-
Notifications
You must be signed in to change notification settings - Fork 35
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update QEMU to v9.1.1 #89
Closed
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The vcek-disabled property of the sev-snp-guest object is misspelled vcek-required (which I suppose would use the opposite polarity) in the call to object_class_property_add_bool(). Fix it. Reported-by: Zixi Chen <[email protected]> Reviewed-by: Pankaj Gupta <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
This fixes LeakSanitizer warnings. Signed-off-by: Akihiko Odaki <[email protected]> Reviewed-by: Peter Xu <[email protected]> Signed-off-by: Fabiano Rosas <[email protected]>
The QIOChannelFile object already has its reference decremented by g_autoptr. Trying to unref an extra time causes: ERROR:../qom/object.c:1241:object_unref: assertion failed: (obj->ref > 0) Fixes: a701c03 ("migration: Drop reference to QIOChannel if file seeking fails") Fixes: 6d32796 ("migration: Fix file migration with fdset") Reported-by: Jim Fehlig <[email protected]> Reviewed-by: Peter Xu <[email protected]> Signed-off-by: Fabiano Rosas <[email protected]>
…on fails When a channel fails to create, the code currently just returns. This is wrong for two reasons: 1) Channel n+1 will not get to initialize it's semaphores, leading to an assert when terminate_threads tries to post to it: qemu-system-x86_64: ../util/qemu-thread-posix.c:92: qemu_mutex_lock_impl: Assertion `mutex->initialized' failed. 2) (theoretical) If channel n-1 already started creation it will defeat the purpose of the channels_created logic which is in place to avoid migrate_fd_cleanup() to run while channels are still being created. This cannot really happen today because the current failure cases for multifd_new_send_channel_create() are all synchronous, resulting from qio_channel_file_new_path() getting a bad filename. This would hit all channels equally. But I don't want to set a trap for future people, so have all channels try to create (even if failing), and only fail after the channels_created semaphore has been posted. While here, remove the error_report_err call. There's one already at migrate_fd_cleanup later on. Cc: [email protected] Reported-by: Jim Fehlig <[email protected]> Fixes: b7b03eb ("migration/multifd: Add outgoing QIOChannelFile support") Reviewed-by: Peter Xu <[email protected]> Signed-off-by: Fabiano Rosas <[email protected]>
Changed val from uint64_t to a pointer to uint64_t in hvf_sysreg_read, but didn't change its usage in hvf_sysreg_read_cp call. Fixes: e9e6401 ("hvf: arm: Raise an exception for sysreg by default") Reported-by: Richard Henderson <[email protected]> Signed-off-by: Akihiko Odaki <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
…osas/qemu into staging Migration pull request - Akihiko Odaki's fix for a memory leak on ppc migration - Fabiano's fix for asserts during multifd error handling # -----BEGIN PGP SIGNATURE----- # # iQJEBAABCAAuFiEEqhtIsKIjJqWkw2TPx5jcdBvsMZ0FAmas698QHGZhcm9zYXNA # c3VzZS5kZQAKCRDHmNx0G+wxnQYFEACNaJderA8VNnyAKyAFD5hCWeZnpZj3UfvO # l/3CLKBx2WPu+IAMQ+32b8Hpy5v1r4HRkicn0FId86dnbWflqAZJ0wilnPDrzbNG # oJ9IgDCPobdNCI1JgGVGCddOwraKKRo6/7e7TE5ME3MPV4AZRHs0LGfYPVxGD/5L # gbV1Zun9SvMk7u/SjE0j8ZG/L3N2rA23Ns/aNfN7KFRLWBccpJ6vKs0q9v6SQnMQ # iAAypK3d0szCBiuD8iiawPgh6K6pwA7OZ+SmtyGanK2gfNvdJ9YZArbxM3yzqUmJ # IAYvxXO/xy/cwdGELsjr0lrUFSH15PeQlSUKQ0WEVMv3/okd88jZv7xbyAZy2u5v # QZXmvb4QMH3wJUZ2rGG+DuZoZIiTL20PPnujxO/kvbhmXjsp4TuDJbKkwW7nvP2Y # ISuHCBsHcskScu0TSoZ0Fj3sSBXHV5Qw0jZiP37lgjf4eXgJzkadAUh3DCuUI62O # lqtFxFpBODdKtYfSYR+ThZXhicZx9DOxJHJBU8bXbBi3iGpVZl9O8ywgGi8wpQzh # cAJk9GbXp/77N94sexzTUHK9ttE00VQUvl8rad+HfZUsBE9E8MsW0zzUaZ8VAH3c # wzjg1S08rS48c5Ju5PO8iY2Oi5apxdGy9SOyEdpxs+ZE37GbwjoY1Q7C2U+jj72E # q4/z0NKuWw== # =1iRF # -----END PGP SIGNATURE----- # gpg: Signature made Sat 03 Aug 2024 12:23:27 AM AEST # gpg: using RSA key AA1B48B0A22326A5A4C364CFC798DC741BEC319D # gpg: issuer "[email protected]" # gpg: Good signature from "Fabiano Rosas <[email protected]>" [unknown] # gpg: aka "Fabiano Almeida Rosas <[email protected]>" [unknown] # gpg: WARNING: The key's User ID is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: AA1B 48B0 A223 26A5 A4C3 64CF C798 DC74 1BEC 319D * tag 'migration-20240802-pull-request' of https://gitlab.com/farosas/qemu: migration/multifd: Fix multifd_send_setup cleanup when channel creation fails migration: Fix cleanup of iochannel in file migration migration: Free removed SaveStateEntry Signed-off-by: Richard Henderson <[email protected]>
Analyzing qemu-produced core dumps of multi-threaded apps runs into: (gdb) info threads [...] 21 Thread 0x3ff83cc0740 (LWP 9295) warning: Couldn't find general-purpose registers in core file. <unavailable> in ?? () The reason is that all pr_pid values are the same, because the same TaskState is used for all CPUs when generating NT_PRSTATUS notes. Fix by using TaskStates associated with individual CPUs. Cc: [email protected] Fixes: 243c470 ("linux-user/elfload: Write corefile elf header in one block") Signed-off-by: Ilya Leoshkevich <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Move close_all_open_fds() in oslib-posix, rename it qemu_close_all_open_fds() and export it. Signed-off-by: Clément Léger <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
In order to make it cleaner, split qemu_close_all_open_fd() logic into multiple subfunctions (close with close_range(), with /proc/self/fd and fallback). Signed-off-by: Clément Léger <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
The same code is used twice to actually close all open file descriptors after forking. Factorize it in a single place. Signed-off-by: Clément Léger <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
In order for this function to be usable by tap.c code, add a list of file descriptors that should not be closed. Signed-off-by: Clément Léger <[email protected]> Message-ID: <[email protected]> [rth: Use max_fd in qemu_close_all_open_fd_close_range] Signed-off-by: Richard Henderson <[email protected]>
Instead of using a slow implementation to close all open fd after forking, use qemu_close_all_open_fd(). Signed-off-by: Clément Léger <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
…o staging linux-user/elfload: Fix pr_pid values in core files util: Add qemu_close_all_open_fd net/tap: Use qemu_close_all_open_fd # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmawHSsdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV8mhQgAlNjO1eeeQmgJvKpk # BwXx7NnXi9d8UZCA5EASK9SQVJC3eYIlMayX9byPmZZ6XJaOBRzgIzm612HkKLYn # yIqmLb0UhUTT+VKW7Kob/wGslB/PJWSKQ3dvZFaaLMfB6L3BtpwUAFFU5hwkODU/ # TS4qici1W+eW7hInNSH5dgA68UGPcfDBEo4ITW91DbTSZRNz9RP4b2Ak+Wgv30Ux # 2yEVsP6rBqBSxglbafcywWbYs5sX3EvSUJo4mVm8Ku4zriAf87Y9Da3irpZ4WYgi # 02f+/GGAv9kiGbf9jPrQTD0O8tmp4Z6JMWxEOfMsCj+KCT2fHSSqcBHTU3RN0guB # uaxx6w== # =U5cs # -----END PGP SIGNATURE----- # gpg: Signature made Mon 05 Aug 2024 10:30:35 AM AEST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "[email protected]" # gpg: Good signature from "Richard Henderson <[email protected]>" [ultimate] * tag 'pull-misc-20240805' of https://gitlab.com/rth7680/qemu: net/tap: Use qemu_close_all_open_fd() qemu/osdep: Add excluded fd parameter to qemu_close_all_open_fd() net/tap: Factorize fd closing after forking qemu/osdep: Split qemu_close_all_open_fd() and add fallback qemu/osdep: Move close_all_open_fds() to oslib-posix linux-user/elfload: Fix pr_pid values in core files Signed-off-by: Richard Henderson <[email protected]>
Sweep the entire documentation again. Last done in commit 209e64d (qapi: Refill doc comments to conform to current conventions). To check the generated documentation does not change, I compared the generated HTML before and after this commit with "wdiff -3". Finds no differences. Comparing with diff is not useful, as the reflown paragraphs are visible there. Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]> [Straightforward conflict with commit 442110b resolved]
Fixes higher-half address parsing for QMP commands `[p]memsave`. Signed-off-by: Josh Junon <[email protected]> Message-ID: <[email protected]> Reviewed-by: Markus Armbruster <[email protected]> [Subject tweaked, and one PRId64 updated to PRIu64] Signed-off-by: Markus Armbruster <[email protected]>
With normal SIB, index == 4 indicates no index. With VSIB, there is no exception for VR4/VR12. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2474 Signed-off-by: Richard Henderson <[email protected]> Link: https://lore.kernel.org/r/[email protected] Cc: [email protected] Signed-off-by: Paolo Bonzini <[email protected]>
…to staging QAPI patches patches for 2024-08-05 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmawhYUSHGFybWJydUBy # ZWRoYXQuY29tAAoJEDhwtADrkYZT5j4P/i9dh0Y8sS5qJqvEZzKWFlIkXWjYpUFW # FThfHyz5J2MilabQUeTxF0yhM40pciGu9ULXqwhzKNAXoAZwfH4VhSkT1E01pwDE # 9RRCOvtRHM5YDExMUn+8vfsHfpTBcfqB6EAO6eteIQ+2dMsDv2wtsrWLx3uXMjHn # 5VfxdKPVmQndcnrQDEAm8WhUpS9qVyJz5SqXuZ2Ku14X+EWyUc5ZGFEawgN63iIG # fDqP5AwsHBPXUGtldlrbubrvBJVgNzAMwL/vizZR04L/30q6V/3ThyqaOyVuKibQ # r1B2hebow00+Ie2nZRz1awCapnpuefk1Ll6KMHI5MD4kfmZiXBDhPeh2RnnyCBaK # RudigAFff2kho7Z814JSJccGKBczkniXiDRb+rOeTBbE+wWEAfrlhf7YFlwqqQv7 # 4ZfeMdv3B5bIq8RUTRUbzlf/BTx3Lao9koa/c6x/x42Gwhwc2Z8F9nuQLPfxPMC/ # MbL8+dDGNF0NiZdLUbSVATLNC5zXxkAVy2D1O8GjZfQSmHK6SeyJGEyUjrEY6AxA # FiaJ4PduCAi+aieV7bpx0tkKVKs7hHkwbIDJcPw38GwAgXc0/tuLxAornTQ4il7y # MIUysqtEoFryFzt7Uf510vG7URzFhHpJNsMAXeHErK53Fw1+VDpXQ7ImK56Huzy2 # lH6IAh+582Sq # =D9S5 # -----END PGP SIGNATURE----- # gpg: Signature made Mon 05 Aug 2024 05:55:49 PM AEST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "[email protected]" # gpg: Good signature from "Markus Armbruster <[email protected]>" [full] # gpg: aka "Markus Armbruster <[email protected]>" [full] * tag 'pull-qapi-2024-08-05' of https://repo.or.cz/qemu/armbru: qmp: Fix higher half vaddrs for [p]memsave qapi: Refill doc comments to conform to conventions Signed-off-by: Richard Henderson <[email protected]>
* target/i386: SEV: fix incorrect property name * target/i386: tcg: fix VSIB decode with XMM/YMM{4,12} # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmawwjoUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroO+kgf/SIOaF14Ozw6w33zddDiuK969ouNR # 00hC17p0acVl3KwmbXBJp2CXtc4TcZwLEg6y2KrActEVg2CaFFjGx9wJUnTGOL/D # 3Nhp3ipsExv+rFQuQvV9k/BeAVG0G9YoTZtQJVQvLPL/LYJ76h2JlVamjr9rsuKy # hsVeHX6Xl6ad6mtM1hSFBonJzfGK08rKQPTnALfB0raFLmSHWleg9Xzs0r1YiuO2 # SsGVr0NF369pZA2U0Y/tcw0RIRIikXfVYTX5+o9H6RzEqbqaOh3j9upLYSWym6LN # cedTxjNFJdxZReR/VE1kAys3s2pE8k+yiQIBGzfwo4fN6hukJZGCtwrVmw== # =2tkB # -----END PGP SIGNATURE----- # gpg: Signature made Mon 05 Aug 2024 10:14:50 PM AEST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "[email protected]" # gpg: Good signature from "Paolo Bonzini <[email protected]>" [full] # gpg: aka "Paolo Bonzini <[email protected]>" [full] * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: target/i386: Fix VSIB decode target/i386: SEV: fix mismatch in vcek-disabled property name Signed-off-by: Richard Henderson <[email protected]>
Compressed encodings also applies to zama16b. riscv/riscv-isa-manual#1557 Suggested-by: Alistair Francis <[email protected]> Signed-off-by: LIU Zhiwei <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]>
Zama16b loads and stores of no more than MXLEN bits defined in the F, D, and Q extensions. Signed-off-by: LIU Zhiwei <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]>
According to the risc-v specification: "FLD and FSD are only guaranteed to execute atomically if the effective address is naturally aligned and XLEN≥64." We currently implement fld as MO_ATOM_IFALIGN when XLEN < 64, which does not violate the rules. But it will hide some problems. So relax it to MO_ATOM_NONE. Signed-off-by: LIU Zhiwei <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]>
Coverity complained about the possible out-of-bounds access with counter_virt/counter_virt_prev because these two arrays are accessed with privilege mode. However, these two arrays are accessed only when virt is enabled. Thus, the privilege mode can't be M mode. Add the asserts anyways to detect any wrong usage of these arrays in the future. Suggested-by: Peter Maydell <[email protected]> Signed-off-by: Atish Patra <[email protected]> Fixes: Coverity CID 1558459 Fixes: Coverity CID 1558462 Reviewed-by: Alistair Francis <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]>
A new minor version of OpenSBI was just released after our bump to OpenSBI 1.5. It contains significant bug fixes that it's worth doing a new update for QEMU 9.1. Submodule roms/opensbi 455de672dd..43cace6c36: > lib: sbi: check result of pmp_get() in is_pmp_entry_mapped() > lib: sbi: fwft: fix incorrect size passed to sbi_zalloc() > lib: sbi: dbtr: fix potential NULL pointer dereferences > include: Adjust Sscofpmf mhpmevent mask for upper 8 bits > lib: sbi_hsm: Save/restore menvcfg only when it exists Signed-off-by: Daniel Henrique Barboza <[email protected]> Message-ID: <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Signed-off-by: Alistair Francis <[email protected]>
…tair23/qemu into staging RISC-V PR for 9.1 * roms/opensbi: update to v1.5.1 * target/riscv: Add asserts for out-of-bound access * Remove redundant insn length check for zama16b # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmaxwTwACgkQr3yVEwxT # gBOpoQ/9EoGHvGZtd3Zio/51G+tiNok/H+LJGZxGOPl5xc12efhJk15nN/JwVCFp # zETriTjQ8UUlx+/xvpoQhQbfNm+MtCSl+xyNcPsjAgE6le8MTn38zjroGhUI0JEB # AuIp9FfwRx4z7nEpuzO8cYdl2Suw5Nh8gi/+0SSrX1vXLY44Ma7UZdM8BjvkGbZp # TWSqetj236bMoBqSHIk4OddVFbAPlnCQZRo6fwslsjzV6y12PVQw/FgVKKmN7J9k # qtBoGSuqwFgMnXgxvJXqFmOQYAipgLONRRBaQEj/sGf09UTR/MppMz8CKilAPAYy # 9+UT0/5t+GUUpmbBN2ijWJEgYC9Ev4USIzfGe03XJSWA8uDEyTpJbnbGKDKotfrC # /qmx2y4Lb4I/3AkJiKgHW32fNeTMURQvzs+ws8frwebWAmH8zwBVbj0EbbceH5M/ # SavAuDivbU4MLdSNKpp5yvB/pkREzCE7pwbjOr0skSLrCiT/S+t9tryt7p+iHxQl # 1xhMbOYFPcbxq7mJvLurtkzn8fl4o1j93tBcq1BcBvRE5O3Odn5VJpje29BYPDpk # AG82CEeUJ2N+ZVzcV/rYhJaz8WZ7ck+I/j9cK1UtMsp57zmm2awp+mMwyShpAmP3 # MPMHwROJrue9V3z4qdaimNfpaB0p9NCOl9A95J70A/59Q2vO32k= # =bjWM # -----END PGP SIGNATURE----- # gpg: Signature made Tue 06 Aug 2024 04:22:52 PM AEST # gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013 # gpg: Good signature from "Alistair Francis <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013 * tag 'pull-riscv-to-apply-20240806-2' of https://github.com/alistair23/qemu: roms/opensbi: Update to v1.5.1 target/riscv: Add asserts for out-of-bound access target/riscv: Relax fld alignment requirement target/riscv: Add MXLEN check for F/D/Q applies to zama16b target/riscv: Remove redundant insn length check for zama16b Signed-off-by: Richard Henderson <[email protected]>
We'll have to add LoongsonIPIClass in few commits, so rename LoongsonIPI as LoongsonIPIState for clarity. Signed-off-by: Bibo Mao <[email protected]> [PMD: Extracted from bigger commit, added commit description] Co-Developed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Bibo Mao <[email protected]> Tested-by: Bibo Mao <[email protected]> Acked-by: Song Gao <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Jiaxun Yang <[email protected]> Tested-by: Jiaxun Yang <[email protected]> Message-Id: <[email protected]>
In preparation to extract common IPI code in few commits, extract loongson_ipi_common_realize(). Signed-off-by: Bibo Mao <[email protected]> [PMD: Extracted from bigger commit, added commit description] Co-Developed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Bibo Mao <[email protected]> Tested-by: Bibo Mao <[email protected]> Acked-by: Song Gao <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Jiaxun Yang <[email protected]> Tested-by: Jiaxun Yang <[email protected]> Message-Id: <[email protected]>
Introduce LOONGSON_IPI_COMMON stubs, QDev parent of LOONGSON_IPI. Signed-off-by: Bibo Mao <[email protected]> [PMD: Extracted from bigger commit, added commit description] Co-Developed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Bibo Mao <[email protected]> Tested-by: Bibo Mao <[email protected]> Acked-by: Song Gao <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Jiaxun Yang <[email protected]> Tested-by: Jiaxun Yang <[email protected]> Message-Id: <[email protected]>
Signed-off-by: Bibo Mao <[email protected]> [PMD: Extracted from bigger commit, added commit description] Co-Developed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Bibo Mao <[email protected]> Tested-by: Bibo Mao <[email protected]> Acked-by: Song Gao <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Jiaxun Yang <[email protected]> Tested-by: Jiaxun Yang <[email protected]> Message-Id: <[email protected]>
It is easier to manage one array of MMIO MR rather than one per vCPU. Signed-off-by: Bibo Mao <[email protected]> [PMD: Extracted from bigger commit, added commit description] Co-Developed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Bibo Mao <[email protected]> Tested-by: Bibo Mao <[email protected]> Acked-by: Song Gao <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Jiaxun Yang <[email protected]> Tested-by: Jiaxun Yang <[email protected]> Message-Id: <[email protected]>
Move the IPICore structure and corresponding common fields of LoongsonIPICommonState to "hw/intc/loongson_ipi_common.h". Signed-off-by: Bibo Mao <[email protected]> [PMD: Extracted from bigger commit, added commit description] Co-Developed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Bibo Mao <[email protected]> Tested-by: Bibo Mao <[email protected]> Acked-by: Song Gao <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Jiaxun Yang <[email protected]> Tested-by: Jiaxun Yang <[email protected]> Message-Id: <[email protected]>
Commit e104edb ("hw/mips/jazz: use qemu_find_nic_info()") contained a typo in the NIC alias which caused initialisation of the in-built dp83932 NIC to fail when using the normal -nic user,model=dp83932 command line. Fixes: e104edb ("hw/mips/jazz: use qemu_find_nic_info()") Signed-off-by: Mark Cave-Ayland <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: David Woodhouse <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Signed-off-by: Michael Tokarev <[email protected]> (cherry picked from commit 2e4fdf566062c03456230fd8136b88c5c1e5c4bf) Signed-off-by: Michael Tokarev <[email protected]>
When we shut down a guest we disable the timers. However this can cause deadlock if the guest has queued some async work that is trying to advance system time and spins forever trying to wind time forward. Pay attention to the return code and bail early if we can't wind time forward. Reported-by: Elisha Hollander <[email protected]> Signed-off-by: Alex Bennée <[email protected]> Reviewed-by: Pierrick Bouvier <[email protected]> Message-Id: <[email protected]> (cherry picked from commit bc02be4508d8753d1f6071b77d10f4661587df6f) Signed-off-by: Michael Tokarev <[email protected]>
Allow overlapping request by removing the assert that made it impossible. There are only two callers: 1. block_copy_task_create() It already asserts the very same condition before calling reqlist_init_req(). 2. cbw_snapshot_read_lock() There is no need to have read requests be non-overlapping in copy-before-write when used for snapshot-access. In fact, there was no protection against two callers of cbw_snapshot_read_lock() calling reqlist_init_req() with overlapping ranges and this could lead to an assertion failure [1]. In particular, with the reproducer script below [0], two cbw_co_snapshot_block_status() callers could race, with the second calling reqlist_init_req() before the first one finishes and removes its conflicting request. [0]: > #!/bin/bash -e > dd if=/dev/urandom of=/tmp/disk.raw bs=1M count=1024 > ./qemu-img create /tmp/fleecing.raw -f raw 1G > ( > ./qemu-system-x86_64 --qmp stdio \ > --blockdev raw,node-name=node0,file.driver=file,file.filename=/tmp/disk.raw \ > --blockdev raw,node-name=node1,file.driver=file,file.filename=/tmp/fleecing.raw \ > <<EOF > {"execute": "qmp_capabilities"} > {"execute": "blockdev-add", "arguments": { "driver": "copy-before-write", "file": "node0", "target": "node1", "node-name": "node3" } } > {"execute": "blockdev-add", "arguments": { "driver": "snapshot-access", "file": "node3", "node-name": "snap0" } } > {"execute": "nbd-server-start", "arguments": {"addr": { "type": "unix", "data": { "path": "/tmp/nbd.socket" } } } } > {"execute": "block-export-add", "arguments": {"id": "exp0", "node-name": "snap0", "type": "nbd", "name": "exp0"}} > EOF > ) & > sleep 5 > while true; do > ./qemu-nbd -d /dev/nbd0 > ./qemu-nbd -c /dev/nbd0 nbd:unix:/tmp/nbd.socket:exportname=exp0 -f raw -r > nbdinfo --map 'nbd+unix:///exp0?socket=/tmp/nbd.socket' > done [1]: > #5 0x000071e5f0088eb2 in __GI___assert_fail (...) at ./assert/assert.c:101 > #6 0x0000615285438017 in reqlist_init_req (...) at ../block/reqlist.c:23 > #7 0x00006152853e2d98 in cbw_snapshot_read_lock (...) at ../block/copy-before-write.c:237 > #8 0x00006152853e3068 in cbw_co_snapshot_block_status (...) at ../block/copy-before-write.c:304 > #9 0x00006152853f4d22 in bdrv_co_snapshot_block_status (...) at ../block/io.c:3726 > #10 0x000061528543a63e in snapshot_access_co_block_status (...) at ../block/snapshot-access.c:48 > #11 0x00006152853f1a0a in bdrv_co_do_block_status (...) at ../block/io.c:2474 > #12 0x00006152853f2016 in bdrv_co_common_block_status_above (...) at ../block/io.c:2652 > #13 0x00006152853f22cf in bdrv_co_block_status_above (...) at ../block/io.c:2732 > #14 0x00006152853d9a86 in blk_co_block_status_above (...) at ../block/block-backend.c:1473 > #15 0x000061528538da6c in blockstatus_to_extents (...) at ../nbd/server.c:2374 > #16 0x000061528538deb1 in nbd_co_send_block_status (...) at ../nbd/server.c:2481 > #17 0x000061528538f424 in nbd_handle_request (...) at ../nbd/server.c:2978 > #18 0x000061528538f906 in nbd_trip (...) at ../nbd/server.c:3121 > #19 0x00006152855a7caf in coroutine_trampoline (...) at ../util/coroutine-ucontext.c:175 Cc: [email protected] Suggested-by: Vladimir Sementsov-Ogievskiy <[email protected]> Signed-off-by: Fiona Ebner <[email protected]> Message-Id: <[email protected]> Reviewed-by: Vladimir Sementsov-Ogievskiy <[email protected]> Signed-off-by: Vladimir Sementsov-Ogievskiy <[email protected]> (cherry picked from commit 6475155d519209c80fdda53e05130365aa769838) Signed-off-by: Michael Tokarev <[email protected]>
target_ulong is typedef'ed as a 32-bit integer when building the qemu-system-arm target, and this is smaller than the size of an intermediate physical address when LPAE is being used. Given that Linux may place leaf level user page tables in high memory when built for LPAE, the kernel will crash with an external abort as soon as it enters user space when running with more than ~3 GiB of system RAM. So replace target_ulong with vaddr in places where it may carry an address value that is not representable in 32 bits. Fixes: f3639a6 ("target/arm: Use softmmu tlbs for page table walking") Cc: [email protected] Reported-by: Arnd Bergmann <[email protected]> Tested-by: Arnd Bergmann <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Ard Biesheuvel <[email protected]> Message-id: [email protected] Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit 67d762e716a7127ecc114e9708254316dd521911) Signed-off-by: Michael Tokarev <[email protected]>
The enable bits in the EXT_CSD_PART_CONFIG ext_csd register do *not* specify whether the boot partitions exist, but whether they are enabled for booting. Existence of the boot partitions is specified by a EXT_CSD_BOOT_MULT != 0. Currently, in the case of boot-partition-size=1M and boot-config=0, Linux detects boot partitions of 1M. But as sd_bootpart_offset always returns 0, all reads/writes are mapped to the same offset in the backing file. Fix this bug by calculating the offset independent of which partition is enabled for booting. This bug is unlikely to affect many users with QEMU's current set of boards, because only aspeed sets boot-partition-size, and it also sets boot-config to 8. So to run into this a user would have to manually mark the boot partition non-booting from within the guest. Cc: [email protected] Signed-off-by: Jan Luebbe <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> [PMM: added note to commit message about effects of bug] Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit 9601076b3b0bced7ed597d1470e3ff2f4e7177d6) Signed-off-by: Michael Tokarev <[email protected]>
The mips64el cross setup is very broken for bullseye which has now entered LTS support so is unlikely to be fixed. While we still can't build the container with all packages for bookworm due to a single missing dependency that will hopefully get fixed in due course. For the sake of keeping the CI green we disable the problematic packages via the lcitool's mappings.yml file. See also: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081535 Signed-off-by: Alex Bennée <[email protected]> [thuth: Disable the problematic packages via lcitool's mappings.yml] Message-ID: <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Signed-off-by: Thomas Huth <[email protected]> (cherry picked from commit c60473d29254b79d9437eface8b342e84663ba66) Signed-off-by: Michael Tokarev <[email protected]>
Since commit e99441a ("ui/curses: Do not use console_select()") qemu_text_console_put_keysym() no longer checks for NULL console argument, which leads to a later crash: Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. 0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at ../ui/console-vc.c:332 332 } else if (s->echo && (keysym == '\r' || keysym == '\n')) { (gdb) bt #0 0x00005555559ee186 in qemu_text_console_handle_keysym (s=0x0, keysym=31) at ../ui/console-vc.c:332 #1 0x00005555559e18e5 in qemu_text_console_put_keysym (s=<optimized out>, keysym=<optimized out>) at ../ui/console.c:303 #2 0x00005555559f2e88 in do_key_event (vs=vs@entry=0x5555579045c0, down=down@entry=1, keycode=keycode@entry=60, sym=sym@entry=65471) at ../ui/vnc.c:2034 #3 0x00005555559f845c in ext_key_event (vs=0x5555579045c0, down=1, sym=65471, keycode=<optimized out>) at ../ui/vnc.c:2070 #4 protocol_client_msg (vs=0x5555579045c0, data=<optimized out>, len=<optimized out>) at ../ui/vnc.c:2514 #5 0x00005555559f515c in vnc_client_read (vs=0x5555579045c0) at ../ui/vnc.c:1607 Fixes: e99441a ("ui/curses: Do not use console_select()") Fixes: https://issues.redhat.com/browse/RHEL-50529 Cc: [email protected] Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Signed-off-by: Michael Tokarev <[email protected]> (cherry picked from commit 0e60fc80938d9ce84274a36ddfaaa640bdef2be8) Signed-off-by: Michael Tokarev <[email protected]>
load_flt_binary() calls load_flat_file() -> page_set_flags(). page_set_flags() must be called with the mmap_lock held, otherwise it aborts: $ qemu-arm -L stm32/lib/ stm32/bin/busybox qemu-arm: ../accel/tcg/user-exec.c:505: page_set_flags: Assertion `have_mmap_lock()' failed. Aborted (core dumped) Fix by taking the lock in load_flt_binary(). Fixes: fbd3c4c ("linux-user/arm: Mark the commpage executable") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2525 Suggested-by: Richard Henderson <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Richard Henderson <[email protected]> (cherry picked from commit a9ee641bd46f5462eeed183ac3c3760bddfc2600) Signed-off-by: Michael Tokarev <[email protected]>
Comparing a string of 4 bytes only works in little-endian. Adjust bulk bswap to only apply to the note payload. Perform swapping of the note header manually; the magic is defined so that it does not need a runtime swap. Fixes: 83f990e ("linux-user/elfload: Parse NT_GNU_PROPERTY_TYPE_0 notes") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2596 Signed-off-by: Richard Henderson <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> (cherry picked from commit 2884596f5f385b5712c356310dd4125a089888a8) Signed-off-by: Michael Tokarev <[email protected]>
In the fallback when STDBRX is not available, avoid clobbering TCG_REG_TMP1, which might be h.base, which is still in use. Use TCG_REG_TMP2 instead. Cc: [email protected] Fixes: 01a112e ("tcg/ppc: Reorg tcg_out_tlb_read") Signed-off-by: Richard Henderson <[email protected]> Tested-By: Michael Tokarev <[email protected]> (cherry picked from commit 4cabcb89b101942346aebff081aa1453e958fe7f) Signed-off-by: Michael Tokarev <[email protected]>
In tcg_out_qemu_ldst_i128, we need a non-zero index register, which we then use as a base register in several address modes. Since we always have TCG_REG_TMP2 available, use that. Cc: [email protected] Fixes: 526cd4e ("tcg/ppc: Support 128-bit load/store") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2597 Signed-off-by: Richard Henderson <[email protected]> Tested-By: Michael Tokarev <[email protected]> (cherry picked from commit 3213da7b9539581c6df95f8ced5b09d0b02d425f) Signed-off-by: Michael Tokarev <[email protected]>
Returning a raw areg does not preserve the value if the areg is subsequently modified. Fixes, e.g. "jsr (sp)", where the return address is pushed before the branch. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2483 Signed-off-by: Richard Henderson <[email protected]> Message-Id: <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> (cherry picked from commit 352cc9f300d83ea48b8154bfd2ff985fece887d0) Signed-off-by: Michael Tokarev <[email protected]>
s/mbmi1/mbmi/ When configuring with -Dx86_version >= 3, meson step works, but compilation fails because option -mbmi1 is unknown. Signed-off-by: Pierrick Bouvier <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Tested-by: Alex Bennée <[email protected]> Link: https://lore.kernel.org/r/[email protected] Cc: [email protected] Fixes: ef7d1ad ("meson: allow configuring the x86-64 baseline", 2024-06-28) Revieved-by: Michael Tokarev <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]> (cherry picked from commit 461a9252e249adab5f0bae3b9634be77dd5be17e) Signed-off-by: Michael Tokarev <[email protected]>
Create a separate variable for compiler flags that enable specific instruction set extensions, so that they can be used with cc.compiles/cc.links. Note that -mfpmath=sse is a code generation option but it does not enable new instructions, therefore I did not make it part of qemu_isa_flags. Suggested-by: Pierrick Bouvier <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Tested-by: Alex Bennée <[email protected]> Cc: [email protected] Signed-off-by: Paolo Bonzini <[email protected]> (cherry picked from commit 6ae8c5382b2396d394e135c2c6d3742d11c6d0c2) Signed-off-by: Michael Tokarev <[email protected]>
Moving -mcx16 out of CPU_CFLAGS caused the detection of ATOMIC128 to fail, because flags have to be specified by hand in cc.compiles and cc.links invocations (why oh why??). Ensure that these tests enable all the instruction set extensions that will be used to build the emulators. Fixes: c2bf2cc ("configure: move -mcx16 flag out of CPU_CFLAGS", 2024-05-24) Reported-by: Alex Bennée <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Tested-by: Alex Bennée <[email protected]> Cc: [email protected] Signed-off-by: Paolo Bonzini <[email protected]> (cherry picked from commit 8db4e0f92e83fd80b6609439440b303ddded7ad8) Signed-off-by: Michael Tokarev <[email protected]>
The result of 1 << regbit with regbit==31 has a 1 in the 32nd bit. When cast to uint64_t (for further bitwise OR), the 32 most significant bits will be filled with 1s. However, the documentation states that the upper 32 bits of ICH_AP[0/1]R<n>_EL2 are reserved. Add an explicit cast to match the documentation. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: [email protected] Fixes: d2c0c6a ("hw/intc/arm_gicv3: Handle icv_nmiar1_read() for icc_nmiar1_read()") Signed-off-by: Alexandra Diupina <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit e0c0ea6eca4f210a52b9742817586cc97b1ee434) Signed-off-by: Michael Tokarev <[email protected]>
The result of 1 << regbit with regbit==31 has a 1 in the 32nd bit. When cast to uint64_t (for further bitwise OR), the 32 most significant bits will be filled with 1s. However, the documentation states that the upper 32 bits of ICC_AP[0/1]R<n>_EL2 are reserved. Add an explicit cast to match the documentation. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: [email protected] Fixes: 28cca59 ("hw/intc/arm_gicv3: Add NMI handling CPU interface registers") Signed-off-by: Alexandra Diupina <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit 12dc8f6eca1ead876142fd3d6731cf3da1295f2a) Signed-off-by: Michael Tokarev <[email protected]>
The result of 1 << regbit with regbit==31 has a 1 in the 32nd bit. When cast to uint64_t (for further bitwise OR), the 32 most significant bits will be filled with 1s. However, the documentation states that the upper 32 bits of ICH_AP[0/1]R<n>_EL2 are reserved. Add an explicit cast to match the documentation. Found by Linux Verification Center (linuxtesting.org) with SVACE. Cc: [email protected] Fixes: c3f21b0 ("hw/intc/arm_gicv3_cpuif: Support vLPIs") Signed-off-by: Alexandra Diupina <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit 3db74afec3ca87f81fbdf5918ed1e21d837fbfab) Signed-off-by: Michael Tokarev <[email protected]>
In commit b88cfee we defined masks for the IBRD and FBRD integer and fractional baud rate divider registers, to prevent the guest from writing invalid values which could cause division-by-zero. Unfortunately we got the mask values the wrong way around: the FBRD register is six bits and the IBRD register is 16 bits, not vice-versa. You would only run into this bug if you programmed the UART to a baud rate of less than 9600, because for 9600 baud and above the IBRD value will fit into 6 bits, as per the table in https://developer.arm.com/documentation/ddi0183/g/programmers-model/register-descriptions/fractional-baud-rate-register--uartfbrd The only visible effects would be that the value read back from the register by the guest would be truncated, and we would print an incorrect baud rate in the debug logs. Cc: [email protected] Fixes: b88cfee ("hw/char/pl011: Avoid division-by-zero in pl011_get_baudrate()") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2610 Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Gavin Shan <[email protected]> Message-id: [email protected] (cherry picked from commit cd247eae16ab1b9ce97fd34c000c1b883feeda45) Signed-off-by: Michael Tokarev <[email protected]>
Fixes: 280c1e1 ("audio/hda: create millisecond timers that handle IO") Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Message-ID: <[email protected]> (cherry picked from commit f27206ceedbe2efae37c8d143c5eb2db05251508) Signed-off-by: Michael Tokarev <[email protected]>
When SET_STREAM_FORMAT is called, we should clear the existing setup. Factor out common function to close a stream. Direct leak of 144 byte(s) in 3 object(s) allocated from: #0 0x7f91d38f7350 in calloc (/lib64/libasan.so.8+0xf7350) (BuildId: a4ad7eb954b390cf00f07fa10952988a41d9fc7a) #1 0x7f91d2ab7871 in g_malloc0 (/lib64/libglib-2.0.so.0+0x64871) (BuildId: 36b60dbd02e796145a982d0151ce37202ec05649) #2 0x562fa2f447ee in timer_new_full /home/elmarco/src/qemu/include/qemu/timer.h:538 #3 0x562fa2f4486f in timer_new /home/elmarco/src/qemu/include/qemu/timer.h:559 #4 0x562fa2f448a9 in timer_new_ns /home/elmarco/src/qemu/include/qemu/timer.h:577 #5 0x562fa2f47955 in hda_audio_setup ../hw/audio/hda-codec.c:490 #6 0x562fa2f4897e in hda_audio_command ../hw/audio/hda-codec.c:605 Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Message-ID: <[email protected]> (cherry picked from commit 6d6e23361fc732e4fe36a8bc5873b85f264ed53a) Signed-off-by: Michael Tokarev <[email protected]>
A filter function that wants to drop a message should return NULL, in which case it must also unref the message itself. Fixes: fa88b85 ("ui/dbus: filter out pending messages when scanout") Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Message-ID: <[email protected]> (cherry picked from commit 244d52ff736fefc3dd364ed091720aa896af306d) Signed-off-by: Michael Tokarev <[email protected]>
DisplaySurface may be free before the pixman image is freed, since the image is refcounted and used by different objects, including pending dbus messages. Furthermore, setting the destroy function in create_displaysurface_from() isn't appropriate, as it may not be used, and may be overriden as in ramfb. Set the destroy function when the shared handle is set, use the HANDLE directly for destroy data, using a single common helper qemu_pixman_win32_image_destroy(). Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Message-ID: <[email protected]> (cherry picked from commit 330ef31deb2e5461cff907488b710f5bd9cd2327) Signed-off-by: Michael Tokarev <[email protected]>
Filtering pending messages when a new scanout is given shouldn't discard pending cursor changes, for example. Since filtering happens in a different thread, use atomic set/get. Fixes: fa88b85 ("ui/dbus: filter out pending messages when scanout") Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Message-ID: <[email protected]> (cherry picked from commit cf59889781297a5618f1735a5f31402caa806b42) Signed-off-by: Michael Tokarev <[email protected]>
Signed-off-by: Michael Tokarev <[email protected]>
v9.1.1 release
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.