pci,sd-spec-version=3 \
-device sd-card,drive=mydrive \
-drive if=none,index=0,file=null-co://,format=raw,id=mydrive \
-qtest stdio
outl 0xcf8 0x80001013
outl 0xcfc 0x91
outl 0xcf8 0x80001001
outl 0xcfc 0x06000000
write 0x9100002c 0x1 0x05
write 0x91000058 0x1 0x16
write 0x91000005 0x1 0x04
write 0x91000028 0x1 0x08
write 0x16 0x1 0x21
write 0x19 0x1 0x20
write 0x9100000c 0x1 0x01
write 0x9100000e 0x1 0x20
write 0x9100000f 0x1 0x00
write 0x9100000c 0x1 0x00
write 0x91000020 0x1 0x00
EOF
Stack trace (part):
=================================================================
==89993==ERROR: AddressSanitizer: heap-buffer-overflow on address
0x615000029900 at pc 0x55d5f885700d bp 0x7ffc1e1e9470 sp 0x7ffc1e1e9468
WRITE of size 1 at 0x615000029900 thread T0
#0 0x55d5f885700c in sdhci_write_dataport hw/sd/sdhci.c:564:39
#1 0x55d5f8849150 in sdhci_write hw/sd/sdhci.c:1223:13
#2 0x55d5fa01db63 in memory_region_write_accessor system/memory.c:497:5
#3 0x55d5fa01d245 in access_with_adjusted_size system/memory.c:573:18
#4 0x55d5fa01b1a9 in memory_region_dispatch_write system/memory.c:1521:16
#5 0x55d5fa09f5c9 in flatview_write_continue system/physmem.c:2711:23
#6 0x55d5fa08f78b in flatview_write system/physmem.c:2753:12
#7 0x55d5fa08f258 in address_space_write system/physmem.c:2860:18
...
0x615000029900 is located 0 bytes to the right of 512-byte region
[0x615000029700,0x615000029900) allocated by thread T0 here:
#0 0x55d5f7237b27 in __interceptor_calloc
#1 0x7f9e36dd4c50 in g_malloc0
#2 0x55d5f88672f7 in sdhci_pci_realize hw/sd/sdhci-pci.c:36:5
#3 0x55d5f844b582 in pci_qdev_realize hw/pci/pci.c:2092:9
#4 0x55d5fa2ee74b in device_set_realized hw/core/qdev.c:510:13
#5 0x55d5fa325bfb in property_set_bool qom/object.c:2358:5
#6 0x55d5fa31ea45 in object_property_set qom/object.c:1472:5
#7 0x55d5fa332509 in object_property_set_qobject om/qom-qobject.c:28:10
#8 0x55d5fa31f6ed in object_property_set_bool qom/object.c:1541:15
#9 0x55d5fa2e2948 in qdev_realize hw/core/qdev.c:292:12
#10 0x55d5f8eed3f1 in qdev_device_add_from_qdict system/qdev-monitor.c:719:10
#11 0x55d5f8eef7ff in qdev_device_add system/qdev-monitor.c:738:11
#12 0x55d5f8f211f0 in device_init_func system/vl.c:1200:11
#13 0x55d5fad0877d in qemu_opts_foreach util/qemu-option.c:1135:14
#14 0x55d5f8f0df9c in qemu_create_cli_devices system/vl.c:2638:5
#15 0x55d5f8f0db24 in qmp_x_exit_preconfig system/vl.c:2706:5
#16 0x55d5f8f14dc0 in qemu_init system/vl.c:3737:9
...
SUMMARY: AddressSanitizer: heap-buffer-overflow hw/sd/sdhci.c:564:39
in sdhci_write_dataport
Add assertions to ensure the fifo_buffer[] is not overflowed by
malicious accesses to the Buffer Data Port register.
Fixes: CVE-2024-3447
Cc: [email protected]
Fixes: d7dfca0 ("hw/sdhci: introduce standard SD host controller")
Buglink: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
Reported-by: Alexander Bulekov <[email protected]>
Reported-by: Chuhong Yuan <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Message-Id: <CAFEAcA9iLiv1XGTGKeopgMa8Y9+8kvptvsb8z2OBeuy+5=NUfg@mail.gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Message-Id: <[email protected]>
If a fragmented packet size is too short, do not try to
calculate its checksum.
Reproduced using:
$ cat << EOF | qemu-system-i386 -display none -nodefaults \
-machine q35,accel=qtest -m 32M \
-device igb,netdev=net0 \
-netdev user,id=net0 \
-qtest stdio
outl 0xcf8 0x80000810
outl 0xcfc 0xe0000000
outl 0xcf8 0x80000804
outw 0xcfc 0x06
write 0xe0000403 0x1 0x02
writel 0xe0003808 0xffffffff
write 0xe000381a 0x1 0x5b
write 0xe000381b 0x1 0x00
EOF
Assertion failed: (offset == 0), function iov_from_buf_full, file util/iov.c, line 39.
#1 0x5575e81e952a in iov_from_buf_full qemu/util/iov.c:39:5
#2 0x5575e6500768 in net_tx_pkt_update_sctp_checksum qemu/hw/net/net_tx_pkt.c:144:9
#3 0x5575e659f3e1 in igb_setup_tx_offloads qemu/hw/net/igb_core.c:478:11
#4 0x5575e659f3e1 in igb_tx_pkt_send qemu/hw/net/igb_core.c:552:10
#5 0x5575e659f3e1 in igb_process_tx_desc qemu/hw/net/igb_core.c:671:17
#6 0x5575e659f3e1 in igb_start_xmit qemu/hw/net/igb_core.c:903:9
#7 0x5575e659f3e1 in igb_set_tdt qemu/hw/net/igb_core.c:2812:5
#8 0x5575e657d6a4 in igb_core_write qemu/hw/net/igb_core.c:4248:9
Fixes: CVE-2024-3567
Cc: [email protected]
Reported-by: Zheyu Ma <[email protected]>
Fixes: f199b13 ("igb: Implement Tx SCTP CSO")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2273
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Akihiko Odaki <[email protected]>
Acked-by: Jason Wang <[email protected]>
Message-Id: <[email protected]>
Coverity reported:
>>> CID 1542933: Code maintainability issues (UNUSED_VALUE)
>>> CID 1542934: Code maintainability issues (UNUSED_VALUE)
>>> Assigning value "NULL" to "stream" here, but that stored
value is overwritten before it can be used.
Simply remove the unused assignments.
Resolves: Coverity CID 1542933
Resolves: Coverity CID 1542934
Fixes: 731655f ("virtio-snd: rewrite invalid tx/rx message handling")
Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Reviewed-by: Manos Pitsidianakis <[email protected]>
Message-Id: <[email protected]>
…taging Misc HW patch queue - Fix CXL Fixed Memory Window interleave-granularity typo - Fix for DMA re-entrancy abuse with VirtIO devices (CVE-2024-3446) - Fix out-of-bound access in NAND block buffer - Fix memory leak in AppleSMC reset() handler - Avoid VirtIO crypto backends abort o invalid session ID - Fix overflow in LAN9118 MIL TX FIFO - Fix overflow when abusing SDHCI TRNMOD register (CVE-2024-3447) - Fix overrun in short fragmented packet SCTP checksum (CVE-2024-3567) - Remove unused assignment in virtio-snd model (Coverity 1542933 & 1542934) # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmYWV94ACgkQ4+MsLN6t # wN4+ew/+PqDmL4S8xXGQPi6Q8fxAogbwo1mPptDO2y8ChEjtc9LI5HOLu90EYz7A # s62SPDsh3gx8vOthrJVEk0LqCbw4N3s5dFdmHNrnjXCsKQFifgucQ+yZy8ipy34N # wWHSJ9nipBQLvkK23iCxkbl3cTyr44Rlweae/TZR4/FjFCEe3N555LQU0fruEqRo # AHW1RjYhGvOfL9knLWzIQqW2QjcCnKky3bJhwHh3crfWE69nvVJTkbSF6oUxWSG0 # RzSToK3nN5tmvUlyvbTBE9u0K9JkOcbtMQiAgj39nR9xpsaUZZa0zSWOmliYIuBC # kWuUY0/nAQk6gxHBKyu8q09ACBbzeCp+lVPOYXdxax8QMeURSa9fB1qY7JmI5QAZ # bg0ypD2pvbxhidU5TWpw7araAYyBOJrEYjnOkhXB4oa01ZWu2d0uNhGWo83h3Wjy # ahKrNDoVIQIdh8QkYy/ZqDwhCMoNM+pQcfUzsYxkqZC/JiiM/qxm87pTHQ/x2yQA # l0MLzljGv90/dklokrqeg4REwMqfwzc74PUbKdCk43saemmatslK3ktu3xAzUlQW # 2xmZQTnKwXDf+U3YnYryDddow2LsU7qlu8dlDGNd0WIrE5LRCCXzhv8la66O0jVE # qMOHpBPkwMlACBwiXuxV6ucelk4vy+XvabeQUsizm0m+PR7TwJY= # =9phd # -----END PGP SIGNATURE----- # gpg: Signature made Wed 10 Apr 2024 10:11:58 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'hw-misc-20240410' of https://github.com/philmd/qemu: hw/audio/virtio-snd: Remove unused assignment hw/net/net_tx_pkt: Fix overrun in update_sctp_checksum() hw/sd/sdhci: Do not update TRNMOD when Command Inhibit (DAT) is set hw/net/lan9118: Fix overflow in MIL TX FIFO hw/net/lan9118: Replace magic '2048' value by MIL_TXFIFO_SIZE definition backends/cryptodev: Do not abort for invalid session ID hw/misc/applesmc: Fix memory leak in reset() handler hw/misc/applesmc: Do not call DeviceReset from DeviceRealize hw/block/nand: Fix out-of-bound access in NAND block buffer hw/block/nand: Have blk_load() take unsigned offset and return boolean hw/block/nand: Factor nand_load_iolen() method out qemu-options: Fix CXL Fixed Memory Window interleave-granularity typo hw/virtio/virtio-crypto: Protect from DMA re-entrancy bugs hw/char/virtio-serial-bus: Protect from DMA re-entrancy bugs hw/display/virtio-gpu: Protect from DMA re-entrancy bugs hw/virtio: Introduce virtio_bh_new_guarded() helper Signed-off-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Our Makefile massages the given make arguments to invoke ninja accordingly. One key difference is that ninja will parallelize by default, whereas make only does so with -j<n> or -j. The make man page says that "if the -j option is given without an argument, make will not limit the number of jobs that can run simultaneously". We use to support that by replacing -j with "" (empty string) when calling ninja, so that it would do its auto-parallelization based on the number of CPU cores. This was accidentally broken at d1ce2cc (Makefile: preserve --jobserver-auth argument when calling ninja, 2024-04-02), causing `make -j` to fail: $ make -j V=1 /usr/bin/ninja -v -j -d keepdepfile all | cat make -C contrib/plugins/ V="1" TARGET_DIR="contrib/plugins/" all ninja: fatal: invalid -j parameter make: *** [Makefile:161: run-ninja] Error Let's fix that and indent the touched code for better readability. Signed-off-by: Matheus Tavares Bernardino <[email protected]> Fixes: d1ce2cc ("Makefile: preserve --jobserver-auth argument when calling ninja", 2024-04-02) Signed-off-by: Paolo Bonzini <[email protected]>
QEMU currently does not work on OpenBSD since the -fzero-call-used-regs option that we added to meson.build recently does not work with the "retguard" extension from OpenBSD's Clang. Thus let's disable the -fzero-call-used-regs here until there's a better solution available. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2278 Signed-off-by: Thomas Huth <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
build system fixes # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmYZBrwUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroP10gf/ZquctdiXm4btOCn1de6C6YCSjUJW # wThq5Xh4/4KAWuZvMPP5OTBn5IuV0LjE+qV6EmWXJwGQfPL2cbse78d+lEizbj8n # ddUzvgKp1Wglaknp0MamRPL1qsZP7oBVYqiB6X/O9upV4hTTPKr/5WbIwmrofpYA # nVHH5AvMy5/HqDSMwgqPVGCyIiR3KWdLzzvQsL38b5sKYq/64QaStIJ2hpCYUyju # ez5WOCd53ene4KCtDCshM2DaSbEiog7kx+dsxGUkrulattapDagm+dIBjftDAycb # RZgdn7CSdtsOIJ/ixCvqHDhBnxP3t4uzBby07dz0n+Thr6WpFqgR866efg== # =PwPo # -----END PGP SIGNATURE----- # gpg: Signature made Fri 12 Apr 2024 11:02:36 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "[email protected]" # gpg: Good signature from "Paolo Bonzini <[email protected]>" [full] # gpg: aka "Paolo Bonzini <[email protected]>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: meson.build: Disable -fzero-call-used-regs on OpenBSD Makefile: fix use of -j without an argument Signed-off-by: Peter Maydell <[email protected]>
Reads are done with execute access. It is not clear whether writes are legal at all -- for now, leave helper_st_asi unchanged, so that we continue to raise an mmu fault. This generalizes the exiting code for ASI_KERNELTXT to be usable for ASI_USERTXT as well, by passing down the MemOpIdx to use. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2281 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2059 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1609 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1166 Signed-off-by: Richard Henderson <[email protected]> Acked-by: Mark Cave-Ayland <[email protected]> Tested-by: M Bazz <[email protected]>
…staging target/sparc: Fix ASI_USERTXT for Solaris gdb crashes # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmYZt4kdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9B4Qf/eWD0DszuAJIVUBAc # kfF+Ii+6MSbJG2kGEhbE8FeuiDJfqog+JLUf0UU0wUOy0OxwUraL6xxTszCYbwd8 # GsIF5C0lXXi4hfsnkX86uD0C6mnvmh2v0Ol3S/SDvTmPT/w+LrrvIr0JLwWK9K/E # oC4O8FuECxyc/DWcONelz5Mqzs0TgFG2aBXugmyKRdj7k5zlAoc7V6qQko/gh+Gq # bd9N/a7TWNzZaedvvoDMaa4dA/5DZ+PCu7MnXdKyrmj/wFK7GGDdsw51LWY3MeUY # rwv6ESFjHFC3jdRtuLOuiCvVdP/jVeimF537iGYs2AblvrUn9uhSi5vspUUrirQ3 # +f5K6w== # =fsfq # -----END PGP SIGNATURE----- # gpg: Signature made Fri 12 Apr 2024 23:36:57 BST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "[email protected]" # gpg: Good signature from "Richard Henderson <[email protected]>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * tag 'pull-sp-20240412' of https://gitlab.com/rth7680/qemu: target/sparc: Use GET_ASI_CODE for ASI_KERNELTXT and ASI_USERTXT Signed-off-by: Peter Maydell <[email protected]>
During the booting process of the non-standard image, the behavior of the
called function in qemu is as follows:
1. vhost_net_stop() was triggered by guest image. This will call the function
virtio_pci_set_guest_notifiers() with assgin= false,
virtio_pci_set_guest_notifiers() will release the irqfd for vector 0
2. virtio_reset() was triggered, this will set configure vector to VIRTIO_NO_VECTOR
3.vhost_net_start() was called (at this time, the configure vector is
still VIRTIO_NO_VECTOR) and then call virtio_pci_set_guest_notifiers() with
assgin=true, so the irqfd for vector 0 is still not "init" during this process
4. The system continues to boot and sets the vector back to 0. After that
msix_fire_vector_notifier() was triggered to unmask the vector 0 and meet the crash
To fix the issue, we need to support changing the vector after VIRTIO_CONFIG_S_DRIVER_OK is set.
(gdb) bt
0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0)
at pthread_kill.c:44
1 0x00007fc87148ec53 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
2 0x00007fc87143e956 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
3 0x00007fc8714287f4 in __GI_abort () at abort.c:79
4 0x00007fc87142871b in __assert_fail_base
(fmt=0x7fc8715bbde0 "%s%s%s:%u: %s%sAssertion `%s' failed.\n%n", assertion=0x5606413efd53 "ret == 0", file=0x5606413ef87d "../accel/kvm/kvm-all.c", line=1837, function=<optimized out>) at assert.c:92
5 0x00007fc871437536 in __GI___assert_fail
(assertion=0x5606413efd53 "ret == 0", file=0x5606413ef87d "../accel/kvm/kvm-all.c", line=1837, function=0x5606413f06f0 <__PRETTY_FUNCTION__.19> "kvm_irqchip_commit_routes") at assert.c:101
6 0x0000560640f884b5 in kvm_irqchip_commit_routes (s=0x560642cae1f0) at ../accel/kvm/kvm-all.c:1837
7 0x0000560640c98f8e in virtio_pci_one_vector_unmask
(proxy=0x560643c65f00, queue_no=4294967295, vector=0, msg=..., n=0x560643c6e4c8)
at ../hw/virtio/virtio-pci.c:1005
8 0x0000560640c99201 in virtio_pci_vector_unmask (dev=0x560643c65f00, vector=0, msg=...)
at ../hw/virtio/virtio-pci.c:1070
9 0x0000560640bc402e in msix_fire_vector_notifier (dev=0x560643c65f00, vector=0, is_masked=false)
at ../hw/pci/msix.c:120
10 0x0000560640bc40f1 in msix_handle_mask_update (dev=0x560643c65f00, vector=0, was_masked=true)
at ../hw/pci/msix.c:140
11 0x0000560640bc4503 in msix_table_mmio_write (opaque=0x560643c65f00, addr=12, val=0, size=4)
at ../hw/pci/msix.c:231
12 0x0000560640f26d83 in memory_region_write_accessor
(mr=0x560643c66540, addr=12, value=0x7fc86b7bc628, size=4, shift=0, mask=4294967295, attrs=...)
at ../system/memory.c:497
13 0x0000560640f270a6 in access_with_adjusted_size
(addr=12, value=0x7fc86b7bc628, size=4, access_size_min=1, access_size_max=4, access_fn=0x560640f26c8d <memory_region_write_accessor>, mr=0x560643c66540, attrs=...) at ../system/memory.c:573
14 0x0000560640f2a2b5 in memory_region_dispatch_write (mr=0x560643c66540, addr=12, data=0, op=MO_32, attrs=...)
at ../system/memory.c:1521
15 0x0000560640f37bac in flatview_write_continue
(fv=0x7fc65805e0b0, addr=4273803276, attrs=..., ptr=0x7fc871e9c028, len=4, addr1=12, l=4, mr=0x560643c66540)
at ../system/physmem.c:2714
16 0x0000560640f37d0f in flatview_write
(fv=0x7fc65805e0b0, addr=4273803276, attrs=..., buf=0x7fc871e9c028, len=4) at ../system/physmem.c:2756
17 0x0000560640f380bf in address_space_write
(as=0x560642161ae0 <address_space_memory>, addr=4273803276, attrs=..., buf=0x7fc871e9c028, len=4)
at ../system/physmem.c:2863
18 0x0000560640f3812c in address_space_rw
(as=0x560642161ae0 <address_space_memory>, addr=4273803276, attrs=..., buf=0x7fc871e9c028, len=4, is_write=true) at ../system/physmem.c:2873
--Type <RET> for more, q to quit, c to continue without paging--
19 0x0000560640f8aa55 in kvm_cpu_exec (cpu=0x560642f205e0) at ../accel/kvm/kvm-all.c:2915
20 0x0000560640f8d731 in kvm_vcpu_thread_fn (arg=0x560642f205e0) at ../accel/kvm/kvm-accel-ops.c:51
21 0x00005606411949f4 in qemu_thread_start (args=0x560642f292b0) at ../util/qemu-thread-posix.c:541
22 0x00007fc87148cdcd in start_thread (arg=<optimized out>) at pthread_create.c:442
23 0x00007fc871512630 in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:81
(gdb)
MST: coding style and typo fixups
Fixes: f9a09ca ("vhost: add support for configure interrupt")
Cc: [email protected]
Signed-off-by: Cindy Lu <[email protected]>
Message-ID: <2321ade5f601367efe7380c04e3f61379c59b48f.1713173550.git.mst@redhat.com>
Cc: Lei Yang <[email protected]>
Cc: Jason Wang <[email protected]>
Signed-off-by: Michael S. Tsirkin <[email protected]>
Tested-by: Cindy Lu <[email protected]>
Move calculation of mask after the switch which sets the function number for PIRQ/PINT pins to make sure the state of these pins are kept track of separately and IRQ is raised if any of them is active. Cc: [email protected] Fixes: 7e01bd8 hw/isa/vt82c686: Bring back via_isa_set_irq() Signed-off-by: BALATON Zoltan <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Real 460EX SoC apparently does not expose a bridge device and having it appear on PCI bus confuses an AmigaOS file system driver that uses this to detect which machine it is running on. Cc: [email protected] Signed-off-by: BALATON Zoltan <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
…st/qemu into staging virtio: bugfix A last minute fix for a use of a vector after it's released. Signed-off-by: Michael S. Tsirkin <[email protected]> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmYdBssPHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRpTHcH/Rtl2jNJ5myZOuEylw+T6/GSvyEne6CoreHK # zUNPxmXY+uJzCskXkJXyd4uIaci5iIH1JC9Tc0FzFYaYrTsoA1dlQridqoajKyN5 # E6zjKqepi3sLnvDE1VbZ1kVcNEX2xSAFX++iv4Rbn4HHO49yKR0jNajusTOsq505 # NObgNQXK/Yj1q0IXYrWDETV7xywpQqiiAzwnmhi6ac72+trqmPrUXnUulhitWR3K # iZBuGxAHn9c/ilW3J4FeSbqe6sC/AhqUz3RSM6dB+rkpvA0E675T526uVMWxND2H # auE+ou0kzZ8HNit3AHBg8316seHXzWP+ndVEZlifX33HoR1pltY= # =H3M5 # -----END PGP SIGNATURE----- # gpg: Signature made Mon 15 Apr 2024 11:51:55 BST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "[email protected]" # gpg: Good signature from "Michael S. Tsirkin <[email protected]>" [full] # gpg: aka "Michael S. Tsirkin <[email protected]>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: virtio-pci: fix use of a released vector Signed-off-by: Peter Maydell <[email protected]>
…taging Misc HW patch queue Fixes for hardware used by machines running AmigaOS. # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmYdP44ACgkQ4+MsLN6t # wN5nZw//enjS8WL5jRk77FogdJW8Xa4JIsfrsDgZrZJ+Pzj378ssq6oIJgELAgFg # 6h8CCP9hbS1TML984w907Psl0KP1dG/ar1Egu1yMaJT4c6HULwZeyKdzYpWm2E1R # e4CCip+Zh33wy8TGivyodSSCN0oQgOLv2h1IqFArZ4n3TKMirhTyK+otzXXbXmyw # U9ZlYVUxS3zljcFz6ZVoYISc9cNqbZe1GI6R6KvXqX/frvZI1KF/GLZovJiKR25H # IbF+wfCbD/4sTPX5AR/gY5XfKd3zthFtZlbBViRawmTs6BPlcV9p2BXa4V3eXMBP # +WXTNz+vRtGBUunEMSBlFWdz4ka4Q65MU+q7DLPdaCIOFOn9w3VDINotpL8oV8Nm # e4IsM2Du5sUf0QSRopPFsorFY70kW5mH+WkF1MTXfTqZTZy/I2meTD5s1OkZLJA5 # g9+o17bn25jtZvJnEmAilVdopBSBclmniAsR9A1sCGooyVjn3Byo5ylcLTNIQ+de # nScnyR0cvKqBjKkmMOLbDHo/sszH7jAYqedv7Aoh2dS8/uk3KuHtgi6GeLhSYF5Y # ZTCYbFnpuohQ8ueOL9oa3abYUCzQBu+UivgWdSVhgA7W97zihqIj2oWmorIwBpc9 # uuaZBOpTyzhGUafRS6/J6pSTxcWIL3HZqzAQMz9D1kGSGlXsS/s= # =xMfK # -----END PGP SIGNATURE----- # gpg: Signature made Mon 15 Apr 2024 15:54:06 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * tag 'hw-misc-20240415' of https://github.com/philmd/qemu: hw/pci-host/ppc440_pcix: Do not expose a bridge device on PCI bus hw/isa/vt82c686: Keep track of PIRQ/PINT pins separately Signed-off-by: Peter Maydell <[email protected]>
Commit 3089637 started to pass the full BlockConf from usb-storage to scsi-disk, while previously only a few select properties would be forwarded. This enables the user to set more properties, e.g. the block size, that are actually taking effect. However, now the calls to blkconf_apply_backend_options() and blkconf_blocksizes() in usb_msd_storage_realize() that modify some of these properties take effect, too, instead of being silently ignored. This means at least that the block sizes get an unconditional default of 512 bytes before the configuration is passed to scsi-disk. Before commit 3089637, the property wouldn't be set for scsi-disk and therefore the device dependent defaults would apply - 512 for scsi-hd, but 2048 for scsi-cd. The latter default has now become 512, too, which makes at least Windows 11 installation fail when installing from usb-storage. Fix this by simply not calling these functions any more in usb-storage and passing BlockConf on unmodified (except for the BlockBackend). The same functions are called by the SCSI code anyway and it sets the right defaults for the actual media type. Fixes: 3089637 ('scsi: Don't ignore most usb-storage properties') Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2260 Reported-by: Jonas Svensson Signed-off-by: Kevin Wolf <[email protected]> Reviewed-by: Hanna Czenczek <[email protected]> Message-id: [email protected] Signed-off-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
Signed-off-by: Peter Maydell <[email protected]>
v9.0.0 release
rmalmain
added a commit
that referenced
this pull request
May 1, 2024
* Update to QEMU v9.0.0 --------- Signed-off-by: Peter Maydell <[email protected]> Signed-off-by: Fabiano Rosas <[email protected]> Signed-off-by: Peter Xu <[email protected]> Signed-off-by: Thomas Huth <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> Signed-off-by: Zheyu Ma <[email protected]> Signed-off-by: Ido Plat <[email protected]> Signed-off-by: Ilya Leoshkevich <[email protected]> Signed-off-by: Markus Armbruster <[email protected]> Signed-off-by: Marc-André Lureau <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]> Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]> Signed-off-by: David Hildenbrand <[email protected]> Signed-off-by: Kevin Wolf <[email protected]> Signed-off-by: Thomas Lamprecht <[email protected]> Signed-off-by: Fiona Ebner <[email protected]> Signed-off-by: Gregory Price <[email protected]> Signed-off-by: Jonathan Cameron <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Lorenz Brun <[email protected]> Signed-off-by: Yao Xingtao <[email protected]> Signed-off-by: Arnaud Minier <[email protected]> Signed-off-by: Inès Varhol <[email protected]> Signed-off-by: BALATON Zoltan <[email protected]> Signed-off-by: Igor Mammedov <[email protected]> Signed-off-by: Akihiko Odaki <[email protected]> Signed-off-by: Richard Henderson <[email protected]> Signed-off-by: Sven Schnelle <[email protected]> Signed-off-by: Daniel Henrique Barboza <[email protected]> Signed-off-by: Christian Schoenebeck <[email protected]> Signed-off-by: Jason Wang <[email protected]> Signed-off-by: Helge Deller <[email protected]> Signed-off-by: Nicholas Piggin <[email protected]> Signed-off-by: Benjamin Gray <[email protected]> Signed-off-by: Avihai Horon <[email protected]> Signed-off-by: Michael Tokarev <[email protected]> Signed-off-by: Joonas Kankaala <[email protected]> Signed-off-by: Marcin Juszkiewicz <[email protected]> Signed-off-by: Stefan Weil <[email protected]> Signed-off-by: Zhao Liu <[email protected]> Signed-off-by: Glenn Miles <[email protected]> Signed-off-by: Oleg Sviridov <[email protected]> Signed-off-by: Artem Chernyshev <[email protected]> Signed-off-by: Yajun Wu <[email protected]> Signed-off-by: Stefan Hajnoczi <[email protected]> Signed-off-by: Mark Cave-Ayland <[email protected]> Signed-off-by: Pierre-Clément Tosi <[email protected]> Signed-off-by: Lei Wang <[email protected]> Signed-off-by: Wei Wang <[email protected]> Signed-off-by: Martin Hundebøll <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Manos Pitsidianakis <[email protected]> Signed-off-by: Wafer <[email protected]> Signed-off-by: Yuxue Liu <[email protected]> Signed-off-by: Gerd Hoffmann <[email protected]> Signed-off-by: Nguyen Dinh Phi <[email protected]> Signed-off-by: Zack Buhman <[email protected]> Signed-off-by: Keith Packard <[email protected]> Signed-off-by: Yuquan Wang [email protected] Signed-off-by: Matheus Tavares Bernardino <[email protected]> Signed-off-by: Cindy Lu <[email protected]> Co-authored-by: Peter Maydell <[email protected]> Co-authored-by: Fabiano Rosas <[email protected]> Co-authored-by: Peter Xu <[email protected]> Co-authored-by: Thomas Huth <[email protected]> Co-authored-by: Cédric Le Goater <[email protected]> Co-authored-by: Zheyu Ma <[email protected]> Co-authored-by: Ido Plat <[email protected]> Co-authored-by: Ilya Leoshkevich <[email protected]> Co-authored-by: Markus Armbruster <[email protected]> Co-authored-by: Marc-André Lureau <[email protected]> Co-authored-by: Paolo Bonzini <[email protected]> Co-authored-by: Vladimir Sementsov-Ogievskiy <[email protected]> Co-authored-by: David Hildenbrand <[email protected]> Co-authored-by: Kevin Wolf <[email protected]> Co-authored-by: Stefan Reiter <[email protected]> Co-authored-by: Fiona Ebner <[email protected]> Co-authored-by: Gregory Price <[email protected]> Co-authored-by: Lorenz Brun <[email protected]> Co-authored-by: Yao Xingtao <[email protected]> Co-authored-by: Philippe Mathieu-Daudé <[email protected]> Co-authored-by: Arnaud Minier <[email protected]> Co-authored-by: BALATON Zoltan <[email protected]> Co-authored-by: Igor Mammedov <[email protected]> Co-authored-by: Akihiko Odaki <[email protected]> Co-authored-by: Richard Henderson <[email protected]> Co-authored-by: Sven Schnelle <[email protected]> Co-authored-by: Daniel Henrique Barboza <[email protected]> Co-authored-by: Helge Deller <[email protected]> Co-authored-by: Harsh Prateek Bora <[email protected]> Co-authored-by: Benjamin Gray <[email protected]> Co-authored-by: Nicholas Piggin <[email protected]> Co-authored-by: Avihai Horon <[email protected]> Co-authored-by: Michael Tokarev <[email protected]> Co-authored-by: Joonas Kankaala <[email protected]> Co-authored-by: Marcin Juszkiewicz <[email protected]> Co-authored-by: Stefan Weil <[email protected]> Co-authored-by: Dayu Liu <[email protected]> Co-authored-by: Zhao Liu <[email protected]> Co-authored-by: Glenn Miles <[email protected]> Co-authored-by: Artem Chernyshev <[email protected]> Co-authored-by: Yajun Wu <[email protected]> Co-authored-by: Mark Cave-Ayland <[email protected]> Co-authored-by: Pierre-Clément Tosi <[email protected]> Co-authored-by: Wei Wang <[email protected]> Co-authored-by: Martin Hundebøll <[email protected]> Co-authored-by: Michael S. Tsirkin <[email protected]> Co-authored-by: Manos Pitsidianakis <[email protected]> Co-authored-by: Wafer <[email protected]> Co-authored-by: lyx634449800 <[email protected]> Co-authored-by: Gerd Hoffmann <[email protected]> Co-authored-by: Nguyen Dinh Phi <[email protected]> Co-authored-by: Zack Buhman <[email protected]> Co-authored-by: Keith Packard <[email protected]> Co-authored-by: Yuquan Wang <[email protected]> Co-authored-by: Matheus Tavares Bernardino <[email protected]> Co-authored-by: Cindy Lu <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.