-
Notifications
You must be signed in to change notification settings - Fork 6
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merge v8.1.1 #137
base: MINI404
Are you sure you want to change the base?
Merge v8.1.1 #137
Commits on Jul 26, 2023
-
qapi: Reformat recent doc comments to conform to current conventions
Since commit a937b6a (qapi: Reformat doc comments to conform to current conventions), a number of comments not conforming to the current formatting conventions were added. No problem, just sweep the entire documentation once more. To check the generated documentation does not change, I compared the generated HTML before and after this commit with "wdiff -3". Finds no differences. Comparing with diff is not useful, as the reflown paragraphs are visible there. Signed-off-by: Markus Armbruster <[email protected]> Message-ID: <[email protected]>
Markus Armbruster committedJul 26, 2023 Configuration menu - View commit details
-
Copy full SHA for 9e27207 - Browse repository at this point
Copy the full SHA 9e27207View commit details -
Merge tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu …
…into staging Miscellaneous fixes * Switch canokey license from Apache to GPLv2+ * Fix uninitialized variable in LUKS driver # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmS/91MACgkQvobrtBUQ # T9+WjA/9Gx02s4aZvLJ1gSpzPguIEjwEulVOBCTaxQ1Fuu/5RawWXmFMhQ/iwAbi # EnbeDpghG+Qk+4DCfQDMq0F8zkozvZOLW8NTZJW66dpV9PSwji39eIpVgvin2GXA # bGZBz6ZwXoTozplfY8LTzLIGyZNzGNjSO4ND1zsyXq57LXbWXhAdHvsxwi1h1rOc # FbNMeSPFlwPtCnpQgBDQmRmQ5UzwZiJOCp3zi9njMM/D6AfU/n275QzLvd/3ydBO # JW4q1IHyDs13g+SCnI4a2rqI7+Uf+Z7h2DfkwhoaGoGuTpZ6llTgM4asjUOFri66 # RzVWz6UK+uCUogq2wgfYJ5jyNwerU8DtyjSW3kxhLcaTTRUGG/+nQu9PV+aPy1xD # DZWo74KBtiRDFVS1XTLoDd+tNDqzNRdCmWqlc0CWgjUU68b61+GCDnkr+F0rJ59t # rL1Q+bgKDVnYVxbTVJQs9V6zdeu6o7x94moK2UCAUbGlaCcpkl/sZXqF586dMQAj # SvaGRYBxMvZvDVeIaINV/sW+vssoSdi7MKaUHAiHydnph/NFzC501bszh7RMyfAd # 4/PLsm4ezmSFBZ0BS6+zjMBwWEQYiJbl6DDZZI631qSC4G5yOm9TCW2I7ZPNdpRu # CveFHf8/dREd5o5iE6Vl5mWZF++dOcil64PnevqEv5/wjQcyHJs= # =+YRm # -----END PGP SIGNATURE----- # gpg: Signature made Tue 25 Jul 2023 09:24:51 AM PDT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <[email protected]>" [full] # gpg: aka "Daniel P. Berrange <[email protected]>" [full] * tag 'misc-next-pull-request' of https://gitlab.com/berrange/qemu: hw/usb/canokey: change license to GPLv2+ crypto: Always initialize splitkeylen Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5fc7709 - Browse repository at this point
Copy the full SHA 5fc7709View commit details -
Merge tag 'migration-20230726-pull-request' of https://gitlab.com/jua…
…n.quintela/qemu into staging Migration Pull request Hi This is the migration PULL request. It is the same than yesterday with proper PULL headers. It pass CI. It contains: - Fabiano rosas trheadinfo cleanups - Hyman Huang dirtylimit changes - Part of my changes - Peter Xu documentation - Tejus updato to migration descriptions - Wei want improvements for postocpy and multifd setup Please apply. Thanks, Juan. # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEGJn/jt6/WMzuA0uC9IfvGFhy1yMFAmTBCrgACgkQ9IfvGFhy # 1yPCphAAvZr6HqULECPv/g6gYIiNjl2WQxSgaOnJPnxSV3aaDMl4+rn3GowXbj1a # V7xQIxxyYR+4BOBPHc1Ey9z2huB6tr5YhzbHhdpOPOfTdGP4LzQogyBCM9elIGbg # GVnBX4k1yT2bE3qoKkD7FZ8GhQdFTq9NFXg/prAJm5fUnoUVVGhz4YSlWVXcpC19 # XJIAC4QA5LtQYKe9TAlLqECNHeOiMDIFa1QHtrz+52OUWgh8WOvAPtj1CK0pm9Qa # AsvN8HvKJ2PlCBct7c+E17O/xVihKVciEgu3KXjGHurUipUSD3XCHXOURlS1IrLK # ShegHFmMQjmS0m9mUy1+2K7DQ+ZcfScqSQCEuEOtTdnzs2him4c6p9VEGyQXa5bc # PChjihbYmxuz1GwrprtjUGyXgqhjnwGi1yRDl9L3mZc41vfO4m2sHnMZpdJZc+dt # 5f5oi69cXVmtzSNJqT/4nCa7g5PuaPLg34NdwpbZv7Dt0Hq1yzlkNgUNb9R0XGET # /BIpIuYYcNdmBUEVebMydndrzY8UDq0KC+e35OADSGkg6B6ZNwYaoungCb2gy6hM # WCcv+3UATb/oF7HoPmh1+f1MzUZENAdmDtddXOCvWBZQReByKR7eFZLUHR+yBODH # dVP9zOkPfrm8XVG4fSYhb/4BPK4XhBlibFsxxwOohTttTNHA5ew= # =J74B # -----END PGP SIGNATURE----- # gpg: Signature made Wed 26 Jul 2023 04:59:52 AM PDT # gpg: using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723 # gpg: Good signature from "Juan Quintela <[email protected]>" [undefined] # gpg: aka "Juan Quintela <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723 * tag 'migration-20230726-pull-request' of https://gitlab.com/juan.quintela/qemu: (25 commits) migration/rdma: Split qemu_fopen_rdma() into input/output functions qemu-file: Make qemu_file_get_error_obj() static qemu-file: Simplify qemu_file_shutdown() qemu_file: Make qemu_file_is_writable() static migration: Change qemu_file_transferred to noflush qemu-file: Rename qemu_file_transferred_ fast -> noflush qtest/migration-tests.c: use "-incoming defer" for postcopy tests migration: enforce multifd and postcopy preempt to be set before incoming migration: Update error description whenever migration fails docs/migration: Update postcopy bits migration: skipped field is really obsolete. migration-test: machine_opts is really arch specific migration-test: Create arch_opts migration-test: Make machine_opts regular with other options migration-test: Be consistent for ppc migration: Extend query-migrate to provide dirty page limit info migration: Implement dirty-limit convergence algo migration: Put the detection logic before auto-converge checking migration: Refactor auto-converge capability logic migration: Introduce dirty-limit capability ... Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ec28194 - Browse repository at this point
Copy the full SHA ec28194View commit details -
Merge tag 'pull-qapi-2023-07-26-v2' of https://repo.or.cz/qemu/armbru …
…into staging QAPI patches patches for 2023-07-26 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmTBFvUSHGFybWJydUBy # ZWRoYXQuY29tAAoJEDhwtADrkYZTML4QAKhHciLnEudtZ6SFSqpOgt80IJnw8a+r # z1AowVYtgPhlZ8TtQJFXpBtAZtKu8xb/QdFxomm4bdNQnWX6CXCoheF5ZJ9V3Rrz # A3pA1wt5KTnRif6R9/Rs1dYXEr4cWagg1UNT3g2eOV3fvdDHvJMPOsqK/jWeXuC1 # T94yFMv1bZSLyiLgB7QQNYDZhIWQ06RGU6tZdWaZQReA8N8maXiZN5NnUISK32Rq # L2X0FtgzyJQ+dLHtbXOw6kIwZdOLNauOM78skZoiZUyFVaH2aDUIg3mnfRw36hN6 # feXGtw68PkTQGexKmonPDljIacfMDApmNBelLwsvB9MTrwVV+hKZPy1ZEwPIFDJ9 # yid63pp2CtQ1TZ3dSjZ1cGbRR+g2NI5X4g1DlcFPAxydMkv9/m5NwQx8OYqVIzqg # VXeS0++O2BM5+ORjlJxMx3RsyH2O1I8DCfwmifzYSo+3Xg/4nCV3f38czbavjCfJ # 4T3ooZx0+PRtjlOlfZTkgxV14TMV+XzQr3bsN4wbPdnjnueSE1tyoVGy8MwQ5aXi # 2oAsjrR8g7iqU6f+6PyRNn5F6D0ge+AYQ7bYS51i3Hyih/y2QUJECpL3XAgOxREb # /68SEtr4m/GJvmQNdwwwu6e1JFo8LknwMfkfzQAOCK1npAJGsWPmJ6iY7KtWgS8F # oDwqng/WOhvV # =mNMX # -----END PGP SIGNATURE----- # gpg: Signature made Wed 26 Jul 2023 05:52:05 AM PDT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "[email protected]" # gpg: Good signature from "Markus Armbruster <[email protected]>" [undefined] # gpg: aka "Markus Armbruster <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * tag 'pull-qapi-2023-07-26-v2' of https://repo.or.cz/qemu/armbru: qapi: Reformat recent doc comments to conform to current conventions qapi/trace: Tidy up trace-event-get-state, -set-state documentation qapi/qdev: Tidy up device_add documentation qapi/block: Tidy up block-latency-histogram-set documentation qapi/block-core: Tidy up BlockLatencyHistogramInfo documentation Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ccdd312 - Browse repository at this point
Copy the full SHA ccdd312View commit details -
block/blkio: do not use open flags in qemu_open()
qemu_open() in blkio_virtio_blk_common_open() is used to open the character device (e.g. /dev/vhost-vdpa-0 or /dev/vfio/vfio) or in the future eventually the unix socket. In all these cases we cannot open the path in read-only mode, when the `read-only` option of blockdev is on, because the exchange of IOCTL commands for example will fail. In order to open the device read-only, we have to use the `read-only` property of the libblkio driver as we already do in blkio_file_open(). Fixes: cad2ccc ("block/blkio: use qemu_open() to support fd passing for virtio-blk") Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2225439 Reported-by: Qing Wang <[email protected]> Signed-off-by: Stefano Garzarella <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a5942c1 - Browse repository at this point
Copy the full SHA a5942c1View commit details
Commits on Jul 27, 2023
-
qemu-nbd: regression with arguments passing into nbd_client_thread()
Unfortunately commit 03b6762 Author: Denis V. Lunev <[email protected]> Date: Mon Jul 17 16:55:40 2023 +0200 qemu-nbd: pass structure into nbd_client_thread instead of plain char* has introduced a regression. struct NbdClientOpts resides on stack inside 'if' block. This specifically means that this stack space could be reused once the execution will leave that block of the code. This means that parameters passed into nbd_client_thread could be overwritten at any moment. The patch moves the data to the namespace of main() function effectively preserving it for the whole process lifetime. Signed-off-by: Denis V. Lunev <[email protected]> CC: Eric Blake <[email protected]> CC: Vladimir Sementsov-Ogievskiy <[email protected]> CC: <[email protected]> Reviewed-by: Eric Blake <[email protected]> Message-ID: <[email protected]> Signed-off-by: Eric Blake <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e5b815b - Browse repository at this point
Copy the full SHA e5b815bView commit details -
block/file-posix: fix g_file_get_contents return path
The g_file_get_contents() function returns a g_boolean. If it fails, the returned value will be 0 instead of -1. Solve the issue by skipping assigning ret value. This issue was found by Matthew Rosato using virtio-blk-{pci,ccw} backed by an NVMe partition e.g. /dev/nvme0n1p1 on s390x. Signed-off-by: Sam Li <[email protected]> Reviewed-by: Matthew Rosato <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 29a242e - Browse repository at this point
Copy the full SHA 29a242eView commit details -
block: Fix pad_request's request restriction
bdrv_pad_request() relies on requests' lengths not to exceed SIZE_MAX, which bdrv_check_qiov_request() does not guarantee. bdrv_check_request32() however will guarantee this, and both of bdrv_pad_request()'s callers (bdrv_co_preadv_part() and bdrv_co_pwritev_part()) already run it before calling bdrv_pad_request(). Therefore, bdrv_pad_request() can safely call bdrv_check_request32() without expecting error, too. In effect, this patch will not change guest-visible behavior. It is a clean-up to tighten a condition to match what is guaranteed by our callers, and which exists purely to show clearly why the subsequent assertion (`assert(*bytes <= SIZE_MAX)`) is always true. Note there is a difference between the interfaces of bdrv_check_qiov_request() and bdrv_check_request32(): The former takes an errp, the latter does not, so we can no longer just pass &error_abort. Instead, we need to check the returned value. While we do expect success (because the callers have already run this function), an assert(ret == 0) is not much simpler than just to return an error if it occurs, so let us handle errors by returning them up the stack now. Reported-by: Peter Maydell <[email protected]> Signed-off-by: Hanna Czenczek <[email protected]> Message-id: [email protected] Fixes: 1874331 ("block: Collapse padded I/O vecs exceeding IOV_MAX") Signed-off-by: Hanna Czenczek <[email protected]> Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ef25675 - Browse repository at this point
Copy the full SHA ef25675View commit details -
block/blkio: move blkio_connect() in the drivers functions
This is in preparation for the next patch, where for virtio-blk drivers we need to handle the failure of blkio_connect(). Let's also rename the *_open() functions to *_connect() to make the code reflect the changes applied. Signed-off-by: Stefano Garzarella <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 69785d6 - Browse repository at this point
Copy the full SHA 69785d6View commit details -
block/blkio: retry blkio_connect() if it fails using
fd
libblkio 1.3.0 added support of "fd" property for virtio-blk-vhost-vdpa driver. In QEMU, starting from commit cad2ccc ("block/blkio: use qemu_open() to support fd passing for virtio-blk") we are using `blkio_get_int(..., "fd")` to check if the "fd" property is supported for all the virtio-blk-* driver. Unfortunately that property is also available for those driver that do not support it, such as virtio-blk-vhost-user. So, `blkio_get_int()` is not enough to check whether the driver supports the `fd` property or not. This is because the virito-blk common libblkio driver only checks whether or not `fd` is set during `blkio_connect()` and fails with -EINVAL for those transports that do not support it (all except vhost-vdpa for now). So let's handle the `blkio_connect()` failure, retrying it using `path` directly. Fixes: cad2ccc ("block/blkio: use qemu_open() to support fd passing for virtio-blk") Suggested-by: Stefan Hajnoczi <[email protected]> Signed-off-by: Stefano Garzarella <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 809c319 - Browse repository at this point
Copy the full SHA 809c319View commit details -
block/blkio: fall back on using
path
whenfd
setting failsqemu_open() fails if called with an unix domain socket in this way: -blockdev node-name=drive0,driver=virtio-blk-vhost-user,path=vhost-user-blk.sock,cache.direct=on: Could not open 'vhost-user-blk.sock': No such device or address Since virtio-blk-vhost-user does not support fd passing, let`s always fall back on using `path` if we fail the fd passing. Fixes: cad2ccc ("block/blkio: use qemu_open() to support fd passing for virtio-blk") Reported-by: Qing Wang <[email protected]> Signed-off-by: Stefano Garzarella <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 723bea2 - Browse repository at this point
Copy the full SHA 723bea2View commit details -
block/blkio: use blkio_set_int("fd") to check fd support
Setting the `fd` property fails with virtio-blk-* libblkio drivers that do not support fd passing since https://gitlab.com/libblkio/libblkio/-/merge_requests/208. Getting the `fd` property, on the other hand, always succeeds for virtio-blk-* libblkio drivers even when they don't support fd passing. This patch switches to setting the `fd` property because it is a better mechanism for probing fd passing support than getting the `fd` property. Signed-off-by: Stefano Garzarella <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1c38fe6 - Browse repository at this point
Copy the full SHA 1c38fe6View commit details
Commits on Jul 28, 2023
-
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu in…
…to staging Pull request Please include these bug fixes in QEMU 8.1. Thanks! # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmTCzPUACgkQnKSrs4Gr # c8g1DAf/fPUQ4zRsCn079pHIyK9TFo4COm23p4kiusxj8otfjt8LH1Zsc9pGWC2+ # bl2RlnPID8JlyJFDRN7b/RCEhj45a83GtCmhDDmqVgy1eO5vwOKm2XyyWeD+pq/U # Hf2QLPLZZ7tCD8Njpty+gB3Ux4zqthKGXSg8FpJ3w0tl4me2efLvjMa6jHMwtnHT # aAbyQ3WMpT9w4XHLqRQDHzBqrTSY4od3nl9SrM/DQ2klLIcz8ECTEZVBY9B3pq6m # QvAg24tfb0QvS14YnZv/PMCfOaVuE87M9G4f93pCynnMxMYze+XczL0sGhIAS9wp # 03NgGlhGumOix6r2kHjlG6p3xywV8A== # =jMf8 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 27 Jul 2023 01:00:53 PM PDT # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <[email protected]>" [full] # gpg: aka "Stefan Hajnoczi <[email protected]>" [full] * tag 'block-pull-request' of https://gitlab.com/stefanha/qemu: block/blkio: use blkio_set_int("fd") to check fd support block/blkio: fall back on using `path` when `fd` setting fails block/blkio: retry blkio_connect() if it fails using `fd` block/blkio: move blkio_connect() in the drivers functions block: Fix pad_request's request restriction block/file-posix: fix g_file_get_contents return path block/blkio: do not use open flags in qemu_open() block/blkio: enable the completion eventfd Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f33c745 - Browse repository at this point
Copy the full SHA f33c745View commit details -
Merge tag 'pull-nbd-2023-07-28' of https://repo.or.cz/qemu/ericb into…
… staging NBD patches for 2023-07-28 - Denis V. Lunev: Fix regression in 'qemu-nbd -c /dev/nbdN' # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmTD1ncACgkQp6FrSiUn # Q2pTJwf/ajrWlu3O6VF2xeavAbeBNpEtGkGRuuWAcY9l3XubKA6CYVOWXsXaqKiB # CzqaiiMpAU4EeRroOjM0REWbVr1VyHtxGV3neCxcbXoXvZXaYDaBU5KAalZv++os # +e0tit93LnJ+MYYx6r9z2MmD+A1yXqHo+K4lvI2hd3royYC0zn/1lFJxGqk8is8O # EHI9o40zMaQ2l+zrsC5tMuxQf6EGjtHm9rtRRASDnyf8V4zGEwWMQ30Xd31nFVGS # V9+XnIIWRNhY1DDNBnNrn6If+MiXeBfV7UPof7gMjAv7v4QdCdPELi7UBbkQU2d6 # y87w3KxgVlgDQ7IskA+Y1ykEFXCKAw== # =N00U # -----END PGP SIGNATURE----- # gpg: Signature made Fri 28 Jul 2023 07:53:43 AM PDT # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <[email protected]>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <[email protected]>" [full] # gpg: aka "[jpeg image of size 6874]" [full] * tag 'pull-nbd-2023-07-28' of https://repo.or.cz/qemu/ericb: qemu-nbd: regression with arguments passing into nbd_client_thread() Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ccb86f0 - Browse repository at this point
Copy the full SHA ccb86f0View commit details
Commits on Jul 30, 2023
-
hw/nvme: use stl/ldl pci dma api
Use the stl/ldl pci dma api for writing/reading doorbells. This removes the explicit endian conversions. Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Cédric Le Goater <[email protected]> Tested-by: Cédric Le Goater <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Signed-off-by: Klaus Jensen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c1e244b - Browse repository at this point
Copy the full SHA c1e244bView commit details -
Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu…
… into staging hw/nvme fixes - use the stl/ldl pci dma api # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTGuc8ACgkQTeGvMW1P # Dek41wgAwqgRmtUhmmaQJJpF5Pya3J7n3Zkbp+cULdnSp/su7W7yIUTcTzdbr34d # 9LbNHmWerXYinlIxG08ZWw2lq0TwApKj+8gv/wf8H7dG86/pBYfoQvOlkNx2QKyR # vtRNlILCEbJpbSfY3LbFNvRGOkArr6HkzT4hZprUIfCvRg58u5oIxEx/ZYa+m3WU # ED0y/46e7HbVbmbwJKrn4EK3k0zGdFyeINRZ5TB5DML3lCTX6eaZTLUXGIb7LLcK # Xyv6/TCkPTggDszTam24kx0A7DhC+3f2C8DsJg7H8jnWb1F+oq/2EJam/0HU22Uk # n348MrWOusuF7kbHMCP9h28gYT3aWw== # =KjVO # -----END PGP SIGNATURE----- # gpg: Signature made Sun 30 Jul 2023 12:28:15 PM PDT # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <[email protected]>" [unknown] # gpg: aka "Klaus Jensen <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu: hw/nvme: use stl/ldl pci dma api Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8cb945b - Browse repository at this point
Copy the full SHA 8cb945bView commit details
Commits on Jul 31, 2023
-
target/arm: Fix MemOp for STGP
When converting to decodetree, the code to rebuild mop for the pair only made it into trans_STP and not into trans_STGP. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1790 Fixes: 8c212eb ("target/arm: Convert load/store-pair to decodetree") Signed-off-by: Richard Henderson <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 638511e - Browse repository at this point
Copy the full SHA 638511eView commit details -
elf2dmp: Don't abandon when Prcb is set to 0
Prcb may be set to 0 for some CPUs if the dump was taken before they start. The dump may still contain valuable information for started CPUs so don't abandon conversion in such a case. Signed-off-by: Akihiko Odaki <[email protected]> Reviewed-by: Viktor Prutyanov <[email protected]> Message-id: [email protected] Signed-off-by: Peter Maydell <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 548b8ed - Browse repository at this point
Copy the full SHA 548b8edView commit details -
target/arm: Avoid writing to constant TCGv in trans_CSEL()
In commit 0b188ea we changed the implementation of trans_CSEL() to use tcg_constant_i32(). However, this change was incorrect, because the implementation of the function sets up the TCGv_i32 rn and rm to be either zero or else a TCG temp created in load_reg(), and these TCG temps are then in both cases written to by the emitted TCG ops. The result is that we hit a TCG assertion: qemu-system-arm: ../../tcg/tcg.c:4455: tcg_reg_alloc_mov: Assertion `!temp_readonly(ots)' failed. (or on a non-debug build, just produce a garbage result) Adjust the code so that rn and rm are always writeable temporaries whether the instruction is using the special case "0" or a normal register as input. Cc: [email protected] Fixes: 0b188ea ("target/arm: Use tcg_constant in trans_CSEL") Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-id: [email protected]
Configuration menu - View commit details
-
Copy full SHA for 2b0d656 - Browse repository at this point
Copy the full SHA 2b0d656View commit details -
target/arm/tcg: Don't build AArch64 decodetree files for qemu-system-arm
Currently we list all the Arm decodetree files together and add them unconditionally to arm_ss. This means we build them for both qemu-system-aarch64 and qemu-system-arm. However, some of them are AArch64-specific, so there is no need to build them for qemu-system-arm. (Meson is smart enough to notice that the generated .c.inc file is not used by any objects that go into qemu-system-arm, so we only unnecessarily run decodetree, not anything more heavyweight like a recompile or relink, but it's still unnecessary work.) Split gen into gen_a32 and gen_a64, and only add gen_a64 for TARGET_AARCH64 compiles. Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected]
Configuration menu - View commit details
-
Copy full SHA for 71054f7 - Browse repository at this point
Copy the full SHA 71054f7View commit details -
kvm: Fix crash due to access uninitialized kvm_state
Runs into core dump on arm64 and the backtrace extracted from the core dump is shown as below. It's caused by accessing uninitialized @kvm_state in kvm_flush_coalesced_mmio_buffer() due to commit 176d073 ("hw/arm/virt: Use machine_memory_devices_init()"), where the machine's memory region is added earlier than before. main qemu_init configure_accelerators qemu_opts_foreach do_configure_accelerator accel_init_machine kvm_init virt_kvm_type virt_set_memmap machine_memory_devices_init memory_region_add_subregion memory_region_add_subregion_common memory_region_update_container_subregions memory_region_transaction_begin qemu_flush_coalesced_mmio_buffer kvm_flush_coalesced_mmio_buffer Fix it by bailing early in kvm_flush_coalesced_mmio_buffer() on the uninitialized @kvm_state. With this applied, no crash is observed on arm64. Fixes: 176d073 ("hw/arm/virt: Use machine_memory_devices_init()") Signed-off-by: Gavin Shan <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] Signed-off-by: Peter Maydell <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fe6bda5 - Browse repository at this point
Copy the full SHA fe6bda5View commit details -
gdbstub: Fix client Ctrl-C handling
The gdb remote protocol has a special interrupt character (0x03) that is transmitted outside the regular packet processing, and represents a Ctrl-C pressed in the client. Despite not being a regular packet, it does expect a regular stop response if the stub successfully stops the running program. See: https://sourceware.org/gdb/onlinedocs/gdb/Interrupts.html Inhibiting the stop reply packet can lead to gdb client hang. So permit a stop response when receiving a character from gdb that stops the vm. Additionally, add a warning if that was not a 0x03 character, because the gdb session is likely to end up getting confused if this happens. Cc: [email protected] Fixes: 7583700 ("gdbstub: only send stop-reply packets when allowed to") Reported-by: Frederic Barrat <[email protected]> Signed-off-by: Nicholas Piggin <[email protected]> Tested-by: Joel Stanley <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 108e818 - Browse repository at this point
Copy the full SHA 108e818View commit details -
Merge tag 'pull-target-arm-20230731' of https://git.linaro.org/people…
…/pmaydell/qemu-arm into staging target-arm queue: * Don't build AArch64 decodetree files for qemu-system-arm * Fix TCG assert in v8.1M CSEL etc * Fix MemOp for STGP * gdbstub: Fix client Ctrl-C handling * kvm: Fix crash due to access uninitialized kvm_state * elf2dmp: Don't abandon when Prcb is set to 0 # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmTHwb0ZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3uhwD/9d3RGbYGFi41DH6xmcm6KY # t1YZ4n/uf6/YnJMrpNuFHsuS1Qb2dpMucQ1mbjbC8/xxgc4OP04xSQX6FYSGKp8M # 5wGFJ4qwg+2CDXGHY9BzyaDiBZPUNoxvhTL2PwNchkRw1a1uqMOAunQjfXbKJVCB # c/qBNWEuDFRvbry3WAATxG7/SO96HVxqEkp5LlR8BAxL4w2QnvXrijzQxmgkQVWV # gZaKfEds0wXTvhhD6xCxVwat9IcszrtzcI7nVESbRTU/Ll1Zy6UayYPONSVhzGht # ZVTTc2NHTuYJxx8Zv1bRUygGUMjWNbIw3V2Nlb+SeT9oe8IZGLp5uUU1dk65IKtl # 40FCaVU02wtm3ueppcX58cvf9Xol+TdyAbwC+2cXnXkM84Ofnv9TaH8wExRBu9FR # iLu6Jxfthgr0WtcTrNCFxd+IUN7M+3zPI0KNct1lb67reQEyUp57abrrbNmXtD2f # a2M895OemHo1uUOi2Kdc7G6sDHEUHp3XTUefJ/35fr3ojIp8eMzoHlWRrBDgsLee # 3SjTs5SlTkQt5HpR1NAVdXaOP/fzqqHzhDdjprYzMpOpoaZmtME3f7qELjpgvvg9 # TTIggB5TjIodW+ghJzYTLJbVFbTKLX/CN0evMuUknvhZ/5bw0hEtCTi/4T1KUQ3L # JLdglSK7qOdQkjhAfmM/8A== # =mtWt # -----END PGP SIGNATURE----- # gpg: Signature made Mon 31 Jul 2023 07:14:21 AM PDT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "[email protected]" # gpg: Good signature from "Peter Maydell <[email protected]>" [full] # gpg: aka "Peter Maydell <[email protected]>" [full] # gpg: aka "Peter Maydell <[email protected]>" [full] # gpg: aka "Peter Maydell <[email protected]>" [unknown] * tag 'pull-target-arm-20230731' of https://git.linaro.org/people/pmaydell/qemu-arm: gdbstub: Fix client Ctrl-C handling kvm: Fix crash due to access uninitialized kvm_state target/arm/tcg: Don't build AArch64 decodetree files for qemu-system-arm target/arm: Avoid writing to constant TCGv in trans_CSEL() elf2dmp: Don't abandon when Prcb is set to 0 target/arm: Fix MemOp for STGP Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 234320c - Browse repository at this point
Copy the full SHA 234320cView commit details -
util/interval-tree: Use qatomic_read for left/right while searching
Fixes a race condition (generally without optimization) in which the subtree is re-read after the protecting if condition. Cc: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 055b86e - Browse repository at this point
Copy the full SHA 055b86eView commit details -
util/interval-tree: Use qatomic_set_mb in rb_link_node
Ensure that the stores to rb_left and rb_right are complete before inserting the new node into the tree. Otherwise a concurrent reader could see garbage in the new leaf. Cc: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4c8baa0 - Browse repository at this point
Copy the full SHA 4c8baa0View commit details -
util/interval-tree: Introduce pc_parent
Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d37a259 - Browse repository at this point
Copy the full SHA d37a259View commit details -
util/interval-tree: Use qatomic_read/set for rb_parent_color
While less susceptible to optimization problems than left and right, interval_tree_iter_next also reads rb_parent(), so make sure that stores and loads are atomic. This goes further than technically required, changing all loads to be atomic, rather than simply the ones in the iteration side. But it doesn't really affect the code generation on the rebalance side and is cleaner to handle everything the same. Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 79e2985 - Browse repository at this point
Copy the full SHA 79e2985View commit details -
accel/tcg: Clear tcg_ctx->gen_tb on buffer overflow
On overflow of code_gen_buffer, we unlock the guest pages we had been translating, but failed to clear gen_tb. On restart, if we cannot allocate a TB, we exit to the main loop to perform the flush of all TBs as soon as possible. With garbage in gen_tb, we hit an assert: ../src/accel/tcg/tb-maint.c:348:page_unlock__debug: \ assertion failed: (page_is_locked(pd)) Fixes: deba787 ("accel/tcg: Always lock pages before translation") Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ad17868 - Browse repository at this point
Copy the full SHA ad17868View commit details -
bsd-user: Allocate guest virtual address space
With reserved_va, mmap.c expects to have pre-allocated host address space for the entire guest address space. When combined with the -B command-line option, ensure that the chosen address does not overlap anything else. Ensure that mmap_next_start is within reserved_va, as we use it within mmap.c without checking. Reviewed by: Warner Losh <[email protected]> Signed-off-by: Richard Henderson <[email protected]> Message-Id: <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 28b61d4 - Browse repository at this point
Copy the full SHA 28b61d4View commit details -
bsd-user: Specify host page alignment if none specified
We're hitting an assert when we pass in alignment == 0 since that's not a power of two. so pass in the ideal page size. Signed-off-by: Warner Losh <[email protected]> Message-Id: <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0f2f324 - Browse repository at this point
Copy the full SHA 0f2f324View commit details -
target/ppc: Disable goto_tb with architectural singlestep
The change to use translator_use_goto_tb went too far, as the CF_SINGLE_STEP flag managed by the translator only handles gdb single stepping and not the architectural single stepping modeled in DisasContext.singlestep_enabled. Fixes: 6e9cc37 ("target/ppc: Use translator_use_goto_tb") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1795 Reviewed-by: Cédric Le Goater <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2e718e6 - Browse repository at this point
Copy the full SHA 2e718e6View commit details -
linux-user/armeb: Fix __kernel_cmpxchg() for armeb
Commit 7f4f0d9 ("linux-user/arm: Implement __kernel_cmpxchg with host atomics") switched to use qatomic_cmpxchg() to swap a word with the memory content, but missed to endianess-swap the oldval and newval values when emulating an armeb CPU, which expects words to be stored in big endian in the guest memory. The bug can be verified with qemu >= v7.0 on any little-endian host, when starting the armeb binary of the upx program, which just hangs without this patch. Cc: [email protected] Signed-off-by: Helge Deller <[email protected]> Reported-by: "Markus F.X.J. Oberhumer" <[email protected]> Reported-by: John Reiser <[email protected]> Closes: upx/upx#687 Message-Id: <ZMQVnqY+F+5sTNFd@p100> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 38dd78c - Browse repository at this point
Copy the full SHA 38dd78cView commit details -
target/s390x: Move trans_exc_code update to do_program_interrupt
This solves a problem in which the store to LowCore during tlb_fill triggers a clean-page TB invalidation for page0 during translation, which results in an assertion failure for locked pages. By delaying the store until after the exception has been raised, we will have unwound the pages locked for translation and the problem does not arise. There are plenty of other updates to LowCore while delivering an interrupt/exception; trans_exc_code does not need to be special. Reviewed-by: Ilya Leoshkevich <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8b94ec5 - Browse repository at this point
Copy the full SHA 8b94ec5View commit details -
target/openrisc: Set EPCR to next PC on FPE exceptions
The architecture specification calls for the EPCR to be set to "Address of next not executed instruction" when there is a floating point exception (FPE). This was not being done, so fix it by using the same pattern as syscall. Also, we move this logic down to be done for instructions not in the delay slot as called for by the architecture manual. Without this patch FPU exceptions will loop, as the exception handling will always return back to the failed floating point instruction. This was not noticed in earlier testing because: 1. The compiler usually generates code which clobbers the input operand such as: lf.div.s r19,r17,r19 2. The target will store the operation output before to the register before handling the exception. So an operation such as: float a = 100.0f; float b = 0.0f; float c = a / b; /* lf.div.s r19,r17,r19 */ Will first execute: 100 / 0 -> Store inf to c (r19) -> triggering divide by zero exception -> handle and return Then it will execute: 100 / inf -> Store 0 to c (no exception) To confirm the looping behavior and the fix I used the following: float fpu_div(float a, float b) { float c; asm volatile("lf.div.s %0, %1, %2" : "+r" (c) : "r" (a), "r" (b)); return c; } Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Stafford Horne <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 765fdc1 - Browse repository at this point
Copy the full SHA 765fdc1View commit details -
Merge tag 'pull-tcg-20230731' of https://gitlab.com/rth7680/qemu into…
… staging util/interval-tree: Access left/right/parent atomically accel/tcg: Clear gen_tb on buffer overflow bsd-user: Specify host page alignment if none specified bsd-user: Allocate guest virtual address space target/ppc: Disable goto_tb with architectural singlestep target/s390x: Move trans_exc_code update to do_program_interrupt # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTIIQUdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV87JAf/ZgJTq26oniJ4TLkS # 2UVBEcxGnnA2L1n4zcXG1o0onT5dAqm/6YjSlVD7C+Ol8pzQMomJKcWLL/jrCEUp # rQXPV9ibD5bCtO47MY3ZS3aW3pqOhXOeKUFer1+YHWRRyi9Y6kEx0d2No3MSGo18 # S5A6zPwqduQvZPBPVualmtdIrpTasxhUdNfbqBW31pxYpCNg1wqIiwKoLcD5NJeX # epVhaUi/7TwqljrK7SGXmmfDWiTHIXDtvPrJQcSYGgqpVNFzRuq6jTXRJObeWen0 # DhOHqC0Z6OkZ2gU+eso/VRbcbawQNQohUHQzZ7c0643TxncPDKG82/MDRe2MTJnq # /z+jpw== # =Z8UY # -----END PGP SIGNATURE----- # gpg: Signature made Mon 31 Jul 2023 02:00:53 PM PDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "[email protected]" # gpg: Good signature from "Richard Henderson <[email protected]>" [ultimate] * tag 'pull-tcg-20230731' of https://gitlab.com/rth7680/qemu: target/s390x: Move trans_exc_code update to do_program_interrupt linux-user/armeb: Fix __kernel_cmpxchg() for armeb target/ppc: Disable goto_tb with architectural singlestep bsd-user: Specify host page alignment if none specified bsd-user: Allocate guest virtual address space accel/tcg: Clear tcg_ctx->gen_tb on buffer overflow util/interval-tree: Use qatomic_read/set for rb_parent_color util/interval-tree: Introduce pc_parent util/interval-tree: Use qatomic_set_mb in rb_link_node util/interval-tree: Use qatomic_read for left/right while searching Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8023418 - Browse repository at this point
Copy the full SHA 8023418View commit details
Commits on Aug 1, 2023
-
hw/xen: Clarify (lack of) error handling in transaction_commit()
Coverity was unhappy (CID 1508359) because we didn't check the return of init_walk_op() in transaction_commit(), despite doing so at every other call site. Strictly speaking, this is a false positive since it can never fail. It only fails for invalid user input (transaction ID or path), and both of those are hard-coded to known sane values in this invocation. But Coverity doesn't know that, and neither does the casual reader of the code. Returning an error here would be weird, since the transaction *is* committed by this point; all the walk_op is doing is firing watches on the newly-committed changed nodes. So make it a g_assert(!ret), since it really should never happen. Signed-off-by: David Woodhouse <[email protected]> Reviewed-by: Paul Durrant <[email protected]> Message-Id: <[email protected]> Signed-off-by: Anthony PERARD <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ace33a0 - Browse repository at this point
Copy the full SHA ace33a0View commit details -
xen-block: Avoid leaks on new error path
Commit 1898293 ("xen-block: Use specific blockdev driver") introduced a new error path, without taking care of allocated resources. So only allocate the qdicts after the error check, and free both `filename` and `driver` when we are about to return and thus taking care of both success and error path. Coverity only spotted the leak of qdicts (*_layer variables). Reported-by: Peter Maydell <[email protected]> Fixes: Coverity CID 1508722, 1398649 Fixes: 1898293 ("xen-block: Use specific blockdev driver") Signed-off-by: Anthony PERARD <[email protected]> Reviewed-by: Paul Durrant <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Message-Id: <[email protected]> Signed-off-by: Anthony PERARD <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for aa36243 - Browse repository at this point
Copy the full SHA aa36243View commit details -
thread-pool: signal "request_cond" while locked
thread_pool_free() might have been called on the `pool`, which would be a reason for worker_thread() to quit. In this case, `pool->request_cond` is been destroyed. If worker_thread() didn't managed to signal `request_cond` before it been destroyed by thread_pool_free(), we got: util/qemu-thread-posix.c:198: qemu_cond_signal: Assertion `cond->initialized' failed. One backtrace: __GI___assert_fail (assertion=0x55555614abcb "cond->initialized", file=0x55555614ab88 "util/qemu-thread-posix.c", line=198, function=0x55555614ad80 <__PRETTY_FUNCTION__.17104> "qemu_cond_signal") at assert.c:101 qemu_cond_signal (cond=0x7fffb800db30) at util/qemu-thread-posix.c:198 worker_thread (opaque=0x7fffb800dab0) at util/thread-pool.c:129 qemu_thread_start (args=0x7fffb8000b20) at util/qemu-thread-posix.c:505 start_thread (arg=<optimized out>) at pthread_create.c:486 Reported here: https://lore.kernel.org/all/[email protected]/T/#u To avoid issue, keep lock while sending a signal to `request_cond`. Fixes: 900fa20 ("thread-pool: replace semaphore with condition variable") Signed-off-by: Anthony PERARD <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Message-Id: <[email protected]> Signed-off-by: Anthony PERARD <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f4f7136 - Browse repository at this point
Copy the full SHA f4f7136View commit details -
xen: Don't pass MemoryListener around by value
Coverity points out (CID 1513106, 1513107) that MemoryListener is a 192 byte struct which we are passing around by value. Switch to passing a const pointer into xen_register_ioreq() and then to xen_do_ioreq_register(). We can also make the file-scope MemoryListener variables const, since nothing changes them. Signed-off-by: Peter Maydell <[email protected]> Acked-by: Anthony PERARD <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Anthony PERARD <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bcb40db - Browse repository at this point
Copy the full SHA bcb40dbView commit details -
xen-platform: do full PCI reset during unplug of IDE devices
The IDE unplug function needs to reset the entire PCI device, to make sure all state is initialized to defaults. This is done by calling pci_device_reset, which resets not only the chip specific registers, but also all PCI state. This fixes "unplug" in a Xen HVM domU with the modular legacy xenlinux PV drivers. Commit ee358e9 ("hw/ide/piix: Convert reset handler to DeviceReset") changed the way how the the disks are unplugged. Prior this commit the PCI device remained unchanged. After this change, piix_ide_reset is exercised after the "unplug" command, which was not the case prior that commit. This function resets the command register. As a result the ata_piix driver inside the domU will see a disabled PCI device. The generic PCI code will reenable the PCI device. On the qemu side, this runs pci_default_write_config/pci_update_mappings. Here a changed address is returned by pci_bar_address, this is the address which was truncated in piix_ide_reset. In case of a Xen HVM domU, the address changes from 0xc120 to 0xc100. This truncation was a bug in piix_ide_reset, which was fixed in commit 230dfd9 ("hw/ide/piix: properly initialize the BMIBA register"). If pci_xen_ide_unplug had used pci_device_reset, the PCI registers would have been properly reset, and commit ee358e9 would have not introduced a regression for this specific domU environment. While the unplug is supposed to hide the IDE disks, the changed BMIBA address broke the UHCI device. In case the domU has an USB tablet configured, to recive absolute pointer coordinates for the GUI, it will cause a hang during device discovery of the partly discovered USB hid device. Reading the USBSTS word size register will fail. The access ends up in the QEMU piix-bmdma device, instead of the expected uhci device. Here a byte size request is expected, and a value of ~0 is returned. As a result the UCHI driver sees an error state in the register, and turns off the UHCI controller. Signed-off-by: Olaf Hering <[email protected]> Reviewed-by: Paul Durrant <[email protected]> Message-Id: <[email protected]> Signed-off-by: Anthony PERARD <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 856ca10 - Browse repository at this point
Copy the full SHA 856ca10View commit details -
Merge tag 'pull-xen-20230801' of https://xenbits.xen.org/git-http/peo…
…ple/aperard/qemu-dm into staging Misc fixes, for thread-pool, xen, and xen-emulate * fix an access to `request_cond` QemuCond in thread-pool * fix issue with PCI devices when unplugging IDE devices in Xen guest * several fixes for issues pointed out by Coverity # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEE+AwAYwjiLP2KkueYDPVXL9f7Va8FAmTI0qcACgkQDPVXL9f7 # Va9DVAgAlKGhkOhLiOtlwL05iI8/YiT7ekCSoMTWYO8iIyLCKGLVU5yyOAqYiAJD # dEgXNZOeulcLkn3LDCQYtZJmD42sUHv/xmdJ06zJ9jRvtLAJp5wuwaU9JFDhJPsG # eYPGBMdO39meUmgQe3X27CEKtht5Z8M9ZABdTLAxMyPANEzFmT7ni9wd/8Uc+tWg # BMsXQco8e1GSiBUjSky5nSW248FVDIyjkaYWk1poXEfm4gPQ0jf9gg/biEj44cSH # Tdz6de1kTwJfuYR+h+COQOrq0fUfz4SyVocKvtycZhKGXIqL74DiIGatxdVOwV9Y # NJ8g4oKDgDeMBZ66kXnTX4Y9nzhPpA== # =CdlZ # -----END PGP SIGNATURE----- # gpg: Signature made Tue 01 Aug 2023 02:38:47 AM PDT # gpg: using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF # gpg: Good signature from "Anthony PERARD <[email protected]>" [unknown] # gpg: aka "Anthony PERARD <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 5379 2F71 024C 600F 778A 7161 D8D5 7199 DF83 42C8 # Subkey fingerprint: F80C 0063 08E2 2CFD 8A92 E798 0CF5 572F D7FB 55AF * tag 'pull-xen-20230801' of https://xenbits.xen.org/git-http/people/aperard/qemu-dm: xen-platform: do full PCI reset during unplug of IDE devices xen: Don't pass MemoryListener around by value thread-pool: signal "request_cond" while locked xen-block: Avoid leaks on new error path hw/xen: Clarify (lack of) error handling in transaction_commit() Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 38a6de8 - Browse repository at this point
Copy the full SHA 38a6de8View commit details -
io: remove io watch if TLS channel is closed during handshake
The TLS handshake make take some time to complete, during which time an I/O watch might be registered with the main loop. If the owner of the I/O channel invokes qio_channel_close() while the handshake is waiting to continue the I/O watch must be removed. Failing to remove it will later trigger the completion callback which the owner is not expecting to receive. In the case of the VNC server, this results in a SEGV as vnc_disconnect_start() tries to shutdown a client connection that is already gone / NULL. CVE-2023-3354 Reported-by: jiangyegen <[email protected]> Signed-off-by: Daniel P. Berrangé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 10be627 - Browse repository at this point
Copy the full SHA 10be627View commit details -
Merge tag 'io-tls-hs-crash-pull-request' of https://gitlab.com/berran…
…ge/qemu into staging Fix crash during early close of TLS channel # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE2vOm/bJrYpEtDo4/vobrtBUQT98FAmTJRN4ACgkQvobrtBUQ # T9+jYBAAinW63Oj4PVXMD1hQr3r6aShr3O5YkUqZjWeOh0+VdJpfRwk39Cgagjp5 # WURcPIlE7NR78ZeHQmd4w+D36EyzqMajm+MuGnOUUdCUR/zCHmAzeClyDlEZoril # Fn6urO/qg+38vdyvnZUJ35KC5vtTn+uX0djEVJRwrOb0mXaeU6z3RY/XzIJcY9HZ # sL1yhyyAaQ2T5lX8kD3cJhyqjjpZHUXWFE0HoxxzcfR4dLOF45RevT8fPzrLl+wi # UrTMc8agylo2J/h6FD9niUNlgUjmeRp6j5q6bLGVx1gaoi6VTxA6wl074rMqW37V # bXqoYffGeA9pIGdXSqSnOeRkqONbgAoLzlNkLSgVEz96janqZYydkldS5YaOC8VM # qI0Je6fWFQIbg9acf6Wdb8aoqaM7chgU7tkSQ51wnj4ItIwfWJADm4/ZYDrgeFC6 # vj5I+aMyqneEbouzNFsYjEE5KSjqwe8Hdv9VLhfPI9uluzveMencYGPm4gufzO46 # t6yYi+SGvejDLE9dxExbD7xwt79VRTC5oPes6tZRv+C+ccKAXT/igquQsvBHehoo # Py1bi0Gi/PwkzvpXgdAfsWJDM8tFPsveicdNdYG4iqxDOrNWlbvbpdqNzjLOT9jt # 8gr8MY9fGMVeBi29I46AsAmE7K78yg88ZoNBhy6C0oIhGKCDK1s= # =qwqP # -----END PGP SIGNATURE----- # gpg: Signature made Tue 01 Aug 2023 10:46:06 AM PDT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <[email protected]>" [full] # gpg: aka "Daniel P. Berrange <[email protected]>" [full] * tag 'io-tls-hs-crash-pull-request' of https://gitlab.com/berrange/qemu: io: remove io watch if TLS channel is closed during handshake Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a51c070 - Browse repository at this point
Copy the full SHA a51c070View commit details -
hw/xen: fix off-by-one in xen_evtchn_set_gsi()
Coverity points out (CID 1508128) a bounds checking error. We need to check for gsi >= IOAPIC_NUM_PINS, not just greater-than. Also fix up an assert() that has the same problem, that Coverity didn't see. Fixes: 4f81baa ("hw/xen: Support GSI mapping to PIRQ") Signed-off-by: David Woodhouse <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cf885b1 - Browse repository at this point
Copy the full SHA cf885b1View commit details -
i386/xen: consistent locking around Xen singleshot timers
Coverity points out (CID 1507534, 1507968) that we sometimes access env->xen_singleshot_timer_ns under the protection of env->xen_timers_lock and sometimes not. This isn't always an issue. There are two modes for the timers; if the kernel supports the EVTCHN_SEND capability then it handles all the timer hypercalls and delivery internally, and all we use the field for is to get/set the timer as part of the vCPU state via an ioctl(). If the kernel doesn't have that support, then we do all the emulation within qemu, and *those* are the code paths where we actually care about the locking. But it doesn't hurt to be a little bit more consistent and avoid having to explain *why* it's OK. Signed-off-by: David Woodhouse <[email protected]> Reviewed-by: Paul Durrant <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 19c417e - Browse repository at this point
Copy the full SHA 19c417eView commit details -
hw/xen: prevent guest from binding loopback event channel to itself
Fuzzing showed that a guest could bind an interdomain port to itself, by guessing the next port to be allocated and putting that as the 'remote' port number. By chance, that works because the newly-allocated port has type EVTCHNSTAT_unbound. It shouldn't. Signed-off-by: David Woodhouse <[email protected]> Reviewed-by: Paul Durrant <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 75a87af - Browse repository at this point
Copy the full SHA 75a87afView commit details -
ui/dbus: fix win32 compilation when !opengl
Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1782 Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 866b24e - Browse repository at this point
Copy the full SHA 866b24eView commit details -
ui/dbus: fix clang compilation issue
../ui/dbus-listener.c:236:9: error: expected expression Error *err = NULL; See: https://gitlab.com/qemu-project/qemu/-/issues/1782#note_1488517427 Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7b4a3f8 - Browse repository at this point
Copy the full SHA 7b4a3f8View commit details -
misc: Fix some typos in documentation and comments
Signed-off-by: Stefan Weil <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 313e162 - Browse repository at this point
Copy the full SHA 313e162View commit details -
tests/migration: Add -fno-stack-protector
A build of GCC 13.2 will have stack protector enabled by default if it was configured with --enable-default-ssp option. For such a compiler, it is necessary to explicitly disable stack protector when linking without standard libraries. Signed-off-by: Akihiko Odaki <[email protected]> Reviewed-by: Juan Quintela <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7a06a8f - Browse repository at this point
Copy the full SHA 7a06a8fView commit details -
target/nios2: Pass semihosting arg to exit
Instead of using R_ARG0 (the semihost function number), use R_ARG1 (the provided exit status). Signed-off-by: Keith Packard <[email protected]> Reviewed-by: Peter Maydell <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c11d5bd - Browse repository at this point
Copy the full SHA c11d5bdView commit details -
target/nios2: Fix semihost lseek offset computation
The arguments for deposit64 are (value, start, length, fieldval); this appears to have thought they were (value, fieldval, start, length). Reorder the parameters to match the actual function. Signed-off-by: Keith Packard <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Fixes: d1e23cb ("target/nios2: Use semihosting/syscalls.h") Reviewed-by: Peter Maydell <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 71e2dd6 - Browse repository at this point
Copy the full SHA 71e2dd6View commit details -
target/m68k: Fix semihost lseek offset computation
The arguments for deposit64 are (value, start, length, fieldval); this appears to have thought they were (value, fieldval, start, length). Reorder the parameters to match the actual function. Cc: [email protected] Fixes: 9502725 ("target/m68k: Use semihosting/syscalls.h") Reported-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8caaae7 - Browse repository at this point
Copy the full SHA 8caaae7View commit details
Commits on Aug 2, 2023
-
qapi: Reformat the dirty-limit migration doc comments
Reformat the dirty-limit migration doc comments to conform to current conventions as commit a937b6a (qapi: Reformat doc comments to conform to current conventions). Signed-off-by: Hyman Huang(黄勇) <[email protected]> Message-ID: <[email protected]> Reviewed-by: Markus Armbruster <[email protected]> [Whitespace tidied up] Signed-off-by: Markus Armbruster <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8abc811 - Browse repository at this point
Copy the full SHA 8abc811View commit details -
qapi: Craft the dirty-limit capability comment
Signed-off-by: Hyman Huang(黄勇) <[email protected]> Message-ID: <[email protected]> Reviewed-by: Markus Armbruster <[email protected]> Signed-off-by: Markus Armbruster <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ef96537 - Browse repository at this point
Copy the full SHA ef96537View commit details -
MAINTAINERS: Add section "Migration dirty limit and dirty page rate"
I've built interests in dirty limit and dirty page rate features and also have been working on projects related to this subsystem. Add a section to the MAINTAINERS file for migration dirty limit and dirty page rate. Add myself as a maintainer for this subsystem so that I can help to improve the dirty limit algorithm and review the patches about dirty page rate. Signed-off-by: Hyman Huang(黄勇) <[email protected]> Acked-by: Peter Xu <[email protected]> Message-ID: <[email protected]> Acked-by: Markus Armbruster <[email protected]> Signed-off-by: Markus Armbruster <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2b3edd9 - Browse repository at this point
Copy the full SHA 2b3edd9View commit details -
Merge tag 'misc-fixes-20230801' of https://github.com/philmd/qemu int…
…o staging Misc patches queue xen: Fix issues reported by fuzzer / Coverity misc: Fix some typos in documentation and comments ui/dbus: Build fixes for Clang/win32/!opengl linux-user: Semihosting fixes on m68k/nios2 tests/migration: Disable stack protector when linking without stdlib # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmTJfrQACgkQ4+MsLN6t # wN4Nqw/+NjoW2jdy9LNAgx7IeH2w+HfvvULpBOTDRRNahuXbGpzl6L57cS92r5a8 # UFJGfxbL2nlxrJbUdAWGONIweCvUb9jnpbT2id1dBp4wp+8aKFvPj1Al34OENNVS # 1lQT0G6mKx9itcXP9lVSBPhEbWIB9ZMaDG0R872bA6Ec3G7PWny+AOhMvJecieol # 2Qyv84ioA3N0xkYUB64KBVDmJOG0Tx+LYZfsXUybLKwfvBDLeVkHuHKtb94kh0G9 # MUsM/p9sHvfrC1bO+DQ9P1bzRI9zw2I2f4xMIs4QCMGPbJUrhv7edOc2PSO5XQoG # izcV9NSL0tl6LbXZvkE7sJw0tDuR6R9sQ9KJWoltJCGRGOWlC5CeSTUfLbH9HkFc # CXapKWth6cmOboGZNTlidn41oH7xE/kW6Em1XAD0M0eLUCUMzVjaSs1sIwKnbF7i # sz7HcgAAuAVhmR0n4zOkphJkek72J7atLNpqU0AdYH46LR92zSdh6YoD5YDBPwY8 # hoy7VFauSkF8+5Wi7CTTjtq+edkuFRcuNMCR0Fd2iolE8KKYvxHnwEGH/5T4s2m7 # 8f40AEyQRk0nFn44tqeyb14O8c2lZL3jmDEh+LYT/PPp/rCc/X7Ugplpau+bNZsx # OOZd0AxujbrK+Xn80Agc+3/vn4/2eAvz7OdGc/SmKuYLyseBQfo= # =5ZLa # -----END PGP SIGNATURE----- # gpg: Signature made Tue 01 Aug 2023 02:52:52 PM PDT # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <[email protected]>" [full] * tag 'misc-fixes-20230801' of https://github.com/philmd/qemu: target/m68k: Fix semihost lseek offset computation target/nios2: Fix semihost lseek offset computation target/nios2: Pass semihosting arg to exit tests/migration: Add -fno-stack-protector misc: Fix some typos in documentation and comments ui/dbus: fix clang compilation issue ui/dbus: fix win32 compilation when !opengl hw/xen: prevent guest from binding loopback event channel to itself i386/xen: consistent locking around Xen singleshot timers hw/xen: fix off-by-one in xen_evtchn_set_gsi() Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 081619e - Browse repository at this point
Copy the full SHA 081619eView commit details -
Merge tag 'pull-qapi-2023-08-02' of https://repo.or.cz/qemu/armbru in…
…to staging QAPI patches patches for 2023-08-02 # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEENUvIs9frKmtoZ05fOHC0AOuRhlMFAmTKB9wSHGFybWJydUBy # ZWRoYXQuY29tAAoJEDhwtADrkYZT5w4P/ReWCzwnNWDHAlInd91gQxmH5AB5VRMK # jnLLLxzMx3KIk2cjoHG7nvVBpHKaEzhwZoyjQvILnSoHVeHUteHNvfJAS/LG0bYw # ujpSem7C1LXT/+WPf/j2eIdfZ243Z1/WkJW4ZXWuUyZYea0Uc6M+eXgnw1VfZOPn # UmTXrJzV35KY2mB4EMdBON2P/0VnqoXH17Ke13JxI10NDgFzzhlltM5J4CBKFqPM # XcrpeuQdfk3NR1XxDIUIVNcYkbg1EMVrnZs1m8M8hcgnUKAxoPyYFdq2m+bVITmL # C4uxdqg6UUvtHzwdp/CbeXPBKuuZnR4TcFIW+4uJHoCJxhLjKhACbowz8fCHh8dg # 5999ZsmgCfK4P4KxcOYQpGG5qLm4G8L+cxx/b5Tu/UlguCwc6/CRs6njpzA0trDy # 4Qz+F7hSGQqSX5hZT6h94l88fZ+tfrSnXGRxhpwF2pFOzTZsIvE8X43KIXo1jMWf # M4mwb7TtMmBgF4Q6rfg1GxcYkJ7weFlro7nsWUOxPZXINJO17pDx8OI9bLkBV99x # UQ1pfGhhTncVGai/eNOtr+REXpW0mse5DAX8UlxiBJyerQhjbqq4cKHrbMvoRE1D # YJRt7h8t2mKwmdXpGRkVtLEvTKivhJ9x4/ZRmoKzWDlTucNN/gW5rUahbJ68d3Qf # tsq+a97nbfp4 # =/Xq1 # -----END PGP SIGNATURE----- # gpg: Signature made Wed 02 Aug 2023 12:38:04 AM PDT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "[email protected]" # gpg: Good signature from "Markus Armbruster <[email protected]>" [undefined] # gpg: aka "Markus Armbruster <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * tag 'pull-qapi-2023-08-02' of https://repo.or.cz/qemu/armbru: MAINTAINERS: Add section "Migration dirty limit and dirty page rate" qapi: Craft the dirty-limit capability comment qapi: Reformat the dirty-limit migration doc comments Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fb695ae - Browse repository at this point
Copy the full SHA fb695aeView commit details -
Update version for v8.1.0-rc2 release
Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9ba3702 - Browse repository at this point
Copy the full SHA 9ba3702View commit details
Commits on Aug 3, 2023
-
util/oslib-win32: Fix compiling with Clang from MSYS2
Clang complains: ../util/oslib-win32.c:483:56: error: omitting the parameter name in a function definition is a C2x extension [-Werror,-Wc2x-extensions] win32_close_exception_handler(struct _EXCEPTION_RECORD*, ^ Fix it by adding parameter names. Message-Id: <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c5b5288 - Browse repository at this point
Copy the full SHA c5b5288View commit details -
gitlab: remove duplication between msys jobs
Although they share a common parent, the two msys jobs still have massive duplication in their script definitions that can easily be collapsed. Signed-off-by: Daniel P. Berrangé <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 11961d0 - Browse repository at this point
Copy the full SHA 11961d0View commit details -
gitlab: print timestamps during windows msys jobs
It is hard to get visibility into where time is consumed in our Windows msys jobs. Adding a few log console messages with the timestamp will aid in our debugging. Signed-off-by: Daniel P. Berrangé <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b64052c - Browse repository at this point
Copy the full SHA b64052cView commit details -
gitlab: always use updated msys installer
We current reference an msys installer binary from mid-2022, which means after installation, it immediately has to re-download a bunch of newer content. This wastes precious CI time. The msys project publishes an installer binary with a fixed URL that always references the latest content. We cache the downloads in gitlab though and so once downloaded we would never re-fetch the installer leading back to the same problem. To deal with this we also fetch the pgp signature for the installer on every run, and compare that to the previously cached signature. If the signature changes, we re-download the full installer. This ensures we always have the latest installer for msys, while also maximising use of the gitlab cache. Signed-off-by: Daniel P. Berrangé <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 46aedd3 - Browse repository at this point
Copy the full SHA 46aedd3View commit details -
gitlab: drop $CI_PROJECT_DIR from cache path
The gitlab cache is limited to only handle content within the $CI_PROJECT_DIR hierarchy, and as such relative paths are always implicitly relative to $CI_PROJECT_DIR. Signed-off-by: Daniel P. Berrangé <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5ef56e3 - Browse repository at this point
Copy the full SHA 5ef56e3View commit details -
gitlab: always populate cache for windows msys jobs
The cache is used to hold the msys installer. Even if the build phase fails, we should still populate the cache as the installer will be valid for next time. Signed-off-by: Daniel P. Berrangé <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ef4fe31 - Browse repository at this point
Copy the full SHA ef4fe31View commit details -
configure: support passthrough of -Dxxx args to meson
This can be useful for setting some meson global options, such as the optimization level or debug state.xs Signed-off-by: Daniel P. Berrangé <[email protected]> Message-Id: <[email protected]> [thuth: Move the help text into the section with the other --... options] Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ff136d2 - Browse repository at this point
Copy the full SHA ff136d2View commit details -
gitlab: disable optimization and debug symbols in msys build
Building at -O2, adds 33% to the build time, over -O2. IOW a build that takes 45 minutes at -O0, takes 60 minutes at -O2. Turning off debug symbols drops it further, down to 38 minutes. IOW, a "-O2 -g" build is 58% slower than a "-O0" build on msys in the gitlab CI windows shared runners. Signed-off-by: Daniel P. Berrangé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 63f5365 - Browse repository at this point
Copy the full SHA 63f5365View commit details -
gitlab: disable FF_SCRIPT_SECTIONS on msys jobs
The FF_SCRIPT_SECTIONS=1 variable should ordinarily cause output from each line of the job script to be presented in a collapsible section with execution time listed. While it works on Linux shared runners, when used with Windows runners with PowerShell, this option does not create any sections, and actually causes echo'ing of commands to be disabled, making it even worse to debug the jobs. Signed-off-by: Daniel P. Berrangé <[email protected]> Acked-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Signed-off-by: Thomas Huth <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f54ba56 - Browse repository at this point
Copy the full SHA f54ba56View commit details -
Merge tag 'pull-request-2023-08-03' of https://gitlab.com/thuth/qemu …
…into staging * Fix timeout problems in the MSYS Gitlab CI jobs * Fix a problem when compiling with Clang on Windows # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmTLijMRHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbW+OQ/5ASeu4rx6jyE8JFqRtvP6NEZ+UgQMRoCg # NEfmSd9Y+tFewyuhLY5Pf6yUJWEljrdXp5ST6FId759l6DZ6mzQu809v427nN4Sb # CxcwRYtoT2eEU0zhJ5ShnCXsNCl7Yyco3elWWFL3kbw4X2ooeOPkkGqQ1Tdfym8m # /C+KVvFqFq4pnLnqMi7StylWtjYh/rAIMOw4kBDc3xU67eZiAd17+Hn9/t3Kca39 # 99A1JW0LiR0U1ZkX7R/q8YbICUtBsrPww9HmqlX7BoNy2vzr6jgKqo1dkm5QkDfK # ZEzvS1nssb3iiavIJbO7entWMcryzAiu6LF5imbI4e5T5uwerd3RVoHCsem2mu7Q # CUoCEYjCFYC7HTRLl80UKcbPC1tn6y6q+PGaFY0z2eJnaxHifbY0rVu3eKo/oJIb # Ba1ltlxlXKIey6usJcEjG7ZEgYsyxtmX0KJQgjWaKvuMx2ElcEMg4J/eE57NEmW/ # srfTrUpSZwplnEX8C8wQeqmzoBvUmubLiO7Z9l8yqMHcqXxn95fybxPFGafpAziF # hQ9Qs6YB81522V9JG6pt135vUXWA+L5UiptYc97PHZ66E2hZrfUrA1tm0lajcZI+ # GARvFLMfsNWIPPnS2iz8jMrkXtTc3xgTz2zEv2BL9s9sUH0+L6ggDY8DgbjITrjF # hM4vUezCa7E= # =K5Qb # -----END PGP SIGNATURE----- # gpg: Signature made Thu 03 Aug 2023 04:06:27 AM PDT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "[email protected]" # gpg: Good signature from "Thomas Huth <[email protected]>" [undefined] # gpg: aka "Thomas Huth <[email protected]>" [undefined] # gpg: aka "Thomas Huth <[email protected]>" [unknown] # gpg: aka "Thomas Huth <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2023-08-03' of https://gitlab.com/thuth/qemu: gitlab: disable FF_SCRIPT_SECTIONS on msys jobs gitlab: disable optimization and debug symbols in msys build configure: support passthrough of -Dxxx args to meson gitlab: always populate cache for windows msys jobs gitlab: drop $CI_PROJECT_DIR from cache path gitlab: always use updated msys installer gitlab: print timestamps during windows msys jobs gitlab: remove duplication between msys jobs util/oslib-win32: Fix compiling with Clang from MSYS2 Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c167c80 - Browse repository at this point
Copy the full SHA c167c80View commit details -
block/blkio: close the fd when blkio_connect() fails
libblkio drivers take ownership of `fd` only after a successful blkio_connect(), so if it fails, we are still the owners. Fixes: cad2ccc ("block/blkio: use qemu_open() to support fd passing for virtio-blk") Suggested-by: Hanna Czenczek <[email protected]> Signed-off-by: Stefano Garzarella <[email protected]> Reviewed-by: Hanna Czenczek <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0b054b4 - Browse repository at this point
Copy the full SHA 0b054b4View commit details -
block/blkio: add more comments on the fd passing handling
As Hanna pointed out, it is not clear in the code why qemu_open() can fail, and why blkio_set_int("fd") is not enough to discover the `fd` property support. Let's fix them by adding more details in the code comments. Suggested-by: Hanna Czenczek <[email protected]> Reviewed-by: Hanna Czenczek <[email protected]> Signed-off-by: Stefano Garzarella <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9b06d0d - Browse repository at this point
Copy the full SHA 9b06d0dView commit details -
Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu in…
…to staging Pull request Fix for an fd leak in the blkio block driver. # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEEhpWov9P5fNqsNXdanKSrs4Grc8gFAmTLzf0ACgkQnKSrs4Gr # c8hoGQf+KjsuChyk8/aoDP4MMkNB1/X3nsazCd3GY3uE+DRK8ieiRJeT6chMIey/ # sK3v/drkDmdjj30qbXGxjLVa5SNsP9N6pVoo8fnFJN7LmGBE/JLEYUYVNpHAKEzb # N7mgDBcTHZWKGwZsh109X5l3Cr6HR484m3qKI/49qlVuWJmp8/lDUbFJbp96I6g9 # ki9W0itwOrdtebYyUDml8eE/yLOxOTWx5Q7Q+qwSiEUNCwyd7yOS1QHQbnCgKw3m # c0Qzch2Z3dT61YbMrF6j0H7M1dXXcbNFdYVeMHYYJRkeN+bz4fWcUC4HkrL6YWf5 # GLIj5irTSnae4TevlYVZT+72v99QQQ== # =pQ96 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 03 Aug 2023 08:55:41 AM PDT # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <[email protected]>" [full] # gpg: aka "Stefan Hajnoczi <[email protected]>" [full] * tag 'block-pull-request' of https://gitlab.com/stefanha/qemu: block/blkio: add more comments on the fd passing handling block/blkio: close the fd when blkio_connect() fails Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2e6a56f - Browse repository at this point
Copy the full SHA 2e6a56fView commit details -
hw/virtio-iommu: Fix potential OOB access in virtio_iommu_handle_comm…
…and() In the virtio_iommu_handle_command() when a PROBE request is handled, output_size takes a value greater than the tail size and on a subsequent iteration we can get a stack out-of-band access. Initialize the output_size on each iteration. The issue was found with ASAN. Credits to: Yiming Tao(Zhejiang University) Gaoning Pan(Zhejiang University) Fixes: 1733eeb ("virtio-iommu: Implement RESV_MEM probe request") Signed-off-by: Eric Auger <[email protected]> Reported-by: Mauro Matteo Cascella <[email protected]> Cc: [email protected] Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cf2f89e - Browse repository at this point
Copy the full SHA cf2f89eView commit details -
hw/pci-bridge/cxl_upstream.c: Use g_new0() in build_cdat_table()
In build_cdat_table() we do: *cdat_table = g_malloc0(sizeof(*cdat_table) * CXL_USP_CDAT_NUM_ENTRIES); This is wrong because: - cdat_table has type CDATSubHeader *** - so *cdat_table has type CDATSubHeader ** - so the array we're allocating here should be items of type CDATSubHeader * - but we pass sizeof(*cdat_table), which is sizeof(CDATSubHeader **), implying that we're allocating an array of CDATSubHeader ** It happens that sizeof(CDATSubHeader **) == sizeof(CDATSubHeader *) so nothing blows up, but this should be sizeof(**cdat_table). Avoid this excessively hard-to-understand code by using g_new0() instead, which will do the type checking for us. While we're here, we can drop the useless check against failure, as g_malloc0() and g_new0() never fail. This fixes Coverity issue CID 1508120. Signed-off-by: Peter Maydell <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Jonathan Cameron <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 503d86d - Browse repository at this point
Copy the full SHA 503d86dView commit details -
virtio-iommu: Standardize granule extraction and formatting
At several locations we compute the granule from the config page_size_mask using ctz() and then format it in traces using BIT(). As the page_size_mask is 64b we should use ctz64 and BIT_ULL() for formatting. We failed to be consistent. Note the page_size_mask is garanteed to be non null. The spec mandates the device to set at least one bit, so ctz64 cannot return 64. This is garanteed by the fact the device initializes the page_size_mask to qemu_target_page_mask() and then the page_size_mask is further constrained by virtio_iommu_set_page_size_mask() callback which can't result in a new mask being null. So if Coverity complains round those ctz64/BIT_ULL with CID 1517772 this is a false positive Signed-off-by: Eric Auger <[email protected]> Fixes: 94df5b2 ("virtio-iommu: Fix 64kB host page size VFIO device assignment") Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Jean-Philippe Brucker <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1084fed - Browse repository at this point
Copy the full SHA 1084fedView commit details -
hw/virtio: Add a protection against duplicate vu_scmi_stop calls
The QEMU CI fails in virtio-scmi test occasionally. As reported by Thomas Huth, this happens most likely when the system is loaded and it fails with the following error: qemu-system-aarch64: ../../devel/qemu/hw/pci/msix.c:659: msix_unset_vector_notifiers: Assertion `dev->msix_vector_use_notifier && dev->msix_vector_release_notifier' failed. ../../devel/qemu/tests/qtest/libqtest.c:200: kill_qemu() detected QEMU death from signal 6 (Aborted) (core dumped) As discovered by Fabiano Rosas, the cause is a duplicate invocation of msix_unset_vector_notifiers via duplicate vu_scmi_stop calls: msix_unset_vector_notifiers virtio_pci_set_guest_notifiers vu_scmi_stop vu_scmi_disconnect ... qemu_chr_write_buffer msix_unset_vector_notifiers virtio_pci_set_guest_notifiers vu_scmi_stop vu_scmi_set_status ... qemu_cleanup While vu_scmi_stop calls are protected by vhost_dev_is_started() check, it's apparently not enough. vhost-user-blk and vhost-user-gpio use an extra protection, see f5b22d0 (vhost: recheck dev state in the vhost_migration_log routine) for the motivation. Let's use the same in vhost-user-scmi, which fixes the failure above. Fixes: a5dab09 ("hw/virtio: Add boilerplate for vhost-user-scmi device") Signed-off-by: Milan Zamazal <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Tested-by: Thomas Huth <[email protected]> Reviewed-by: Fabiano Rosas <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 63a3520 - Browse repository at this point
Copy the full SHA 63a3520View commit details -
tests: acpi: x86: whitelist expected blobs
Signed-off-by: Igor Mammedov <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 45d9d31 - Browse repository at this point
Copy the full SHA 45d9d31View commit details -
x86: acpi: workaround Windows not handling name references in Package…
… properly it seems that Windows is unable to handle variable references making it choke up when accessing ASUN during _DSM call when device is hotplugged (it lists package elements as DataAlias but despite that later on it misbehaves) with following error shown up in AMLI debugger (WS2012r2): Store(ShiftLeft(One,Arg1="ASUN",) AMLI_ERROR(c0140008): Unexpected argument type ValidateArgTypes: expected Arg1 to be type Integer (Type=String) Similar outcome with WS2022. Issue is not fatal but as result acpi-index/"PCI Label ID" property is either not shown in device details page or shows incorrect value. Fix it by doing assignment of BSEL/ASUN values to package elements manually after package declaration. Fix was tested with: WS2012r2, WS2022, RHEL9 Fixes: 467d099 (x86: acpi: _DSM: use Package to pass parameters) Signed-off-by: Igor Mammedov <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 44d975e - Browse repository at this point
Copy the full SHA 44d975eView commit details -
tests: acpi: x86: update expected blobs
Following change is expected on each PCI slot with enabled ACPI PCI hotplug - BSEL, - ASUN + Zero, + Zero } + Local0 [Zero] = BSEL /* \_SB_.PCI0.BSEL */ + Local0 [One] = ASUN /* \_SB_.PCI0.S18_.ASUN */ Signed-off-by: Igor Mammedov <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6e51085 - Browse repository at this point
Copy the full SHA 6e51085View commit details -
tests: acpi: whitelist expected blobs
Signed-off-by: Igor Mammedov <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d3dc64f - Browse repository at this point
Copy the full SHA d3dc64fView commit details -
acpi: x86: remove _ADR on host bridges
ACPI spec (since 2.0a) says " A device object must contain either an _HID object or an _ADR object, but can contain both. " _ADR is used when device is attached to an ennumerable bus, however hostbridge is not and uses dedicated _HID for discovery, drop _ADR field. It doesn't seem that having _ADR has a negative effects OSes manage to tolerate that, but there is no point of having it there. (only pc/q35 has it hostbridge description, while others (microvm/arm) don't) Signed-off-by: Igor Mammedov <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5ce869f - Browse repository at this point
Copy the full SHA 5ce869fView commit details -
tests: acpi: update expected blobs
Expected change is that _ADR object is removed from hostbridge descriptor in DSDT for PC and Q35 machines. Signed-off-by: Igor Mammedov <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e3c79cf - Browse repository at this point
Copy the full SHA e3c79cfView commit details -
hw/virtio: qmp: add RING_RESET to 'info virtio-status'
Signed-off-by: David Edmondson <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 92f0422 - Browse repository at this point
Copy the full SHA 92f0422View commit details -
virtio: Fix packed virtqueue used_idx mask
virtio_queue_packed_set_last_avail_idx() is used by vhost devices to set the internal queue indices to what has been reported by the vhost back-end through GET_VRING_BASE. For packed virtqueues, this 32-bit value is expected to contain both the device's internal avail and used indices, as well as their respective wrap counters. To get the used index, we shift the 32-bit value right by 16, and then apply a mask of 0x7ffff. That seems to be a typo, because it should be 0x7fff; first of all, the virtio specification says that the maximum queue size for packed virt queues is 2^15, so the indices cannot exceed 2^15 - 1 anyway, making 0x7fff the correct mask. Second, the mask clearly is wrong from context, too, given that (A) `idx & 0x70000` must be 0 at this point (`idx` is 32 bit and was shifted to the right by 16 already), (B) `idx & 0x8000` is the used_wrap_counter, so should not be part of the used index, and (C) `vq->used_idx` is a `uint16_t`, so cannot fit the 0x70000 part of the mask anyway. This most likely never produced any guest-visible bugs, though, because for a vhost device, qemu will probably not evaluate the used index outside of virtio_queue_packed_get_last_avail_idx(), where we reconstruct the 32-bit value from avail and used indices and their wrap counters again. There, it does not matter whether the highest bit of the used_idx is the used index wrap counter, because we put the wrap counter exactly in that position anyway. Signed-off-by: Hanna Czenczek <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: German Maglione <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c92f4fc - Browse repository at this point
Copy the full SHA c92f4fcView commit details -
pci: do not respond config requests after PCI device eject
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2224964 In migration with VF failover, Windows guest and ACPI hot unplug we do not need to satisfy config requests, otherwise the guest immediately detects the device and brings up its driver. Many network VF's are stuck on the guest PCI bus after the migration. Signed-off-by: Yuri Benditovich <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 348e354 - Browse repository at this point
Copy the full SHA 348e354View commit details -
When the vhost-user reconnect to the backend, the notifer should be cleanup. Otherwise, the fd resource will be exhausted. Fixes: f9a09ca ("vhost: add support for configure interrupt") Signed-off-by: Li Feng <[email protected]> Reviewed-by: Raphael Norwitz <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Tested-by: Fiona Ebner <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 18f2971 - Browse repository at this point
Copy the full SHA 18f2971View commit details -
hw/i386/intel_iommu: Fix trivial endianness problems
After reading the guest memory with dma_memory_read(), we have to make sure that we byteswap the little endian data to the host's byte order. Signed-off-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Peter Xu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cc2a084 - Browse repository at this point
Copy the full SHA cc2a084View commit details -
hw/i386/intel_iommu: Fix endianness problems related to VTD_IR_TableE…
…ntry The code already tries to do some endianness handling here, but currently fails badly: - While it already swaps the data when logging errors / tracing, it fails to byteswap the value before e.g. accessing entry->irte.present - entry->irte.source_id is swapped with le32_to_cpu(), though this is a 16-bit value - The whole union is apparently supposed to be swapped via the 64-bit data[2] array, but the struct is a mixture between 32 bit values (the first 8 bytes) and 64 bit values (the second 8 bytes), so this cannot work as expected. Fix it by converting the struct to two proper 64-bit bitfields, and by swapping the values only once for everybody right after reading the data from memory. Signed-off-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Peter Xu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 642ba89 - Browse repository at this point
Copy the full SHA 642ba89View commit details -
hw/i386/intel_iommu: Fix struct VTDInvDescIEC on big endian hosts
On big endian hosts, we need to reverse the bitfield order in the struct VTDInvDescIEC, just like it is already done for the other bitfields in the various structs of the intel-iommu device. Signed-off-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Peter Xu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4572b22 - Browse repository at this point
Copy the full SHA 4572b22View commit details -
hw/i386/intel_iommu: Fix index calculation in vtd_interrupt_remap_msi()
The values in "addr" are populated locally in this function in host endian byte order, so we must not swap the index_l field here. Signed-off-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Peter Xu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fcd8027 - Browse repository at this point
Copy the full SHA fcd8027View commit details -
hw/i386/x86-iommu: Fix endianness issue in x86_iommu_irq_to_msi_messa…
…ge() The values in "msg" are assembled in host endian byte order (the other field are also not swapped), so we must not swap the __addr_head here. Signed-off-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Peter Xu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 37cf5ce - Browse repository at this point
Copy the full SHA 37cf5ceView commit details -
include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big end…
…ian hosts The first bitfield here is supposed to be used as a 64-bit equivalent to the "uint64_t msi_addr" in the union. To make this work correctly on big endian hosts, too, the __addr_hi field has to be part of the bitfield, and the the bitfield members must be declared with "uint64_t" instead of "uint32_t" - otherwise the values are placed in the wrong bytes on big endian hosts. Same applies to the 32-bit "msi_data" field: __resved1 must be part of the bitfield, and the members must be declared with "uint32_t" instead of "uint16_t". Signed-off-by: Thomas Huth <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Peter Xu <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e1e56c0 - Browse repository at this point
Copy the full SHA e1e56c0View commit details -
virtio-crypto: verify src&dst buffer length for sym request
For symmetric algorithms, the length of ciphertext must be as same as the plaintext. The missing verification of the src_len and the dst_len in virtio_crypto_sym_op_helper() may lead buffer overflow/divulged. This patch is originally written by Yiming Tao for QEMU-SECURITY, resend it(a few changes of error message) in qemu-devel. Fixes: CVE-2023-3180 Fixes: 04b9b37("virtio-crypto: add data queue processing handler") Cc: Gonglei <[email protected]> Cc: Mauro Matteo Cascella <[email protected]> Cc: Yiming Tao <[email protected]> Signed-off-by: zhenwei pi <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9d38a84 - Browse repository at this point
Copy the full SHA 9d38a84View commit details -
cryptodev: Handle unexpected request to avoid crash
Generally guest side should discover which services the device is able to offer, then do requests on device. However it's also possible to break this rule in a guest. Handle unexpected request here to avoid NULL pointer dereference. Fixes: e7a775f ('cryptodev: Account statistics') Cc: Gonglei <[email protected]> Cc: Mauro Matteo Cascella <[email protected]> Cc: Xiao Lei <[email protected]> Cc: Yongkang Jia <[email protected]> Reported-by: Yiming Tao <[email protected]> Signed-off-by: zhenwei pi <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 15b11a1 - Browse repository at this point
Copy the full SHA 15b11a1View commit details -
target/hppa: Move iaoq registers and thus reduce generated code size
On hppa the Instruction Address Offset Queue (IAOQ) registers specifies the next to-be-executed instructions addresses. Each generated TB writes those registers at least once, so those registers are used heavily in generated code. Looking at the generated assembly, for a x86-64 host this code to write the address $0x7ffe826f into iaoq_f is generated: 0x7f73e8000184: c7 85 d4 01 00 00 6f 82 movl $0x7ffe826f, 0x1d4(%rbp) 0x7f73e800018c: fe 7f 0x7f73e800018e: c7 85 d8 01 00 00 73 82 movl $0x7ffe8273, 0x1d8(%rbp) 0x7f73e8000196: fe 7f With the trivial change, by moving the variables iaoq_f and iaoq_b to the top of struct CPUArchState, the offset to %rbp is reduced (from 0x1d4 to 0), which allows the x86-64 tcg to generate 3 bytes less of generated code per move instruction: 0x7fc1e800018c: c7 45 00 6f 82 fe 7f movl $0x7ffe826f, (%rbp) 0x7fc1e8000193: c7 45 04 73 82 fe 7f movl $0x7ffe8273, 4(%rbp) Overall this is a reduction of generated code (not a reduction of number of instructions). A test run with checks the generated code size by running "/bin/ls" with qemu-user shows that the code size shrinks from 1616767 to 1569273 bytes, which is ~97% of the former size. Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Helge Deller <[email protected]> Cc: [email protected]
Configuration menu - View commit details
-
Copy full SHA for f8c0fd9 - Browse repository at this point
Copy the full SHA f8c0fd9View commit details
Commits on Aug 4, 2023
-
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/m…
…st/qemu into staging pc,pci,virtio,crypto: bugfixes fixes all over the place. Signed-off-by: Michael S. Tsirkin <[email protected]> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmTMJ90PHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRprTAH/1YxxP9Dhn71BjkwGQ18SmpNp0wlmP9GRJEy # 7aQNO7ativ8njAX1fLEo0ZRJ5qX1MCw+/ZuEvIUZD+0biwimsVCPjWVLs3Q8geUs # LzQWuvUoRGp136BtaZUrlS/cWr8TQY+4/lyK/xOBUOiI+5AP1Yi7eL9162RDQR3D # cV/0eH8QNY+93n+VnyFY6Y55YnHyH9EBkxdtnVkt7NOCms4qMRf9IBiWOMaktp4w # iTfvOfKbTCKhWDsNWIJEJUtWItRFp6OIRdO3KoMXBHuE8S/0C19fc2eBfbeN/bUK # I5b4xO181ibzoPGWkDfLYi1wFfvGDDxFe119EzvDKU8dDtNFBoY= # =FRdM # -----END PGP SIGNATURE----- # gpg: Signature made Thu 03 Aug 2023 03:19:09 PM PDT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "[email protected]" # gpg: Good signature from "Michael S. Tsirkin <[email protected]>" [undefined] # gpg: aka "Michael S. Tsirkin <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (22 commits) cryptodev: Handle unexpected request to avoid crash virtio-crypto: verify src&dst buffer length for sym request include/hw/i386/x86-iommu: Fix struct X86IOMMU_MSIMessage for big endian hosts hw/i386/x86-iommu: Fix endianness issue in x86_iommu_irq_to_msi_message() hw/i386/intel_iommu: Fix index calculation in vtd_interrupt_remap_msi() hw/i386/intel_iommu: Fix struct VTDInvDescIEC on big endian hosts hw/i386/intel_iommu: Fix endianness problems related to VTD_IR_TableEntry hw/i386/intel_iommu: Fix trivial endianness problems vhost: fix the fd leak pci: do not respond config requests after PCI device eject virtio: Fix packed virtqueue used_idx mask hw/virtio: qmp: add RING_RESET to 'info virtio-status' tests: acpi: update expected blobs acpi: x86: remove _ADR on host bridges tests: acpi: whitelist expected blobs tests: acpi: x86: update expected blobs x86: acpi: workaround Windows not handling name references in Package properly tests: acpi: x86: whitelist expected blobs hw/virtio: Add a protection against duplicate vu_scmi_stop calls virtio-iommu: Standardize granule extraction and formatting ... Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a089a73 - Browse repository at this point
Copy the full SHA a089a73View commit details -
Merge tag 'hppa-linux-user-speedup-pull-request' of https://github.co…
…m/hdeller/qemu-hppa into staging Generated code size reduction with linux-user for hppa Would you please consider pulling this trivial fix, which reduces the generated code on x86 by ~3% when running linux-user with the hppa target? Thanks, Helge # -----BEGIN PGP SIGNATURE----- # # iHUEABYKAB0WIQS86RI+GtKfB8BJu973ErUQojoPXwUCZMwriQAKCRD3ErUQojoP # X0oxAQC7HlQ4j23o4ylqbXTiZdOeY26TjWTlw38OkuSXcqgCMAD/UmwEDawEGTKv # SuRjrASdFzpjvjDss2nreahL9hGvrAI= # =eoAk # -----END PGP SIGNATURE----- # gpg: Signature made Thu 03 Aug 2023 03:34:49 PM PDT # gpg: using EDDSA key BCE9123E1AD29F07C049BBDEF712B510A23A0F5F # gpg: Good signature from "Helge Deller <[email protected]>" [unknown] # gpg: aka "Helge Deller <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 4544 8228 2CD9 10DB EF3D 25F8 3E5F 3D04 A7A2 4603 # Subkey fingerprint: BCE9 123E 1AD2 9F07 C049 BBDE F712 B510 A23A 0F5F * tag 'hppa-linux-user-speedup-pull-request' of https://github.com/hdeller/qemu-hppa: target/hppa: Move iaoq registers and thus reduce generated code size Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c26d005 - Browse repository at this point
Copy the full SHA c26d005View commit details -
target/i386: Check CR0.TS before enter_mmx
When CR0.TS=1, execution of x87 FPU, MMX, and some SSE instructions will cause a Device Not Available (DNA) exception (#NM). System software uses this exception event to lazily context switch FPU state. Before this patch, enter_mmx helpers may be generated just before #NM generation, prematurely resetting FPU state before the guest has a chance to save it. Signed-off-by: Matt Borgerson <[email protected]> Message-ID: <CADc=-s5F10muEhLs4f3mxqsEPAHWj0XFfOC2sfFMVHrk9fcpMg@mail.gmail.com> Cc: [email protected] Signed-off-by: Paolo Bonzini <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b2ea645 - Browse repository at this point
Copy the full SHA b2ea645View commit details -
ci: install meson in CirrusCI KVM build environment
scripts/archive-source.sh needs meson in order to download the subprojects, therefore meson needs to be part of the host environment in which VM-based build jobs run. Fixes: 2019cab ("meson: subprojects: replace submodules with wrap files", 2023-06-06) Reported-by: Daniel P. Berrangé <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d9ab1f1 - Browse repository at this point
Copy the full SHA d9ab1f1View commit details -
ppc/pegasos2: Fix reset state of USB functions
The original non-free board firmware sets the command register of the USB functions to 7 and some guests rely on this for working USB. Match what the board firmware does when using VOF instead. Signed-off-by: BALATON Zoltan <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Message-ID: <06a2b864431425f23d1f2b5abf0c027819ac11c6.1689725688.git.balaton@eik.bme.hu> Signed-off-by: Daniel Henrique Barboza <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 19ac7b2 - Browse repository at this point
Copy the full SHA 19ac7b2View commit details -
ppc/pegasos2: Fix reg property of ROM BARs
The register offset of the ROM BAR is 0x30 not 0x28. This fixes the reg property entry of the ROM region in the device tree. Signed-off-by: BALATON Zoltan <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Message-ID: <6abd73b1211f9d0776dfa5d71d6294f17eecb426.1689725688.git.balaton@eik.bme.hu> Signed-off-by: Daniel Henrique Barboza <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for aa11334 - Browse repository at this point
Copy the full SHA aa11334View commit details -
ppc/pegasos2: Fix naming of device tree nodes
The board firmware names devices by their class so match that for common devices. Also make sure the /rtas node has a name. This is needed because VOF otherwise does not include it in results got by nextprop which is how AmigaOS queries it and fails if no name property is found. Signed-off-by: BALATON Zoltan <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Message-ID: <808ade37aa141563d1ee349254151672bf7a5d59.1689725688.git.balaton@eik.bme.hu> Signed-off-by: Daniel Henrique Barboza <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 889dd6c - Browse repository at this point
Copy the full SHA 889dd6cView commit details -
ppc/pegasos2: Fix reg property of 64 bit BARs in device tree
The board firmware handles this correctly following the Open Firmware standard which we missed. This fixes 64 bit BARs when using VOF. Signed-off-by: BALATON Zoltan <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Message-ID: <[email protected]> Signed-off-by: Daniel Henrique Barboza <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6b6d4c1 - Browse repository at this point
Copy the full SHA 6b6d4c1View commit details -
target/ppc: Implement ASDR register for ISA v3.0 for HPT
The ASDR register was introduced in ISA v3.0. It has not been implemented for HPT. With HPT, ASDR is the format of the slbmte RS operand (containing VSID), which matches the ppc_slb_t field. Fixes: 3367c62 ("target/ppc: Support for POWER9 native hash") Signed-off-by: Nicholas Piggin <[email protected]> Reviewed-by: Cédric Le Goater <[email protected]> Message-ID: <[email protected]> Signed-off-by: Daniel Henrique Barboza <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9201af0 - Browse repository at this point
Copy the full SHA 9201af0View commit details -
target/ppc: Fix pending HDEC when entering PM state
HDEC is defined to not wake from PM state. There is a check in the HDEC timer to avoid setting the interrupt if we are in a PM state, but no check on PM entry to lower HDEC if it already fired. This can cause a HDECR wake up and QEMU abort with unsupported exception in Power Save mode. Fixes: 4b236b6 ("ppc: Initial HDEC support") Signed-off-by: Nicholas Piggin <[email protected]> Reviewed-by: Cédric Le Goater <[email protected]> Message-ID: <[email protected]> Signed-off-by: Daniel Henrique Barboza <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9915dac - Browse repository at this point
Copy the full SHA 9915dacView commit details -
target/ppc: Fix VRMA page size for ISA v3.0
Until v2.07s, the VRMA page size (L||LP) was encoded in LPCR[VRMASD]. In v3.0 that moved to the partition table PS field. The powernv machine can now run KVM HPT guests on POWER9/10 CPUs with this fix and the patch to add ASDR. Fixes: 3367c62 ("target/ppc: Support for POWER9 native hash") Signed-off-by: Nicholas Piggin <[email protected]> Reviewed-by: Cédric Le Goater <[email protected]> Message-ID: <[email protected]> Signed-off-by: Daniel Henrique Barboza <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0e2a3ec - Browse repository at this point
Copy the full SHA 0e2a3ecView commit details -
Merge tag 'pull-ppc-20230804' of https://gitlab.com/danielhb/qemu int…
…o staging ppc patch queue for 2023-08-04: This queue contains target/ppc register and VRMA fixes for 8.1. pegasos2 fixes are also included. # -----BEGIN PGP SIGNATURE----- # # iIwEABYKADQWIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCZM0YohYcZGFuaWVsaGI0 # MTNAZ21haWwuY29tAAoJEDzZypbeAzFkuqAA/0QrRC8agLbSw1b8pN7bR9Yweqk8 # VKFotbyAH4QKO42KAP9GNeHU8iUcKk4l9eWip75mvwUsrLP/8INFWNGv1t76AQ== # =5m4V # -----END PGP SIGNATURE----- # gpg: Signature made Fri 04 Aug 2023 08:26:26 AM PDT # gpg: using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164 # gpg: issuer "[email protected]" # gpg: Good signature from "Daniel Henrique Barboza <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 17EB FF99 23D0 1800 AF28 3819 3CD9 CA96 DE03 3164 * tag 'pull-ppc-20230804' of https://gitlab.com/danielhb/qemu: target/ppc: Fix VRMA page size for ISA v3.0 target/ppc: Fix pending HDEC when entering PM state target/ppc: Implement ASDR register for ISA v3.0 for HPT ppc/pegasos2: Fix reg property of 64 bit BARs in device tree ppc/pegasos2: Fix naming of device tree nodes ppc/pegasos2: Fix reg property of ROM BARs ppc/pegasos2: Fix reset state of USB functions Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 71934cf - Browse repository at this point
Copy the full SHA 71934cfView commit details -
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* fix VM build jobs on CirrusCI * fix MMX instructions clobbering x87 state before raising #NM # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmTM6KwUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroOpMAf/TcfaZt5bffmcnvGmrOBGQfvt1KNM # QYhsNMZr3fyWoI7DpNgWg60P1iQ/2YgcTOjrH1yoKWnvxZqut4ZKyfxIbdnK84ns # J4Q5YfUmzrd7cf+HyfPaiMdfcuZE1wGxMpLWNFtNOWutr5Dq95rOUnuiWaja05bH # XUxwud3Jl1LWxmDIJaFs8fC+7q4s0le9S0Ws1KjejMiKs2epcTZW+5kS0jfRuLcB # Sxx4oABWEhGA4CY+W+rf59SOrgsb7ySkRZjoQyj30pD61O+UJ3unhWDgLMQau6oT # 2cP0Cv08PwhJQNByfOc6N+RH7CbPxsIBcainJ2Mf/b5oPoV5m/Kdlx5PzA== # =+Im7 # -----END PGP SIGNATURE----- # gpg: Signature made Fri 04 Aug 2023 05:01:48 AM PDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "[email protected]" # gpg: Good signature from "Paolo Bonzini <[email protected]>" [undefined] # gpg: aka "Paolo Bonzini <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: ci: install meson in CirrusCI KVM build environment target/i386: Check CR0.TS before enter_mmx Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6db03cc - Browse repository at this point
Copy the full SHA 6db03ccView commit details
Commits on Aug 5, 2023
-
accel/tcg: Adjust parameters and locking with do_{ld,st}_mmio_*
Replace MMULookupPageData* with CPUTLBEntryFull, addr, size. Move QEMU_IOTHREAD_LOCK_GUARD to the caller. This simplifies the usage from do_ld16_beN and do_st16_leN, where we weren't locking the entire operation, and required hoop jumping for passing addr and size. Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1966855 - Browse repository at this point
Copy the full SHA 1966855View commit details -
accel/tcg: Issue wider aligned i/o in do_{ld,st}_mmio_*
If the address and size are aligned, send larger chunks to the memory subsystem. This will be required to make more use of these helpers. Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 190aba8 - Browse repository at this point
Copy the full SHA 190aba8View commit details -
accel/tcg: Do not issue misaligned i/o
In the single-page case we were issuing misaligned i/o to the memory subsystem, which does not handle it properly. Split such accesses via do_{ld,st}_mmio_*. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1800 Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f7eaf9d - Browse repository at this point
Copy the full SHA f7eaf9dView commit details
Commits on Aug 6, 2023
-
accel/tcg: Call save_iotlb_data from io_readx as well
Apply save_iotlb_data() to io_readx() as well as to io_writex(). This fixes SEGFAULT on qemu_plugin_hwaddr_phys_addr() call plugins for addresses inside of MMIO region. Signed-off-by: Dmitriy Solovev <[email protected]> Signed-off-by: Mikhail Tyutin <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c30d0b8 - Browse repository at this point
Copy the full SHA c30d0b8View commit details -
gdbstub: use 0 ("any process") on packets with no PID
Previously, qemu-user would always report PID 1 to GDB. This was changed at dc14a7a (gdbstub: Report the actual qemu-user pid, 2023-06-30), but read_thread_id() still considers GDB packets with "no PID" as "PID 1", which is not the qemu-user PID. Fix that by parsing "no PID" as "0", which the GDB Remote Protocol defines as "any process". Note that this should have no effect for system emulation as, in this case, gdb_create_default_process() will assign PID 1 for the first process and that is what the gdbstub uses for GDB requests with no PID, or PID 0. This issue was found with hexagon-lldb, which sends a "Hg" packet with only the thread-id, but no process-id, leading to the invalid usage of "PID 1" by qemu-hexagon and a subsequent "E22" reply. Signed-off-by: Matheus Tavares Bernardino <[email protected]> Acked-by: Ilya Leoshkevich <[email protected]> Message-Id: <78a3b06f6ab90a7ff8e73ae14a996eb27ec76c85.1690904195.git.quic_mathbern@quicinc.com> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6c78de6 - Browse repository at this point
Copy the full SHA 6c78de6View commit details -
configure: Fix linux-user host detection for riscv64
Mirror the host_arch variable from meson.build, so that we probe for the correct linux-user/include/host/ directory. Fixes: e3e477c ("configure: Fix cross-building for RISCV host") Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 89e5b79 - Browse repository at this point
Copy the full SHA 89e5b79View commit details -
linux-user/elfload: Set V in ELF_HWCAP for RISC-V
Set V bit for hwcap if misa is set. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1793 Signed-off-by: Nathan Egge <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Tested-by: Daniel Henrique Barboza <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4333f09 - Browse repository at this point
Copy the full SHA 4333f09View commit details -
linux-user: Unset MAP_FIXED_NOREPLACE for host
Passing MAP_FIXED_NOREPLACE to host will fail for reserved_va because the address space is reserved with mmap. Replace it with MAP_FIXED in that case. Signed-off-by: Akihiko Odaki <[email protected]> Message-Id: <[email protected]> [rth: Expand inline commentary.] Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c3dd50d - Browse repository at this point
Copy the full SHA c3dd50dView commit details -
linux-user: Fix MAP_FIXED_NOREPLACE on old kernels
The man page states: > Note that older kernels which do not recognize the MAP_FIXED_NOREPLACE > flag will typically (upon detecting a collision with a preexisting > mapping) fall back to a “non-MAP_FIXED” type of behavior: they will > return an address that is different from the requested address. > Therefore, backward-compatible software should check the returned > address against the requested address. https://man7.org/linux/man-pages/man2/mmap.2.html Signed-off-by: Akihiko Odaki <[email protected]> Message-Id: <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ddcdd8c - Browse repository at this point
Copy the full SHA ddcdd8cView commit details -
linux-user: Do not call get_errno() in do_brk()
Later the returned value is compared with -1, and negated errno is not expected. Fixes: 00faf08 ("linux-user: Don't use MAP_FIXED in do_brk()") Reviewed-by: Helge Deller <[email protected]> Signed-off-by: Akihiko Odaki <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c6cc059 - Browse repository at this point
Copy the full SHA c6cc059View commit details -
linux-user: Use MAP_FIXED_NOREPLACE for do_brk()
MAP_FIXED_NOREPLACE can ensure the mapped address is fixed without concerning that the new mapping overwrites something else. Signed-off-by: Akihiko Odaki <[email protected]> Message-Id: <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e69e032 - Browse repository at this point
Copy the full SHA e69e032View commit details -
linux-user: Do nothing if too small brk is specified
Linux 6.4.7 does nothing when a value smaller than the initial brk is specified. Fixes: 86f0473 ("linux-user: Fix brk() to release pages") Reviewed-by: Helge Deller <[email protected]> Signed-off-by: Akihiko Odaki <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cb9d5d1 - Browse repository at this point
Copy the full SHA cb9d5d1View commit details -
linux-user: Do not align brk with host page size
do_brk() minimizes calls into target_mmap() by aligning the address with host page size, which is potentially larger than the target page size. However, the current implementation of this optimization has two bugs: - The start of brk is rounded up with the host page size while brk advertises an address aligned with the target page size as the beginning of brk. This makes the beginning of brk unmapped. - Content clearing after mapping is flawed. The size to clear is specified as HOST_PAGE_ALIGN(brk_page) - brk_page, but brk_page is aligned with the host page size so it is always zero. This optimization actually has no practical benefit. It makes difference when brk() is called multiple times with values in a range of the host page size. However, sophisticated memory allocators try to avoid to make such frequent brk() calls. For example, glibc 2.37 calls brk() to shrink the heap only when there is a room more than 128 KiB. It is rare to have a page size larger than 128 KiB if it happens. Let's remove the optimization to fix the bugs and make the code simpler. Fixes: 86f0473 ("linux-user: Fix brk() to release pages") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1616 Signed-off-by: Akihiko Odaki <[email protected]> Message-Id: <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2aea137 - Browse repository at this point
Copy the full SHA 2aea137View commit details -
linux-user: Properly set image_info.brk in flatload
The heap starts at "brk" not "start_brk". With this fixed, image_info.start_brk is unused and may be removed. Tested-by: Helge Deller <[email protected]> Reviewed-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0662a62 - Browse repository at this point
Copy the full SHA 0662a62View commit details -
This variable is unused. Reviewed-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 62cbf08 - Browse repository at this point
Copy the full SHA 62cbf08View commit details -
This variable is unused. Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3c4a8a8 - Browse repository at this point
Copy the full SHA 3c4a8a8View commit details -
Merge tag 'pull-tcg-20230806-3' of https://gitlab.com/rth7680/qemu in…
…to staging accel/tcg: Do not issue misaligned i/o accel/tcg: Call save_iotlb_data from io_readx gdbstub: use 0 ("any process") on packets with no PID linux-user: Fixes for MAP_FIXED_NOREPLACE linux-user: Fixes for brk linux-user: Set V in ELF_HWCAP for RISC-V *-user: Remove last_brk as unused # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTQMPsdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/rmQf/az6d6X4iom0Hch19 # U4BkoNP7NQB2Rue/avjP6Vy6yATDEPgIA5vcPcub+jYsCyEasRRCD1d4odxZp7Cr # MLoeX6dC+iGg0N7i3S1DSpZBqsRv/4+YE5ibPjYnZlv0F7re1L89yw4doj5OPN1w # 1p8bpTxA2+s/FOxgfKLSyZR4yMJ4jWKeH+em6qjEBXEAMSiE6u0S+Kt3bAO8amdo # 86e5d16F4sjs4kXMTEp9myNoXN/aRsWd1stzebQK+uV6qQQsdkIkMLZmZ8+o158A # QEuWpV8yoMxhXUsnjkNGbL5S3r2WDJpM6WbWxtjs1xOAaygYCOicXh+sqRefgyH/ # 0NQQRw== # =4I5/ # -----END PGP SIGNATURE----- # gpg: Signature made Sun 06 Aug 2023 04:47:07 PM PDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "[email protected]" # gpg: Good signature from "Richard Henderson <[email protected]>" [ultimate] * tag 'pull-tcg-20230806-3' of https://gitlab.com/rth7680/qemu: bsd-user: Remove last_brk linux-user: Remove last_brk linux-user: Properly set image_info.brk in flatload linux-user: Do not align brk with host page size linux-user: Do nothing if too small brk is specified linux-user: Use MAP_FIXED_NOREPLACE for do_brk() linux-user: Do not call get_errno() in do_brk() linux-user: Fix MAP_FIXED_NOREPLACE on old kernels linux-user: Unset MAP_FIXED_NOREPLACE for host linux-user/elfload: Set V in ELF_HWCAP for RISC-V configure: Fix linux-user host detection for riscv64 gdbstub: use 0 ("any process") on packets with no PID accel/tcg: Call save_iotlb_data from io_readx as well accel/tcg: Do not issue misaligned i/o accel/tcg: Issue wider aligned i/o in do_{ld,st}_mmio_* accel/tcg: Adjust parameters and locking with do_{ld,st}_mmio_* Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9400601 - Browse repository at this point
Copy the full SHA 9400601View commit details
Commits on Aug 7, 2023
-
hw/nvme: fix oob memory read in fdp events log
As reported by Trend Micro's Zero Day Initiative, an oob memory read vulnerability exists in nvme_fdp_events(). The host-provided offset is not verified. Fix this. This is only exploitable when Flexible Data Placement mode (fdp=on) is enabled. Fixes: CVE-2023-4135 Fixes: 73064ed ("hw/nvme: flexible data placement emulation") Reported-by: Trend Micro's Zero Day Initiative Signed-off-by: Klaus Jensen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ecb1b7b - Browse repository at this point
Copy the full SHA ecb1b7bView commit details -
hw/nvme: fix compliance issue wrt. iosqes/iocqes
As of prior to this patch, the controller checks the value of CC.IOCQES and CC.IOSQES prior to enabling the controller. As reported by Ben in GitLab issue #1691, this is not spec compliant. The controller should only check these values when queues are created. This patch moves these checks to nvme_create_cq(). We do not need to check it in nvme_create_sq() since that will error out if the completion queue is not already created. Also, since the controller exclusively supports SQEs of size 64 bytes and CQEs of size 16 bytes, hard code that. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1691 Signed-off-by: Klaus Jensen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6a33f2e - Browse repository at this point
Copy the full SHA 6a33f2eView commit details -
hw/i2c: Fix bitbang_i2c_data trace event
The clock and data values were logged swapped. Correct the trace event text to match what is logged. Also fix a typo in a comment nearby. Signed-off-by: BALATON Zoltan <[email protected]> Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8ada214 - Browse repository at this point
Copy the full SHA 8ada214View commit details -
Signed-off-by: Michael Tokarev <[email protected]>
Michael Tokarev committedAug 7, 2023 Configuration menu - View commit details
-
Copy full SHA for beb1a91 - Browse repository at this point
Copy the full SHA beb1a91View commit details -
Fixed incorrect LLONG alignment for openrisc and cris
OpenRISC (or1k) has long long alignment to 4 bytes, but currently not defined in abitypes.h. This lead to incorrect packing of /epoll_event/ structure and eventually infinite loop while waiting for file descriptor[s] event[s]. Fixed also CRIS alignments (1 byte for all types). Signed-off-by: Luca Bonissi <[email protected]> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1770 Reviewed-by: Thomas Huth <[email protected]> Signed-off-by: Michael Tokarev <[email protected]>
Luca Bonissi authored and Michael Tokarev committedAug 7, 2023 Configuration menu - View commit details
-
Copy full SHA for 6ee9608 - Browse repository at this point
Copy the full SHA 6ee9608View commit details -
chardev: report the handshake error
This can help to debug connection issues. Related to: https://bugzilla.redhat.com/show_bug.cgi?id=2196182 Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Message-Id: <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 81cd34a - Browse repository at this point
Copy the full SHA 81cd34aView commit details -
virtio-gpu: free BHs, by implementing unrealize
Acked-by: Dongwon Kim <[email protected]> Signed-off-by: Marc-André Lureau <[email protected]> Message-Id: <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 957d778 - Browse repository at this point
Copy the full SHA 957d778View commit details -
virtio-gpu: reset gfx resources in main thread
Calling OpenGL from different threads can have bad consequences if not carefully reviewed. It's not generally supported. In my case, I was debugging a crash in glDeleteTextures from OPENGL32.DLL, where I asked qemu for gl=es, and thus ANGLE implementation was expected. libepoxy did resolution of the global pointer for glGenTexture to the GLES version from the main thread. But it resolved glDeleteTextures to the GL version, because it was done from a different thread without correct context. Oops. Let's stick to the main thread for GL calls by using a BH. Note: I didn't use atomics for reset_finished check, assuming the BQL will provide enough of sync, but I might be wrong. Acked-by: Dongwon Kim <[email protected]> Signed-off-by: Marc-André Lureau <[email protected]> Message-Id: <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a41e2d9 - Browse repository at this point
Copy the full SHA a41e2d9View commit details -
dump: kdump-zlib data pages not dumped with pvtime/aarch64
The kdump-zlib data pages are not dumped from aarch64 host when the 'pvtime' is involved, that is, when the block->target_end is not aligned to page_size. In the below example, it is expected to dump two blocks. (qemu) info mtree -f ... ... 00000000090a0000-00000000090a0fff (prio 0, ram): pvtime KVM ... ... 0000000040000000-00000001bfffffff (prio 0, ram): mach-virt.ram KVM ... ... However, there is an issue with get_next_page() so that the pages for "mach-virt.ram" will not be dumped. At line 1296, although we have reached at the end of the 'pvtime' block, since it is not aligned to the page_size (e.g., 0x10000), it will not break at line 1298. 1255 static bool get_next_page(GuestPhysBlock **blockptr, uint64_t *pfnptr, 1256 uint8_t **bufptr, DumpState *s) ... ... 1294 memcpy(buf + addr % page_size, hbuf, n); 1295 addr += n; 1296 if (addr % page_size == 0) { 1297 /* we filled up the page */ 1298 break; 1299 } As a result, get_next_page() will continue to the next block ("mach-virt.ram"). Finally, when get_next_page() returns to the caller: - 'pfnptr' is referring to the 'pvtime' - but 'blockptr' is referring to the "mach-virt.ram" When get_next_page() is called the next time, "*pfnptr += 1" still refers to the prior 'pvtime'. It will exit immediately because it is out of the range of the current "mach-virt.ram". The fix is to break when it is time to come to the next block, so that both 'pfnptr' and 'blockptr' refer to the same block. Fixes: 94d7884 ("dump: fix kdump to work over non-aligned blocks") Cc: Joe Jin <[email protected]> Signed-off-by: Dongli Zhang <[email protected]> Reviewed-by: Marc-André Lureau <[email protected]> Message-ID: <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8a64609 - Browse repository at this point
Copy the full SHA 8a64609View commit details -
hw/i386/vmmouse:add relative packet flag for button status
The buttons value use macros instead of direct numbers. If request relative mode, have to add this for guest vmmouse driver to judge this is a relative packet. otherwise,vmmouse driver will not match the condition 'status & VMMOUSE_RELATIVE_PACKET', and can't report events on the correct(relative) input device, result to relative mode unuseful. Signed-off-by: Zongmin Zhou<[email protected]> Message-ID: <[email protected]> Reviewed-by: Marc-André Lureau <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for fdd6495 - Browse repository at this point
Copy the full SHA fdd6495View commit details -
ui/gtk: set scanout mode in gd_egl/gd_gl_area_scanout_texture
Fixing a regression (black screen) caused by a commit 92b5815 ("ui/gtk: set scanout-mode right before scheduling draw"). The commit 92b5815 was made with an assumption that the scanout mode needs to be set only if the guest scanout is a dmabuf but there are cases (e.g. virtio-gpu-virgl) where the scanout is still processed in a form of a texture but is not backed by dmabuf. So it is needed to put back the line that sets scanout mode in gd_egl_scanout_texture and gd_gl_area_scanout_texture. Fixes: 92b5815 ("ui/gtk: set scanout-mode right before scheduling draw) Reported-by: Volker Rümelin <[email protected]> Cc: Gerd Hoffmann <[email protected]> Cc: Marc-André Lureau <[email protected]> Cc: Vivek Kasireddy <[email protected]> Signed-off-by: Dongwon Kim <[email protected]> Reviewed-by: Marc-André Lureau <[email protected]> Message-ID: <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 58ea90f - Browse repository at this point
Copy the full SHA 58ea90fView commit details -
Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu…
… into staging hw/nvme fixes - two fixes for hw/nvme # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTQ2y4ACgkQTeGvMW1P # DenpWQf/WFgEljzgTcgxlfZhCyzWGwVNgKqRxlTuF6ELqm8BajCuCeA5ias6AXOr # x/gZ0VqrL91L5tRIH5Q0sdC+HBFC1yMs66jopdzc1oL1eYu1HTrLIqMDtkXp/K/P # PyGah2t4qEMtacSkad+hmB68ViUkkmhkxrWYIeufUQTfLNF5pBqNvB1kQON3jmXE # a1jI/PabYxi8Km0rfFJD6SUGmL9+m7MY/SyZAy+4EZZ1OEnp5jb3o9lbdwbhIU5e # dRX4NW4BEDiOJeIcNVDiQkXv2/Lna1B51RVMvM4owpk0eRvRXMSqs2DQ5/jp/nGb # 8uChUJ0QW68I4e9ptTfxmBsr4pSktg== # =0nwp # -----END PGP SIGNATURE----- # gpg: Signature made Mon 07 Aug 2023 04:53:18 AM PDT # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <[email protected]>" [unknown] # gpg: aka "Klaus Jensen <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu: hw/nvme: fix compliance issue wrt. iosqes/iocqes hw/nvme: fix oob memory read in fdp events log Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e0e5dca - Browse repository at this point
Copy the full SHA e0e5dcaView commit details -
Merge tag 'trivial-patches-pull' of https://gitlab.com/mjt0k/qemu int…
…o staging trivial-patches for 2023-08-07 there are 3 trivial bugfixes in there, for 8.1 # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEe3O61ovnosKJMUsicBtPaxppPlkFAmTQzUsPHG1qdEB0bHMu # bXNrLnJ1AAoJEHAbT2saaT5Z438H/3MEc7pR3UllQ/9OFHR9JU8V14sCANgkEWMo # fYNoVPDli24Y5oxFnmC249YdbaO2PtLwxnarxRAXESi9r2PYjVfTMyJvkMYv0fMm # VNK2LE6Cs4pGivBhAFHvdceWlpLXVaea6jTGfoctSqXa0lMKy6ae44SbsJ8vOnPs # 9XXn+rrAtxRoaN10AKE8hRFDHaS4LIxVNhU3Y2aRijlzFRIf9kr8PGRtes56aZS1 # IOZ5YlmibgCh3ZLofj+/4NcT/l4ViKIKmUXv0mSY55VsfmVaANM98biQ55f+4lt7 # BlgI749QMuB7q+5eELOaZsDt7YTXp3Y0LLvGi7kBZIGIzUkSnXI= # =7luP # -----END PGP SIGNATURE----- # gpg: Signature made Mon 07 Aug 2023 03:54:03 AM PDT # gpg: using RSA key 7B73BAD68BE7A2C289314B22701B4F6B1A693E59 # gpg: issuer "[email protected]" # gpg: Good signature from "Michael Tokarev <[email protected]>" [undefined] # gpg: aka "Michael Tokarev <[email protected]>" [undefined] # gpg: aka "Michael Tokarev <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6EE1 95D1 886E 8FFB 810D 4324 457C E0A0 8044 65C5 # Subkey fingerprint: 7B73 BAD6 8BE7 A2C2 8931 4B22 701B 4F6B 1A69 3E59 * tag 'trivial-patches-pull' of https://gitlab.com/mjt0k/qemu: Fixed incorrect LLONG alignment for openrisc and cris stubs/colo.c: spelling hw/i2c: Fix bitbang_i2c_data trace event Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 474892a - Browse repository at this point
Copy the full SHA 474892aView commit details -
Merge tag 'fixes-pull-request' of https://gitlab.com/marcandre.lureau…
…/qemu into staging Fixes for 8.1 Hi, Here is a collection of ui, dump and chardev fixes that are worth for 8.1. thanks # -----BEGIN PGP SIGNATURE----- # # iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmTRWDscHG1hcmNhbmRy # ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5eUrD/9BvqJ87XSKchV01jji # PmA+yFyI0JSG68oYbNPYJXxkLWdRCKp6GGcT8h1yiVtGH/SVey9spxDqbV+sK0uW # FmqIcmSBbjI4A6+Mne07Iyd0QtgL9H6YNenRXDFLIXLh84HP47Dg9vfgx4AsRY7O # efcCdi43/PoJOelVfn9wIkP/8DU4pZV6IsdtdUxZ3rtu/zwjW61rLzuxtLcAoCIE # rAYiTp699NH5fKBbMzm3puK4hpaPLj4GuGPrSaWVSCcgARqi7LWpgZC5i+a6FUfS # eWzK8WkdvHIPaUPRNl70LTWPKVxJ4PdSxFlIKgiH0bnpXHBvJnO2y1v4jaiGI0y2 # WSHKJWY513zTF4B+pMdQLjNiLotkiqtAXHw5rrjPTuVHxi1N5w6Z/BvWOSAvs8V6 # ijYmjksNoqwfpbPRTyu8psLcmj3fo2UIjQ739PgLN2lfC8d+nzdx4PIIq/ybQdZZ # 7QBJGhxP33Ou8c3ok43Jz3go6w0WOKM0ucG1K1iTVxQ27leMKTO5Zsm2TShG2pMG # CY6d/dumID8+G7sho8TmtTDjC5ZBkY5e27etkS+P4p+Buc60lqDrL+u6UadxWNZ1 # 3ifsQ1PhVTRuhZUJNMcX1Qo3PuEfAOH1ZuCbvXpubHwcUr4o/ZqlVrMaJtYB3ueo # 7SX8YistmktaEeN+Y50qoiEVgg== # =ANQg # -----END PGP SIGNATURE----- # gpg: Signature made Mon 07 Aug 2023 01:46:51 PM PDT # gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5 # gpg: issuer "[email protected]" # gpg: Good signature from "Marc-André Lureau <[email protected]>" [full] # gpg: aka "Marc-André Lureau <[email protected]>" [full] * tag 'fixes-pull-request' of https://gitlab.com/marcandre.lureau/qemu: ui/gtk: set scanout mode in gd_egl/gd_gl_area_scanout_texture hw/i386/vmmouse:add relative packet flag for button status dump: kdump-zlib data pages not dumped with pvtime/aarch64 virtio-gpu: reset gfx resources in main thread virtio-gpu: free BHs, by implementing unrealize chardev: report the handshake error Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0450cf0 - Browse repository at this point
Copy the full SHA 0450cf0View commit details
Commits on Aug 8, 2023
-
hw/nvme: fix CRC64 for guard tag
The nvme CRC64 generator expects the caller to pass inverted seed value. Pass inverted crc value for metadata buffer. Cc: [email protected] Fixes: 44219b6 ("hw/nvme: 64-bit pi support") Signed-off-by: Ankit Kumar <[email protected]> Signed-off-by: Klaus Jensen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dbdb13f - Browse repository at this point
Copy the full SHA dbdb13fView commit details -
docs: update hw/nvme documentation for protection information
Add missing entry for pif ("protection information format"). Protection information size can be 8 or 16 bytes, Update the pil entry as per the NVM command set specification. Signed-off-by: Ankit Kumar <[email protected]> Signed-off-by: Klaus Jensen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ec5a138 - Browse repository at this point
Copy the full SHA ec5a138View commit details -
configure: fix detection for x32 linux-user
x32 uses the same signal handling fragments as x86_64, since host_arch is set to x86_64 when Meson runs. Remove the unnecessary forwarder and set the host_arch variable properly in configure. Reviewed-by: Richard Henderson <[email protected]> Acked-by: Ilya Leoshkevich <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Tested-by: Ilya Leoshkevich <[email protected]> Tested-by: Michael Tokarev <[email protected]> Message-ID: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f140823 - Browse repository at this point
Copy the full SHA f140823View commit details -
linux-user: cleanup unused linux-user/include/host directories
Alpha and 31-bit s390 lack the assembly fragment to handle signals occurring at the same time as system calls, so they cannot run linux-user emulation anymore. Drop the host-signal.h files for them. Signed-off-by: Paolo Bonzini <[email protected]> Acked-by: Ilya Leoshkevich <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Tested-by: Ilya Leoshkevich <[email protected]> Tested-by: Michael Tokarev <[email protected]> Message-ID: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 50a0012 - Browse repository at this point
Copy the full SHA 50a0012View commit details -
configure: unify case statements for CPU canonicalization
The CPU model has to be canonicalized to what Meson wants in the cross file, to what Linux uses for its asm-$ARCH directories, and to what QEMU uses for its user-mode emulation host/$ARCH directories. Do all three in a single case statement, and check that the Linux and QEMU directories actually exist. At a small cost in repeated lines, this ensures that there are no hidden ordering requirements between the case statements. In particular, commit 89e5b79 ("configure: Fix linux-user host detection for riscv64", 2023-08-06) broke ppc64le because it assigned host_arch based on a non-canonicalized version of $cpu. Reported-by: Joel Stanley <[email protected]> Fixes: 89e5b79 ("configure: Fix linux-user host detection for riscv64", 2023-08-06) Reviewed-by: Richard Henderson <[email protected]> Acked-by: Ilya Leoshkevich <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Tested-by: Ilya Leoshkevich <[email protected]> Tested-by: Michael Tokarev <[email protected]> Message-ID: <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 971fac2 - Browse repository at this point
Copy the full SHA 971fac2View commit details -
linux-user: Adjust task_unmapped_base for reserved_va
Ensure that the chosen values for mmap_next_start and task_unmapped_base are within the guest address space. Tested-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c8fb5cf - Browse repository at this point
Copy the full SHA c8fb5cfView commit details -
linux-user: Define TASK_UNMAPPED_BASE in $guest/target_mman.h
Provide default values that are as close as possible to the values used by the guest's kernel. Tested-by: Helge Deller <[email protected]> Reviewed-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2d70816 - Browse repository at this point
Copy the full SHA 2d70816View commit details -
linux-user: Define ELF_ET_DYN_BASE in $guest/target_mman.h
Copy each guest kernel's default value, then bound it against reserved_va or the host address space. Tested-by: Helge Deller <[email protected]> Reviewed-by: Helge Deller <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for da2b71f - Browse repository at this point
Copy the full SHA da2b71fView commit details -
linux-user: Use MAP_FIXED_NOREPLACE for initial image mmap
Use this as extra protection for the guest mapping over any qemu host mappings. Tested-by: Helge Deller <[email protected]> Reviewed-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for ad25051 - Browse repository at this point
Copy the full SHA ad25051View commit details -
linux-user: Use elf_et_dyn_base for ET_DYN with interpreter
Follow the lead of the linux kernel in fs/binfmt_elf.c, in which an ET_DYN executable which uses an interpreter (usually a PIE executable) is loaded away from where the interpreter itself will be loaded. Tested-by: Helge Deller <[email protected]> Reviewed-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1ea06de - Browse repository at this point
Copy the full SHA 1ea06deView commit details -
linux-user: Adjust initial brk when interpreter is close to executable
While we attempt to load a ET_DYN executable far away from TASK_UNMAPPED_BASE, we are not completely in control of the address space layout. If the interpreter lands close to the executable, leaving insufficient heap space, move brk. Tested-by: Helge Deller <[email protected]> Signed-off-by: Helge Deller <[email protected]> [rth: Re-order after ELF_ET_DYN_BASE patch so that we do not "temporarily break" tsan, and also to minimize the changes required. Remove image_info.reserve_brk as unused.] Reviewed-by: Akihiko Odaki <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1f356e8 - Browse repository at this point
Copy the full SHA 1f356e8View commit details -
linux-user: Do not adjust image mapping for host page size
Remove TARGET_ELF_EXEC_PAGESIZE, and 3 other TARGET_ELF_PAGE* macros based off of that. Rely on target_mmap to handle guest vs host page size mismatch. Tested-by: Helge Deller <[email protected]> Reviewed-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e3d97d5 - Browse repository at this point
Copy the full SHA e3d97d5View commit details -
linux-user: Do not adjust zero_bss for host page size
Rely on target_mmap to handle guest vs host page size mismatch. Tested-by: Helge Deller <[email protected]> Reviewed-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2d385be - Browse repository at this point
Copy the full SHA 2d385beView commit details -
linux-user: Use zero_bss for PT_LOAD with no file contents too
If p_filesz == 0, then vaddr_ef == vaddr. We can reuse the code in zero_bss rather than incompletely duplicating it in load_elf_image. Tested-by: Helge Deller <[email protected]> Reviewed-by: Helge Deller <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5f4e5b3 - Browse repository at this point
Copy the full SHA 5f4e5b3View commit details -
util/selfmap: Rewrite using qemu/interval-tree.h
We will want to be able to search the set of mappings. For this patch, the two users iterate the tree in order. Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3ce3dd8 - Browse repository at this point
Copy the full SHA 3ce3dd8View commit details -
linux-user: Remove duplicate CPU_LOG_PAGE from probe_guest_base
The proper logging for probe_guest_base is in the main function. There is no need to duplicate that in the subroutines. Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 435c042 - Browse repository at this point
Copy the full SHA 435c042View commit details -
linux-user: Consolidate guest bounds check in probe_guest_base
The three sets of checks are identical, logically. Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0c441ae - Browse repository at this point
Copy the full SHA 0c441aeView commit details -
linux-user: Rewrite fixed probe_guest_base
Create a set of subroutines to collect a set of guest addresses, all of which must be mappable on the host. Use this within the renamed pgb_fixed subroutine to validate the user's choice of guest_base specified by the -B command-line option. Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 06f38c6 - Browse repository at this point
Copy the full SHA 06f38c6View commit details -
linux-user: Rewrite non-fixed probe_guest_base
Use pgb_addr_set to probe for all of the guest addresses, not just the main executable. Handle the identity map specially and separately from the search. If /proc/self/maps is available, utilize the full power of the interval tree search, rather than a linear search through the address list. If /proc/self/maps is not available, increase the skip between probes so that we do not probe every single page of the host address space. Choose 1 MiB for 32-bit hosts (max 4k probes) and 1 GiB for 64-bit hosts (possibly a large number of probes, but the large step makes it more likely to find empty space quicker). Tested-by: Alex Bennée <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dd55885 - Browse repository at this point
Copy the full SHA dd55885View commit details -
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* cleanup architecture canonicalization once and for all # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmTSjQAUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroPc8Qf/XjwCmHzRm6VSengi5OywjeanKpO6 # yJ8mbA0tqx7DxH+ke3y0kH7QGbScnV7mh/s5SnjHDR38K0z604E773UVEk5JwtMb # b64jsaCiq0XhiPKHA0xtYo2F4W17LxIIcyG2d1Fgmngvnat3LpswXGEXJbKCnIV9 # KzgKNpCf6o+o1f/U6LaxInHbYRaDW03HSFfCHgNyYOBxgbPC/UYRuslqC8pIdp/5 # mGLhloJh/WKi8iL0Xsjl1GN/0d9UHC6bUAW+f1JjET5IjeOtdxh6hgDr9hAc3ZC+ # stTTri7pM6VeCv+lT5tSN+o7IdzpGjMXb0kozjkinoafhDfp8EvJyOdfrg== # =5Z/e # -----END PGP SIGNATURE----- # gpg: Signature made Tue 08 Aug 2023 11:44:16 AM PDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "[email protected]" # gpg: Good signature from "Paolo Bonzini <[email protected]>" [undefined] # gpg: aka "Paolo Bonzini <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: configure: unify case statements for CPU canonicalization linux-user: cleanup unused linux-user/include/host directories configure: fix detection for x32 linux-user Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cef297a - Browse repository at this point
Copy the full SHA cef297aView commit details -
Merge tag 'pull-lu-20230808' of https://gitlab.com/rth7680/qemu into …
…staging linux-user: Adjust guest image layout vs reserved_va linux-user: Do not adjust image mapping for host page size linux-user: Adjust initial brk when interpreter is close to executable util/selfmap: Rewrite using qemu/interval-tree.h linux-user: Rewrite probe_guest_base # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTSrp4dHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9lTQf/W/Tbd6CFnZpVE8Sb # BPrhdmo+x6Jftt1Ha66b/4xnasX7DuVaI1ECDh4CQQKIOh9A4LETx6ue9/UGi4vT # Fe4UrrJcAjt/CPaZhwXniJM9CvEnw1gkl3AgKAtZOBEConuPnkTiSWjySmCt3T4r # EGQxDe0HLpWYavNtvyywak/sEbwOD4hNAunFpJB6PLZ+KEoCDZwtcQdl55kg5bIt # WBMgUSXnWhC45t+26OcSDeHovqxHoA647H10T0y0U6bNVkW0tRW51xCTvHt+iDyR # s8UOCe1Q+w8F18fN68HIWBJ6NCzUts/AmQrWwc/MWiK1z91/ht5mlKAuNYnoZ6jH # htCSEA== # =ERAI # -----END PGP SIGNATURE----- # gpg: Signature made Tue 08 Aug 2023 02:07:42 PM PDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "[email protected]" # gpg: Good signature from "Richard Henderson <[email protected]>" [ultimate] * tag 'pull-lu-20230808' of https://gitlab.com/rth7680/qemu: linux-user: Rewrite non-fixed probe_guest_base linux-user: Rewrite fixed probe_guest_base linux-user: Consolidate guest bounds check in probe_guest_base linux-user: Remove duplicate CPU_LOG_PAGE from probe_guest_base util/selfmap: Rewrite using qemu/interval-tree.h linux-user: Use zero_bss for PT_LOAD with no file contents too linux-user: Do not adjust zero_bss for host page size linux-user: Do not adjust image mapping for host page size linux-user: Adjust initial brk when interpreter is close to executable linux-user: Use elf_et_dyn_base for ET_DYN with interpreter linux-user: Use MAP_FIXED_NOREPLACE for initial image mmap linux-user: Define ELF_ET_DYN_BASE in $guest/target_mman.h linux-user: Define TASK_UNMAPPED_BASE in $guest/target_mman.h linux-user: Adjust task_unmapped_base for reserved_va Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 32e07fd - Browse repository at this point
Copy the full SHA 32e07fdView commit details -
Merge tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu…
… into staging hw/nvme fixes - fix for invalid protection information calculation # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTSREoACgkQTeGvMW1P # DekH6Qf/e3gi0KloAUpbTQvGmBA6XmkJFAtOdZn7IJXVCowjYTIKU84DrdPyT1c1 # rofL4w0klKG5c4Or/Cs4dH/ASxTWaQZRlFAYxsTW3nUX74MnaFDRZcN2geb30ws7 # ryejVEKeHNWH/YYY4Ny55wO3tmy2ILAKnbiadiXhj4dQfCK1GzZnrx10PWxLNlkZ # KRhiXLNBHpPnDlrLq7/nLs+/0cMrrqEz6ISm/Ju4iUczAH/wmqEbR/yD3pAwmH07 # PCaSeegOpwscovI5TWRelOJlzIXb6D8Xk9d3dGL5x/eeN7GlkgERX4MAcNYKwe8T # JNR8y2ErTEj2nLU/juES1EpiR2gYKw== # =vJlA # -----END PGP SIGNATURE----- # gpg: Signature made Tue 08 Aug 2023 06:34:02 AM PDT # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <[email protected]>" [unknown] # gpg: aka "Klaus Jensen <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-next-pull-request' of https://gitlab.com/birkelund/qemu: docs: update hw/nvme documentation for protection information hw/nvme: fix CRC64 for guard tag Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a8fc516 - Browse repository at this point
Copy the full SHA a8fc516View commit details
Commits on Aug 9, 2023
-
qemu/osdep: Remove fallback for MAP_FIXED_NOREPLACE
In order for our emulation of MAP_FIXED_NOREPLACE to succeed within linux-user target_mmap, we require a non-zero value. This does not require host kernel support, merely the bit being defined. MAP_FIXED_NOREPLACE was added with glibc 2.28. From repology.org: Fedora 36: 2.35 CentOS 8 (RHEL-8): 2.28 Debian 11: 2.31 OpenSUSE Leap 15.4: 2.31 Ubuntu LTS 20.04: 2.31 Reported-by: Akihiko Odaki <[email protected]> Reviewed-by: Akihiko Odaki <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]> Message-Id: <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c42e77a - Browse repository at this point
Copy the full SHA c42e77aView commit details -
hw/nvme: fix null pointer access in directive receive
nvme_directive_receive() does not check if an endurance group has been configured (set) prior to testing if flexible data placement is enabled or not. Fix this. Cc: [email protected] Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1815 Fixes: 73064ed ("hw/nvme: flexible data placement emulation") Reviewed-by: Jesper Wendel Devantier <[email protected]> Signed-off-by: Klaus Jensen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6c8f845 - Browse repository at this point
Copy the full SHA 6c8f845View commit details -
hw/nvme: fix null pointer access in ruh update
The Reclaim Unit Update operation in I/O Management Receive does not verify the presence of a configured endurance group prior to accessing it. Fix this. Cc: [email protected] Fixes: 73064ed ("hw/nvme: flexible data placement emulation") Reviewed-by: Jesper Wendel Devantier <[email protected]> Signed-off-by: Klaus Jensen <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3439ba9 - Browse repository at this point
Copy the full SHA 3439ba9View commit details -
New function that rejects unsupported map types and flags. In 4b840f9 we should not have accepted MAP_SHARED_VALIDATE without actually validating the rest of the flags. Fixes: 4b840f9 ("linux-user: Populate more bits in mmap_flags_tbl") Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9ab8d07 - Browse repository at this point
Copy the full SHA 9ab8d07View commit details -
linux-user: Use ARRAY_SIZE with bitmask_transtbl
Rather than using a zero tuple to end the table, use a macro to apply ARRAY_SIZE and pass that on to the convert functions. This fixes two bugs in which the conversion functions required that both the target and host masks be non-zero in order to continue, rather than require both target and host masks be zero in order to terminate. This affected mmap_flags_tbl when the host does not support all of the flags we wish to convert (e.g. MAP_UNINITIALIZED). Mapping these flags to zero is good enough, and matches how the kernel ignores bits that are unknown. Fixes: 4b840f9 ("linux-user: Populate more bits in mmap_flags_tbl") Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for a05cee9 - Browse repository at this point
Copy the full SHA a05cee9View commit details -
tests/tcg: Disable filename test for info proc mappings
This test fails when host page size != guest page size, because qemu may not be able to directly map the file. Fixes: a634148 ("tests/tcg: Add a test for info proc mappings") Acked-by: Ilya Leoshkevich <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1b65895 - Browse repository at this point
Copy the full SHA 1b65895View commit details -
util/interval-tree: Check root for null in interval_tree_iter_first
Fix a crash in qemu-user when running cat /proc/self/maps in a chroot, where /proc isn't mounted. The problem was introduced by commit 3ce3dd8 ("util/selfmap: Rewrite using qemu/interval-tree.h") where in open_self_maps_1() the function read_self_maps() is called and which returns NULL if it can't read the hosts /proc/self/maps file. Afterwards that NULL is fed into interval_tree_iter_first() which doesn't check if the root node is NULL. Fix it by adding a check if root is NULL and return NULL in that case. Signed-off-by: Helge Deller <[email protected]> Fixes: 3ce3dd8 ("util/selfmap: Rewrite using qemu/interval-tree.h") Message-Id: <ZNOsq6Z7t/eyIG/9@p100> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 47d1e98 - Browse repository at this point
Copy the full SHA 47d1e98View commit details -
linux-user: Fix openat() emulation to correctly detect accesses to /proc
In qemu we catch accesses to files like /proc/cpuinfo or /proc/net/route and return to the guest contents which would be visible on a real system (instead what the host would show). This patch fixes a bug, where for example the accesses cat /proc////cpuinfo or cd /proc && cat cpuinfo will not be recognized by qemu and where qemu will wrongly show the contents of the host's /proc/cpuinfo file. Signed-off-by: Helge Deller <[email protected]> Reviewed-by: Daniel P. Berrangé <[email protected]> Message-Id: <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b800205 - Browse repository at this point
Copy the full SHA b800205View commit details -
Merge tag 'nvme-fixes-pull-request' of https://gitlab.com/birkelund/qemu
into staging hw/nvme: fixes # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCgAdFiEEUigzqnXi3OaiR2bATeGvMW1PDekFAmTTlmcACgkQTeGvMW1P # DemjjggAnhEvaJ4fgS9rsvtxCwtzLNc405xMpNxh6rPaxa+sL3RXPIrW6vWG13+W # VcHw8DI8EV4DzAFP919ZmTUq9/boRbgxx84bStlILUPHWol8+eGYVVfT75wFKszx # d4Vi3nyPSGlrxieSrosARqimcUDtFtDGGAxjvEcKgzhkcU3a8DVYAOmx/hdlWJJQ # KSk4h/E1pKItFbvv+w9yszsbToeZN65oIy7kQtFgx0JOULyWvEYSVygotw/AruF3 # FPQ0nrJuZ115w3cJWDszznVJ6+3EcWbD3luQc3zE1FOPp76EkAOkcnPh1XbBJrE2 # 2BsCX/XnXcZT7BWSJbEzGXLsHjqsPg== # =Zy0+ # -----END PGP SIGNATURE----- # gpg: Signature made Wed 09 Aug 2023 06:36:39 AM PDT # gpg: using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9 # gpg: Good signature from "Klaus Jensen <[email protected]>" [unknown] # gpg: aka "Klaus Jensen <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468 4272 63D5 6FC5 E55D A838 # Subkey fingerprint: 5228 33AA 75E2 DCE6 A247 66C0 4DE1 AF31 6D4F 0DE9 * tag 'nvme-fixes-pull-request' of https://gitlab.com/birkelund/qemu: hw/nvme: fix null pointer access in ruh update hw/nvme: fix null pointer access in directive receive Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c0b7823 - Browse repository at this point
Copy the full SHA c0b7823View commit details -
Merge tag 'pull-lu-20230809' of https://gitlab.com/rth7680/qemu into …
…staging linux-user: Fixes for mmap syscall emulation linux-user: Correctly detect access to /proc in openat util/interval-tree: Check root for null in interval_tree_iter_first tests/tcg: Disable filename test for info proc mappings # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTT0O4dHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV9NeQf/SGtJsvcMdPPcOt1P # ZK9fBK+gS9XzWvkquSL2wehs0ZY61u2IHznIqsFxhhmPqNTZPKb27u6Cg8DCxYdw # Hc+YMtjx2MOBv2pXTCc14XWkTsclP2jJaf2VUFIR/MowBJb7Xcgbv53PvRnCn3xT # KC80Pm6eJZFT0EkQZwHbT8doakkjyIx8JIapdNFvD6Ne0CWCKOwDK9sF5ob1Tf5g # BXyCw5ZtnCiToYw+RpBnhZ1wsInV+o/MV7FwcgrxGWB+4ovwRLknBzAggHvhz3ZO # pdCqvobBtUk88+txMX6ewIDYU9BsuOnWDR+j99MD9/kPtbgSLlRYzxJ0PAjCMG6m # xu0Tyg== # =n1TD # -----END PGP SIGNATURE----- # gpg: Signature made Wed 09 Aug 2023 10:46:22 AM PDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "[email protected]" # gpg: Good signature from "Richard Henderson <[email protected]>" [ultimate] * tag 'pull-lu-20230809' of https://gitlab.com/rth7680/qemu: linux-user: Fix openat() emulation to correctly detect accesses to /proc util/interval-tree: Check root for null in interval_tree_iter_first tests/tcg: Disable filename test for info proc mappings linux-user: Use ARRAY_SIZE with bitmask_transtbl linux-user: Split out do_mmap qemu/osdep: Remove fallback for MAP_FIXED_NOREPLACE Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e53e2e2 - Browse repository at this point
Copy the full SHA e53e2e2View commit details -
Merge tag 'or1k-pull-request-20230809' of https://github.com/stffrdhr…
…n/qemu into staging OpenRISC FPU Fix for 8.1 A patch to pass the correct exception address when handling floating point exceptions. # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEE2cRzVK74bBA6Je/xw7McLV5mJ+QFAmTT95sACgkQw7McLV5m # J+TV2g/8CTpOm2bvyFF0YmRhmTBit0kqyDcX1Shi8/2SMO4++CCpIp1mlaxdHZKe # swdOqIqJeCl3+v+z4xN3ubNMis1Gac8DmXVpVmnUoocDS6m0zM3ly9kETKjYy2vn # +GLGzOJ+GnPeQ2oApWwOyCqdCwSx2ZuIYK+FRKIx8T1pRm4Nb1gGP6nRKYAy0+C9 # aINdaQEZrFMKl8mlEuGcNmw5YDVvT6M9+KAMaNG0AzG8N9oMCo8VZpeY4z0qkZVp # forksGucRoWVZ5JWl6kzcPAxxAf49olRx0njfbbUcUlyXtsVQpNhPPsdDGAE5gLu # 8kHqtRG5OIJUvsZUaedHmJW9BsISnKqIhB7keG72xeBCYPqsKkzpWotq79I50hWY # arTvAbyEwNCPEi1kpevveuGokoKsHKr/6yJRsA2VXM5AFhIy54DkLNz6Zh8W1OGA # Nst45kSt7tQsTwxXHTHWGO6gRK/7ZtSr/afsEYZCz9vRUnb4UMeBBAuM9u0W+WYZ # +hEZivQI7AEVuFbfzCTpw96jAPg4tpJ0JzC0o3Vh/EKIZahrPdzvmBlsV15geu4/ # xa5PBWRFpySLEO/6/I9XrIux8wjQ1NHOTC6NtJkH33tu9tJ9pfmyRs+jdUiNwWyd # mMz0jvDUhjGaqUYSbXDvBLcSAIKbpXpnay2StSt0S/Enr08KU+o= # =yZi9 # -----END PGP SIGNATURE----- # gpg: Signature made Wed 09 Aug 2023 01:31:23 PM PDT # gpg: using RSA key D9C47354AEF86C103A25EFF1C3B31C2D5E6627E4 # gpg: Good signature from "Stafford Horne <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: D9C4 7354 AEF8 6C10 3A25 EFF1 C3B3 1C2D 5E66 27E4 * tag 'or1k-pull-request-20230809' of https://github.com/stffrdhrn/qemu: target/openrisc: Set EPCR to next PC on FPE exceptions Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 64d3be9 - Browse repository at this point
Copy the full SHA 64d3be9View commit details
Commits on Aug 10, 2023
-
accel/tcg: Avoid reading too much in load_atom_{2,4}
When load_atom_extract_al16_or_al8 is inexpensive, we want to use it early, in order to avoid the overhead of required_atomicity. However, we must not read past the end of the page. If there are more than 8 bytes remaining, then both the "aligned 16" and "aligned 8" paths align down so that the read has at least 16 bytes remaining on the page. Reviewed-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6a2c23d - Browse repository at this point
Copy the full SHA 6a2c23dView commit details -
tests/tcg: ensure system-mode gdb tests start stopped
Without -S we run into potential races with tests starting before the gdbstub attaches. We don't need to worry about user-mode as enabling the gdbstub implies we wait for the initial connection. Signed-off-by: Alex Bennée <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for dad1036 - Browse repository at this point
Copy the full SHA dad1036View commit details -
gdbstub: more fixes for client Ctrl-C handling
The original fix caused problems with spurious characters on other system emulation. So: - instead of spamming output make the warning a trace point - ensure we only allow a stop reply if it was 0x3 Suggested-by: Matheus Tavares Bernardino <[email protected]> Signed-off-by: Alex Bennée <[email protected]> Message-Id: <456ed3318421dd7946bdfb5ceda7e05332da368c.1690910333.git.quic_mathbern@quicinc.com> Reviewed-by: Richard Henderson <[email protected]> Tested-by: Richard Henderson <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3869eb7 - Browse repository at this point
Copy the full SHA 3869eb7View commit details -
gdbstub: don't complain about preemptive ACK chars
When starting a remote connection GDB sends an '+': /* Ack any packet which the remote side has already sent. */ remote_serial_write ("+", 1); which gets flagged as a garbage character in the gdbstub state machine. As gdb does send it out lets be permissive about the handling so we can better see real issues. Signed-off-by: Alex Bennée <[email protected]> Cc: [email protected] Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f1b0f89 - Browse repository at this point
Copy the full SHA f1b0f89View commit details -
Merge tag 'pull-tcg-20230810' of https://gitlab.com/rth7680/qemu into…
… staging accel/tcg: Avoid reading too much in load_atom_{2,4} tests/tcg: ensure system-mode gdb tests start stopped gdbstub: more fixes for client Ctrl-C handling # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTVJ4EdHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV+/iAf9EUojONGO1FQCUokR # +8kfHFaGH5R5U4v6Zd6xlwHt94iagW8s+DdpM/YdmgZFxQ5jglCCsLOXQYtJ/HPu # McKRv86Yr264ysrwYzTuyOLIC585UU0KzYbGBQvjCSeQ43Au5bR/3ec35Lwgm7OO # eukLdpmuD4QoSgBmVgkbziKH1zaX8NjgPoWGfFqxfzzWUZBfU4VfyLgGKw2gtqoz # fMTORiqbnzSvQfYINNJ0qBTyXWm0YmydDzaK6zfBrsCzdMk3JYksxgneItvqgRar # A5UAYUPhBPftIyTAnI3PQo+siyuaDhFRU9BwHb25a/pkuOUg8PBFO2HruseLmmdl # bPcnhQ== # =7c0w # -----END PGP SIGNATURE----- # gpg: Signature made Thu 10 Aug 2023 11:08:01 AM PDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "[email protected]" # gpg: Good signature from "Richard Henderson <[email protected]>" [ultimate] * tag 'pull-tcg-20230810' of https://gitlab.com/rth7680/qemu: gdbstub: don't complain about preemptive ACK chars gdbstub: more fixes for client Ctrl-C handling tests/tcg: ensure system-mode gdb tests start stopped accel/tcg: Avoid reading too much in load_atom_{2,4} Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 70b7399 - Browse repository at this point
Copy the full SHA 70b7399View commit details -
Update version for v8.1.0-rc3 release
Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3944e93 - Browse repository at this point
Copy the full SHA 3944e93View commit details
Commits on Aug 11, 2023
-
hw/pci-host: Allow extended config space access for Designware PCIe host
In pcie_bus_realize(), a root bus is realized as a PCIe bus and a non-root bus is realized as a PCIe bus if its parent bus is a PCIe bus. However, the child bus "dw-pcie" is realized before the parent bus "pcie" which is the root PCIe bus. Thus, the extended configuration space is not accessible on "dw-pcie". The issue can be resolved by adding the PCI_BUS_EXTENDED_CONFIG_SPACE flag to "pcie" before "dw-pcie" is realized. Signed-off-by: Jason Chien <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Reviewed-by: Frank Chang <[email protected]> Signed-off-by: Jason Chien <<a href="mailto:[email protected]" target="_blank">[email protected]</a>><br>
Configuration menu - View commit details
-
Copy full SHA for 3d449bc - Browse repository at this point
Copy the full SHA 3d449bcView commit details -
pci: Fix the update of interrupt disable bit in PCI_COMMAND register
The PCI_COMMAND register is located at offset 4 within the PCI configuration space and occupies 2 bytes. The interrupt disable bit is at the 10th bit, which corresponds to the byte at offset 5 in the PCI configuration space. In our testing environment, the guest driver may directly updates the byte at offset 5 in the PCI configuration space. The backtrace looks like as following: at hw/pci/pci.c:1442 at hw/virtio/virtio-pci.c:605 val=5, len=1) at hw/pci/pci_host.c:81 In this situation, the range_covers_byte function called by the pci_default_write_config function will return false, resulting in the inability to handle the interrupt disable update event. To fix this issue, we can use the ranges_overlap function instead of range_covers_byte to determine whether the interrupt bit has been updated. Signed-off-by: Guoyi Tu <[email protected]> Signed-off-by: yuanminghao <[email protected]> Message-Id: <[email protected]> Reviewed-by: Michael S. Tsirkin <[email protected]> Signed-off-by: Michael S. Tsirkin <[email protected]> Fixes: b6981cb ("pci: interrupt disable bit support")
Configuration menu - View commit details
-
Copy full SHA for 0f93624 - Browse repository at this point
Copy the full SHA 0f93624View commit details -
Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/m…
…st/qemu into staging pci: last minute bugfixes two fixes that seem very safe and important enough to sneak in before the release. Signed-off-by: Michael S. Tsirkin <[email protected]> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmTWXvIPHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRpe7sH/0KteOBt324LUYZ+4NR6EQE5KDsCANGiySBK # r0B6lhcFHvNd2ej0g2hW7lL6nVVCQBkJLLzfNIR/aHkeCmOttfbhv4eF4S6Ho27d # DpkXCPZRT6F11gY7G1swFapNS/f0P7F5LGRjq4sbuw3FpyHBz0DqCQ0GOab2Qorq # VfuOfA01nYGNzHOKrEL7k9Io55oqPVcAe+5TaipNCQ4nW82i32ItTyFjQFdLIAay # qY4HEwP9vPuVwWNdQjXJNfirLMO5GQfEbyKDAjap2sL25zAV2w+mgn7xg/xkTfM6 # iMX2m14lKRMy2hr8dEVh/XdLf7loAN1jSE8/Wdt+PEaexolqxCM= # =1GLE # -----END PGP SIGNATURE----- # gpg: Signature made Fri 11 Aug 2023 09:16:50 AM PDT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "[email protected]" # gpg: Good signature from "Michael S. Tsirkin <[email protected]>" [undefined] # gpg: aka "Michael S. Tsirkin <[email protected]>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: pci: Fix the update of interrupt disable bit in PCI_COMMAND register hw/pci-host: Allow extended config space access for Designware PCIe host Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 44e13cb - Browse repository at this point
Copy the full SHA 44e13cbView commit details -
target/riscv/kvm.c: fix mvendorid size in vcpu_set_machine_ids()
cpu->cfg.mvendorid is a 32 bit field and kvm_set_one_reg() always write a target_ulong val, i.e. a 64 bit field in a 64 bit host. Given that we're passing a pointer to the mvendorid field, the reg is reading 64 bits starting from mvendorid and going 32 bits in the next field, marchid. Here's an example: $ ./qemu-system-riscv64 -machine virt,accel=kvm -m 2G -smp 1 \ -cpu rv64,marchid=0xab,mvendorid=0xcd,mimpid=0xef(...) (inside the guest) # cat /proc/cpuinfo processor : 0 hart : 0 isa : rv64imafdc_zicbom_zicboz_zihintpause_zbb_sstc mmu : sv57 mvendorid : 0xab000000cd marchid : 0xab mimpid : 0xef 'mvendorid' was written as a combination of 0xab (the value from the adjacent field, marchid) and its intended value 0xcd. Fix it by assigning cpu->cfg.mvendorid to a target_ulong var 'reg' and use it as input for kvm_set_one_reg(). Here's the result with this patch applied and using the same QEMU command line: # cat /proc/cpuinfo processor : 0 hart : 0 isa : rv64imafdc_zicbom_zicboz_zihintpause_zbb_sstc mmu : sv57 mvendorid : 0xcd marchid : 0xab mimpid : 0xef This bug affects only the generic (rv64) CPUs when running with KVM in a 64 bit env since the 'host' CPU does not allow the machine IDs to be changed via command line. Fixes: 1fb5a62 ("target/riscv: handle mvendorid/marchid/mimpid for KVM CPUs") Signed-off-by: Daniel Henrique Barboza <[email protected]> Acked-by: Alistair Francis <[email protected]> Reviewed-by: Andrew Jones <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 136cb9c - Browse repository at this point
Copy the full SHA 136cb9cView commit details -
hw/riscv/virt.c: change 'aclint' TCG check
The 'aclint' property is being conditioned with tcg acceleration in virt_machine_class_init(). But acceleration code starts later than the class init of the board, meaning that tcg_enabled() will be always be false during class_init(), and the option is never being declared even when declaring TCG accel: $ ./build/qemu-system-riscv64 -M virt,accel=tcg,aclint=on qemu-system-riscv64: Property 'virt-machine.aclint' not found Fix it by moving the check from class_init() to machine_init(). Tune the description to mention that the option is TCG only. Cc: Philippe Mathieu-Daudé <[email protected]> Fixes: c0716c8 ("hw/riscv/virt: Restrict ACLINT to TCG") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1823 Signed-off-by: Daniel Henrique Barboza <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b274c23 - Browse repository at this point
Copy the full SHA b274c23View commit details -
Merge tag 'pull-riscv-to-apply-20230811-3' of https://github.com/alis…
…tair23/qemu into staging Sixth RISC-V PR for 8.1 This is a last minute PR for RISC-V. The main goal is to fix https://gitlab.com/qemu-project/qemu/-/issues/1823 which is a regression that means the aclint option cannot be enabled. While we are here we also fixup KVM issue. * KVM: fix mvendorid size * Fixup aclint check # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEaukCtqfKh31tZZKWr3yVEwxTgBMFAmTWfK0ACgkQr3yVEwxT # gBNDTw/9EnIjXKBCwSejcL3xYpwTDbUbwou3dkkSjnEkhmxvPPM3H0pWet+xYlPg # Lgt9b9clHZAjqGoHFxEdU8fS0MY4Jq5jDAinsS2TK6czLPBe5EEhyVjoDH5iRhTX # AymK1XgwQ2kAuw2lhcb74GDboajkC7hNhr2Km1hLtpYV7bCW/efAUSO7adG4KBlB # SCu06s9VdFtINW0mVN249JvRVQ1408HCQ5gwA0lLVdXhfHluVidwOjc//ELtdnQn # SeHdX1V+e+3fiYuqmr2UHaJXp9s0ZInOyLIDBPA97SOUdaO/oy+siZYRk25yV99h # Ec7tpNnYJjzppmc++GlzTNpUWVEBM6j+QyD7ioEj4yAGkMEjUlgLcImyGng1TT4i # uvABg91uzJyBoUga3GhZYt/sPW00Jft4VYH3QvGOOwjarIor8K0J7sox8eIOfEs4 # JqCIYX4kas+DwK4+i8WyjMeuihWFJ5ipKR7Gwhbe5uQ5szTXFYIT4TZH/78BWozI # dMu5HOyu5+l9yCy39NP7FjNJ6VQKBYGvlkUr5rLRS0yQWGThaK8wIBMXcuZCW96p # hSy/pratHQYaIRr0ZiqRcNyFNsTMua/C2DMPcjQR1ci8xdj010DoriyS0Vsh88xq # pVgC6gYn59gDUdBx0gB/ZSMu4O+F/+Z5htnucoTxvwpKxUU48Lg= # =x8Fl # -----END PGP SIGNATURE----- # gpg: Signature made Fri 11 Aug 2023 11:23:41 AM PDT # gpg: using RSA key 6AE902B6A7CA877D6D659296AF7C95130C538013 # gpg: Good signature from "Alistair Francis <[email protected]>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 6AE9 02B6 A7CA 877D 6D65 9296 AF7C 9513 0C53 8013 * tag 'pull-riscv-to-apply-20230811-3' of https://github.com/alistair23/qemu: hw/riscv/virt.c: change 'aclint' TCG check target/riscv/kvm.c: fix mvendorid size in vcpu_set_machine_ids() Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for bb5f142 - Browse repository at this point
Copy the full SHA bb5f142View commit details
Commits on Aug 12, 2023
-
tcg/i386: Output %gs prefix in tcg_out_vex_opc
Missing the segment prefix means that user-only fails to add guest_base for some 128-bit load/store. Fixes: 098d0fc ("tcg/i386: Support 128-bit load/store") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1763 Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d3b4112 - Browse repository at this point
Copy the full SHA d3b4112View commit details
Commits on Aug 15, 2023
-
Merge tag 'pull-tcg-20230814' of https://gitlab.com/rth7680/qemu into…
… staging tcg/i386: Output %gs prefix in tcg_out_vex_opc # -----BEGIN PGP SIGNATURE----- # # iQFRBAABCgA7FiEEekgeeIaLTbaoWgXAZN846K9+IV8FAmTa3j0dHHJpY2hhcmQu # aGVuZGVyc29uQGxpbmFyby5vcmcACgkQZN846K9+IV/8QQf8DhuMzyl5obTahtBa # BaxC6tyuvsGrhgxnAzGLrQ/fexlLcCBXi5j61zPmNPecgMYDYWy+bwGd4XnGy/TM # xJVjb/g5c0xXKhDYRpqbsD8L0iLWl+aWZX4pmbu8/FutWSOq9LTqU/XOHrdUVxH2 # FArIiGKdaAA4nf8MD9N1/2EfXnOhrXmPtc+qAJGQvQ1fvEWT9X7WKCXaUd8x8p9h # gCtm0CEJ11kmOcgH/mdXGL/Uv6U6Tx/8O5NbrKarSbFcxNMT1eTNOY5fceJioa/Q # fEkhNGMYlPXGrKeDFWeIYyf6P+5BwJRCRijKwPU5lPuXUkGKspQt24DOJyld/sWh # jq2lHQ== # =+LFD # -----END PGP SIGNATURE----- # gpg: Signature made Mon 14 Aug 2023 07:09:01 PM PDT # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "[email protected]" # gpg: Good signature from "Richard Henderson <[email protected]>" [ultimate] * tag 'pull-tcg-20230814' of https://gitlab.com/rth7680/qemu: tcg/i386: Output %gs prefix in tcg_out_vex_opc Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 408af44 - Browse repository at this point
Copy the full SHA 408af44View commit details
Commits on Aug 16, 2023
-
Update version for v8.1.0-rc4 release
Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0d52116 - Browse repository at this point
Copy the full SHA 0d52116View commit details
Commits on Aug 22, 2023
-
Update version for v8.1.0 release
Signed-off-by: Richard Henderson <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7e5a8bb - Browse repository at this point
Copy the full SHA 7e5a8bbView commit details
Commits on Aug 23, 2023
-
target/s390x: Fix the "ignored match" case in VSTRS
Currently the emulation of VSTRS recognizes partial matches in presence of \0 in the haystack, which, according to PoP, is not correct: If the ZS flag is one and a zero byte was detected in the second operand, then there can not be a partial match ... Add a check for this. While at it, fold a number of explicitly handled special cases into the generic logic. Cc: [email protected] Reported-by: Claudio Fontana <[email protected]> Closes: https://lists.gnu.org/archive/html/qemu-devel/2023-08/msg00633.html Fixes: 1d706f3 ("target/s390x: vxeh2: vector string search") Signed-off-by: Ilya Leoshkevich <[email protected]> Message-Id: <[email protected]> Tested-by: Claudio Fontana <[email protected]> Acked-by: David Hildenbrand <[email protected]> Signed-off-by: Thomas Huth <[email protected]> (cherry picked from commit 791b2b6a930273db694b9ba48bbb406e78715927) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5980189 - Browse repository at this point
Copy the full SHA 5980189View commit details -
target/s390x: Use a 16-bit immediate in VREP
Unlike most other instructions that contain an immediate element index, VREP's one is 16-bit, and not 4-bit. The code uses only 8 bits, so using, e.g., 0x101 does not lead to a specification exception. Fix by checking all 16 bits. Cc: [email protected] Fixes: 28d0873 ("s390x/tcg: Implement VECTOR REPLICATE") Signed-off-by: Ilya Leoshkevich <[email protected]> Message-Id: <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> Signed-off-by: Thomas Huth <[email protected]> (cherry picked from commit 23e87d419f347b6b5f4da3bf70d222acc24cdb64) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 880e82e - Browse repository at this point
Copy the full SHA 880e82eView commit details -
target/s390x: Fix VSTL with a large length
The length is always truncated to 16 bytes. Do not probe more than that. Cc: [email protected] Fixes: 0e0a5b4 ("s390x/tcg: Implement VECTOR STORE WITH LENGTH") Signed-off-by: Ilya Leoshkevich <[email protected]> Message-Id: <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> Signed-off-by: Thomas Huth <[email protected]> (cherry picked from commit 6db3518ba4fcddd71049718f138552999f0d97b4) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c12eddb - Browse repository at this point
Copy the full SHA c12eddbView commit details -
target/s390x: Check reserved bits of VFMIN/VFMAX's M5
VFMIN and VFMAX should raise a specification exceptions when bits 1-3 of M5 are set. Cc: [email protected] Fixes: da48075 ("s390x/tcg: Implement VECTOR FP (MAXIMUM|MINIMUM)") Signed-off-by: Ilya Leoshkevich <[email protected]> Message-Id: <[email protected]> Reviewed-by: David Hildenbrand <[email protected]> Signed-off-by: Thomas Huth <[email protected]> (cherry picked from commit 6a2ea6151835aa4f5fee29382a421c13b0e6619f) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 14a8213 - Browse repository at this point
Copy the full SHA 14a8213View commit details -
include/hw/virtio/virtio-gpu: Fix virtio-gpu with blob on big endian …
…hosts Using "-device virtio-gpu,blob=true" currently does not work on big endian hosts (like s390x). The guest kernel prints an error message like: [drm:virtio_gpu_dequeue_ctrl_func [virtio_gpu]] *ERROR* response 0x1200 (command 0x10c) and the display stays black. When running QEMU with "-d guest_errors", it shows an error message like this: virtio_gpu_create_mapping_iov: nr_entries is too big (83886080 > 16384) which indicates that this value has not been properly byte-swapped. And indeed, the virtio_gpu_create_blob_bswap() function (that should swap the fields in the related structure) fails to swap some of the entries. After correctly swapping all missing values here, too, the virtio-gpu device is now also working with blob=true on s390x hosts. Fixes: e0933d9 ("virtio-gpu: Add virtio_gpu_resource_create_blob") Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2230469 Message-Id: <[email protected]> Reviewed-by: Marc-André Lureau <[email protected]> Signed-off-by: Thomas Huth <[email protected]> (cherry picked from commit d194362910138776e8abd6bb3c9fb3693254e95f) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 01f6417 - Browse repository at this point
Copy the full SHA 01f6417View commit details
Commits on Aug 24, 2023
-
kvm: Introduce kvm_arch_get_default_type hook
kvm_arch_get_default_type() returns the default KVM type. This hook is particularly useful to derive a KVM type that is valid for "none" machine model, which is used by libvirt to probe the availability of KVM. For MIPS, the existing mips_kvm_type() is reused. This function ensures the availability of VZ which is mandatory to use KVM on the current QEMU. Cc: [email protected] Signed-off-by: Akihiko Odaki <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> [PMM: added doc comment for new function] Signed-off-by: Peter Maydell <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> (cherry picked from commit 5e0d65909c6f335d578b90491e165440c99adf81) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 34808d0 - Browse repository at this point
Copy the full SHA 34808d0View commit details -
accel/kvm: Specify default IPA size for arm64
Before this change, the default KVM type, which is used for non-virt machine models, was 0. The kernel documentation says: > On arm64, the physical address size for a VM (IPA Size limit) is > limited to 40bits by default. The limit can be configured if the host > supports the extension KVM_CAP_ARM_VM_IPA_SIZE. When supported, use > KVM_VM_TYPE_ARM_IPA_SIZE(IPA_Bits) to set the size in the machine type > identifier, where IPA_Bits is the maximum width of any physical > address used by the VM. The IPA_Bits is encoded in bits[7-0] of the > machine type identifier. > > e.g, to configure a guest to use 48bit physical address size:: > > vm_fd = ioctl(dev_fd, KVM_CREATE_VM, KVM_VM_TYPE_ARM_IPA_SIZE(48)); > > The requested size (IPA_Bits) must be: > > == ========================================================= > 0 Implies default size, 40bits (for backward compatibility) > N Implies N bits, where N is a positive integer such that, > 32 <= N <= Host_IPA_Limit > == ========================================================= > Host_IPA_Limit is the maximum possible value for IPA_Bits on the host > and is dependent on the CPU capability and the kernel configuration. > The limit can be retrieved using KVM_CAP_ARM_VM_IPA_SIZE of the > KVM_CHECK_EXTENSION ioctl() at run-time. > > Creation of the VM will fail if the requested IPA size (whether it is > implicit or explicit) is unsupported on the host. https://docs.kernel.org/virt/kvm/api.html#kvm-create-vm So if Host_IPA_Limit < 40, specifying 0 as the type will fail. This actually confused libvirt, which uses "none" machine model to probe the KVM availability, on M2 MacBook Air. Fix this by using Host_IPA_Limit as the default type when KVM_CAP_ARM_VM_IPA_SIZE is available. Cc: [email protected] Signed-off-by: Akihiko Odaki <[email protected]> Message-id: [email protected] Reviewed-by: Peter Maydell <[email protected]> Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit 1ab445af8cd99343f29032b5944023ad7d8edebf) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c8e381d - Browse repository at this point
Copy the full SHA c8e381dView commit details -
A typo, noted in the bug report, resulting in an incorrect write offset. Cc: [email protected] Fixes: 7390e0e ("target/arm: Implement SME LD1, ST1") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1833 Signed-off-by: Richard Henderson <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit 4b3520fd93cd49cc56dfcab45d90735cc2e35af7) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 7012e20 - Browse repository at this point
Copy the full SHA 7012e20View commit details -
Typo applied byte-wise shift instead of double-word shift. Cc: [email protected] Fixes: 631e565 ("target/arm: Create gen_gvec_[us]sra") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1737 Signed-off-by: Richard Henderson <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit cd1e4db73646006039f25879af3bff55b2295ff3) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 63188a0 - Browse repository at this point
Copy the full SHA 63188a0View commit details -
docs/about/license: Update LICENSE URL
In early 2021 (see commit 2ad7843 "docs: update README to use GitLab repo URLs") almost all of the code base was converted to point to GitLab instead of git.qemu.org. During 2023, git.qemu.org switched from a git mirror to a http redirect to GitLab (see [1]). Update the LICENSE URL to match its previous content, displaying the file raw content similarly to gitweb 'blob_plain' format ([2]). [1] https://lore.kernel.org/qemu-devel/CABgObfZu3mFc8tM20K-yXdt7F-7eV-uKZN4sKDarSeu7DYoRbA@mail.gmail.com/ [2] https://git-scm.com/docs/gitweb#Documentation/gitweb.txt-blobplain Reviewed-by: Daniel P. Berrangé <[email protected]> Signed-off-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Signed-off-by: Stefan Hajnoczi <[email protected]> Message-ID: <[email protected]> (cherry picked from commit 09a3fffae00b042bed8ad9c351b1a58c505fde37) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 441106e - Browse repository at this point
Copy the full SHA 441106eView commit details
Commits on Aug 30, 2023
-
softmmu: Assert data in bounds in iotlb_to_section
Acked-by: Alex Bennée <[email protected]> Suggested-by: Alex Bennée <[email protected]> Signed-off-by: Richard Henderson <[email protected]> (cherry picked from commit 86e4f93d827d3c1efd00cd8a906e38a2c0f2b5bc) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 5691fbf - Browse repository at this point
Copy the full SHA 5691fbfView commit details
Commits on Sep 21, 2023
-
block-migration: Ensure we don't crash during migration cleanup
We can fail the blk_insert_bs() at init_blk_migration(), leaving the BlkMigDevState without a dirty_bitmap and BlockDriverState. Account for the possibly missing elements when doing cleanup. Fix the following crashes: Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. 0x0000555555ec83ef in bdrv_release_dirty_bitmap (bitmap=0x0) at ../block/dirty-bitmap.c:359 359 BlockDriverState *bs = bitmap->bs; #0 0x0000555555ec83ef in bdrv_release_dirty_bitmap (bitmap=0x0) at ../block/dirty-bitmap.c:359 #1 0x0000555555bba331 in unset_dirty_tracking () at ../migration/block.c:371 #2 0x0000555555bbad98 in block_migration_cleanup_bmds () at ../migration/block.c:681 Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. 0x0000555555e971ff in bdrv_op_unblock (bs=0x0, op=BLOCK_OP_TYPE_BACKUP_SOURCE, reason=0x0) at ../block.c:7073 7073 QLIST_FOREACH_SAFE(blocker, &bs->op_blockers[op], list, next) { #0 0x0000555555e971ff in bdrv_op_unblock (bs=0x0, op=BLOCK_OP_TYPE_BACKUP_SOURCE, reason=0x0) at ../block.c:7073 #1 0x0000555555e9734a in bdrv_op_unblock_all (bs=0x0, reason=0x0) at ../block.c:7095 #2 0x0000555555bbae13 in block_migration_cleanup_bmds () at ../migration/block.c:690 Signed-off-by: Fabiano Rosas <[email protected]> Message-id: [email protected] Signed-off-by: Stefan Hajnoczi <[email protected]> (cherry picked from commit f187609f27b261702a17f79d20bf252ee0d4f9cd) Signed-off-by: Michael Tokarev <[email protected]>
Fabiano Rosas authored and Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 86d7b08 - Browse repository at this point
Copy the full SHA 86d7b08View commit details -
target/arm: properly document FEAT_CRC32
This is a mandatory feature for Armv8.1 architectures but we don't state the feature clearly in our emulation list. Also include FEAT_CRC32 comment in aarch64_max_tcg_initfn for ease of grepping. Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Alex Bennée <[email protected]> Message-id: [email protected] Cc: [email protected] Message-Id: <[email protected]> [PMM: pluralize 'instructions' in docs] Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit 9e771a2fc68d98c5719b877e008d1dca64e6896e) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 645b87f - Browse repository at this point
Copy the full SHA 645b87fView commit details -
linux-user: Adjust brk for load_bias
PIE executables are usually linked at offset 0 and are relocated somewhere during load. The hiaddr needs to be adjusted to keep the brk next to the executable. Cc: [email protected] Fixes: 1f356e8 ("linux-user: Adjust initial brk when interpreter is close to executable") Tested-by: Helge Deller <[email protected]> Reviewed-by: Ilya Leoshkevich <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Richard Henderson <[email protected]> (cherry picked from commit aec338d63bc28f1f13d5e64c561d7f1dd0e4b07e) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e5e77f2 - Browse repository at this point
Copy the full SHA e5e77f2View commit details -
target/i386: raise FERR interrupt with iothread locked
Otherwise tcg_handle_interrupt() triggers an assertion failure: #5 0x0000555555c97369 in tcg_handle_interrupt (cpu=0x555557434cb0, mask=2) at ../accel/tcg/tcg-accel-ops.c:83 #6 tcg_handle_interrupt (cpu=0x555557434cb0, mask=2) at ../accel/tcg/tcg-accel-ops.c:81 #7 0x0000555555b4d58b in pic_irq_request (opaque=<optimized out>, irq=<optimized out>, level=1) at ../hw/i386/x86.c:555 #8 0x0000555555b4f218 in gsi_handler (opaque=0x5555579423d0, n=13, level=1) at ../hw/i386/x86.c:611 #9 0x00007fffa42bde14 in code_gen_buffer () #10 0x0000555555c724bb in cpu_tb_exec (cpu=cpu@entry=0x555557434cb0, itb=<optimized out>, tb_exit=tb_exit@entry=0x7fffe9bfd658) at ../accel/tcg/cpu-exec.c:457 Cc: [email protected] Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1808 Reported-by: NyanCatTW1 <https://gitlab.com/a0939712328> Co-developed-by: Richard Henderson <[email protected]>' Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Paolo Bonzini <[email protected]> (cherry picked from commit c1f27a0c6ae4059a1d809e9c2bc4d47b823c32a3) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e975434 - Browse repository at this point
Copy the full SHA e975434View commit details -
ui/dbus: Properly dispose touch/mouse dbus objects
Fixes: 142ca62 ("ui: add a D-Bus display backend") Fixes: de9f844 ("ui/dbus: Expose a touch device interface") Signed-off-by: Bilal Elmoussaoui <[email protected]> Reviewed-by: Marc-André Lureau <[email protected]> Message-Id: <[email protected]> (cherry picked from commit cb6ccdc9ca705cd8c3ef50e51c16a3732c2fa734) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 0175121 - Browse repository at this point
Copy the full SHA 0175121View commit details -
ppc/vof: Fix missed fields in VOF cleanup
Failing to reset the of_instance_last makes ihandle allocation continue to increase, which causes record-replay replay fail to match the recorded trace. Not resetting claimed_base makes VOF eventually run out of memory after some resets. Cc: Alexey Kardashevskiy <[email protected]> Fixes: fc8c745 ("spapr: Implement Open Firmware client interface") Signed-off-by: Nicholas Piggin <[email protected]> Reviewed-by: Alexey Kardashevskiy <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> (cherry picked from commit 7b8589d7ce7e23f26ff53338d575a5cbd7818e28) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6864f05 - Browse repository at this point
Copy the full SHA 6864f05View commit details -
hw/ppc/e500: fix broken snapshot replay
ppce500_reset_device_tree is registered for system reset, but after c4b0753 this function rerandomizes rng-seed via qemu_guest_getrandom_nofail. And when loading a snapshot, it tries to read EVENT_RANDOM that doesn't exist, so we have an error: qemu-system-ppc: Missing random event in the replay log To fix this, use qemu_register_reset_nosnapshotload instead of qemu_register_reset. Reported-by: Vitaly Cheptsov <[email protected]> Fixes: c4b0753 ("hw/ppc: pass random seed to fdt ") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1634 Signed-off-by: Maksim Kostin <[email protected]> Reviewed-by: Nicholas Piggin <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> (cherry picked from commit 6ec65b69ba17c954414fa23a397fb8a3fcfb4a43) Signed-off-by: Michael Tokarev <[email protected]>
Maksim Kostin authored and Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 5358980 - Browse repository at this point
Copy the full SHA 5358980View commit details -
target/ppc: Flush inputs to zero with NJ in ppc_store_vscr
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1779 Signed-off-by: Richard Henderson <[email protected]> Reviewed-by: Nicholas Piggin <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> (cherry picked from commit af03aeb631eeb81a44d2c0ff5b429cd4b5dc2799) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9f54fef - Browse repository at this point
Copy the full SHA 9f54fefView commit details -
target/ppc: Fix LQ, STQ register-pair order for big-endian
LQ, STQ have the same register-pair ordering as LQARX/STQARX., which is the even (lower) register contains the most significant bits. This is not implemented correctly for big-endian. do_ldst_quad() has variables low_addr_gpr and high_addr_gpr which is confusing because they are low and high addresses, whereas LQARX/STQARX. and most such things use the low and high values for lo/hi variables. The conversion to native 128-bit memory access functions missed this strangeness. Fix this by changing the if condition, and change the variable names to hi/lo to match convention. Cc: [email protected] Reported-by: Ivan Warren <[email protected]> Fixes: 57b38ff ("target/ppc: Use tcg_gen_qemu_{ld,st}_i128 for LQARX, LQ, STQ") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1836 Signed-off-by: Nicholas Piggin <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> (cherry picked from commit 718209358f2e4f231cbacf974c3299c4fe7beb83) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for f64f1f8 - Browse repository at this point
Copy the full SHA f64f1f8View commit details -
hw/ide/core: set ERR_STAT in unsupported command completion
Currently, the first time sending an unsupported command (e.g. READ LOG DMA EXT) will not have ERR_STAT set in the completion. Sending the unsupported command again, will correctly have ERR_STAT set. When ide_cmd_permitted() returns false, it calls ide_abort_command(). ide_abort_command() first calls ide_transfer_stop(), which will call ide_transfer_halt() and ide_cmd_done(), after that ide_abort_command() sets ERR_STAT in status. ide_cmd_done() for AHCI will call ahci_write_fis_d2h() which writes the current status in the FIS, and raises an IRQ. (The status here will not have ERR_STAT set!). Thus, we cannot call ide_transfer_stop() before setting ERR_STAT, as ide_transfer_stop() will result in the FIS being written and an IRQ being raised. The reason why it works the second time, is that ERR_STAT will still be set from the previous command, so when writing the FIS, the completion will correctly have ERR_STAT set. Set ERR_STAT before writing the FIS (calling cmd_done), so that we will raise an error IRQ correctly when receiving an unsupported command. Signed-off-by: Niklas Cassel <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] Signed-off-by: John Snow <[email protected]> (cherry picked from commit c3461c6264a7c8ca15b117e91fe5da786924a784) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for c2e0495 - Browse repository at this point
Copy the full SHA c2e0495View commit details -
hw/ide/ahci: write D2H FIS when processing NCQ command
The way that BUSY + PxCI is cleared for NCQ (FPDMA QUEUED) commands is described in SATA 3.5a Gold: 11.15 FPDMA QUEUED command protocol DFPDMAQ2: ClearInterfaceBsy "Transmit Register Device to Host FIS with the BSY bit cleared to zero and the DRQ bit cleared to zero and Interrupt bit cleared to zero to mark interface ready for the next command." PxCI is currently cleared by handle_cmd(), but we don't write the D2H FIS to the FIS Receive Area that actually caused PxCI to be cleared. Similar to how ahci_pio_transfer() calls ahci_write_fis_pio() with an additional parameter to write a PIO Setup FIS without raising an IRQ, add a parameter to ahci_write_fis_d2h() so that ahci_write_fis_d2h() also can write the FIS to the FIS Receive Area without raising an IRQ. Change process_ncq_command() to call ahci_write_fis_d2h() without raising an IRQ (similar to ahci_pio_transfer()), such that the FIS Receive Area is in sync with the PxTFD shadow register. E.g. Linux reads status and error fields from the FIS Receive Area directly, so it is wise to keep the FIS Receive Area and the PxTFD shadow register in sync. Signed-off-by: Niklas Cassel <[email protected]> Message-id: [email protected] Signed-off-by: John Snow <[email protected]> (cherry picked from commit 2967dc8209dd27b61a6ab7bad78cf7c6ec58ddb4) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1efefd1 - Browse repository at this point
Copy the full SHA 1efefd1View commit details -
hw/ide/ahci: simplify and document PxCI handling
The AHCI spec states that: For NCQ, PxCI is cleared on command queued successfully. For non-NCQ, PxCI is cleared on command completed successfully. (A non-NCQ command that completes with error does not clear PxCI.) The current QEMU implementation either clears PxCI in check_cmd(), or in ahci_cmd_done(). check_cmd() will clear PxCI for a command if handle_cmd() returns 0. handle_cmd() will return -1 if BUSY or DRQ is set. The QEMU implementation for NCQ commands will currently not set BUSY or DRQ, so they will always have PxCI cleared by handle_cmd(). ahci_cmd_done() will never even get called for NCQ commands. Non-NCQ commands are executed by ide_bus_exec_cmd(). Non-NCQ commands in QEMU are implemented either in a sync or in an async way. For non-NCQ commands implemented in a sync way, the command handler will return true, and when ide_bus_exec_cmd() sees that a command handler returns true, it will call ide_cmd_done() (which will call ahci_cmd_done()). For a command implemented in a sync way, ahci_cmd_done() will do nothing (since busy_slot is not set). Instead, after ide_bus_exec_cmd() has finished, check_cmd() will clear PxCI for these commands. For non-NCQ commands implemented in an async way (using either aiocb or pio_aiocb), the command handler will return false, ide_bus_exec_cmd() will not call ide_cmd_done(), instead it is expected that the async callback function will call ide_cmd_done() once the async command is done. handle_cmd() will set busy_slot, if and only if BUSY or DRQ is set, and this is checked _after_ ide_bus_exec_cmd() has returned. handle_cmd() will return -1, so check_cmd() will not clear PxCI. When the async callback calls ide_cmd_done() (which will call ahci_cmd_done()), it will see that busy_slot is set, and ahci_cmd_done() will clear PxCI. This seems racy, since busy_slot is set _after_ ide_bus_exec_cmd() has returned. The callback might come before busy_slot gets set. And it is quite confusing that ahci_cmd_done() will be called for all non-NCQ commands when the command is done, but will only clear PxCI in certain cases, even though it will always write a D2H FIS and raise an IRQ. Even worse, in the case where ahci_cmd_done() does not clear PxCI, it still raises an IRQ. Host software might thus read an old PxCI value, since PxCI is cleared (by check_cmd()) after the IRQ has been raised. Try to simplify this by always setting busy_slot for non-NCQ commands, such that ahci_cmd_done() will always be responsible for clearing PxCI for non-NCQ commands. For NCQ commands, clear PxCI when we receive the D2H FIS, but before raising the IRQ, see AHCI 1.3.1, section 5.3.8, states RegFIS:Entry and RegFIS:ClearCI. Signed-off-by: Niklas Cassel <[email protected]> Message-id: [email protected] Signed-off-by: John Snow <[email protected]> (cherry picked from commit e2a5d9b3d9c3d311618160603cc9bc04fbd98796) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 16cc959 - Browse repository at this point
Copy the full SHA 16cc959View commit details -
hw/ide/ahci: PxSACT and PxCI is cleared when PxCMD.ST is cleared
According to AHCI 1.3.1 definition of PxSACT: This field is cleared when PxCMD.ST is written from a '1' to a '0' by software. This field is not cleared by a COMRESET or a software reset. According to AHCI 1.3.1 definition of PxCI: This field is also cleared when PxCMD.ST is written from a '1' to a '0' by software. Clearing PxCMD.ST is part of the error recovery procedure, see AHCI 1.3.1, section "6.2 Error Recovery". If we don't clear PxCI on error recovery, the previous command will incorrectly still be marked as pending after error recovery. Signed-off-by: Niklas Cassel <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] Signed-off-by: John Snow <[email protected]> (cherry picked from commit d73b84d0b664e60fffb66f46e84d0db4a8e1c713) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4fbd5a5 - Browse repository at this point
Copy the full SHA 4fbd5a5View commit details -
hw/ide/ahci: PxCI should not get cleared when ERR_STAT is set
For NCQ, PxCI is cleared on command queued successfully. For non-NCQ, PxCI is cleared on command completed successfully. Successfully means ERR_STAT, BUSY and DRQ are all cleared. A command that has ERR_STAT set, does not get to clear PxCI. See AHCI 1.3.1, section 5.3.8, states RegFIS:Entry and RegFIS:ClearCI, and 5.3.16.5 ERR:FatalTaskfile. In the case of non-NCQ commands, not clearing PxCI is needed in order for host software to be able to see which command slot that failed. Signed-off-by: Niklas Cassel <[email protected]> Message-id: [email protected] Signed-off-by: John Snow <[email protected]> (cherry picked from commit 1a16ce64fda11bdf50f0c4ab5d9fdde72c1383a2) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 4448c34 - Browse repository at this point
Copy the full SHA 4448c34View commit details -
hw/ide/ahci: fix ahci_write_fis_sdb()
When there is an error, we need to raise a TFES error irq, see AHCI 1.3.1, 5.3.13.1 SDB:Entry. If ERR_STAT is set, we jump to state ERR:FatalTaskfile, which will raise a TFES IRQ unconditionally, regardless if the I bit is set in the FIS or not. Thus, we should never raise a normal IRQ after having sent an error IRQ. It is valid to signal successfully completed commands as finished in the same SDB FIS that generates the error IRQ. The important thing is that commands that did not complete successfully (e.g. commands that were aborted, do not get the finished bit set). Before this commit, there was never a TFES IRQ raised on NCQ error. Signed-off-by: Niklas Cassel <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] Signed-off-by: John Snow <[email protected]> (cherry picked from commit 7e85cb0db4c693b4e084a00e66fe73a22ed1688a) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for e8f5ca5 - Browse repository at this point
Copy the full SHA e8f5ca5View commit details -
hw/ide/ahci: fix broken SError handling
When encountering an NCQ error, you should not write the NCQ tag to the SError register. This is completely wrong. The SError register has a clear definition, where each bit represents a different error, see PxSERR definition in AHCI 1.3.1. If we write a random value (like the NCQ tag) in SError, e.g. Linux will read SError, and will trigger arbitrary error handling depending on the NCQ tag that happened to be executing. In case of success, ncq_cb() will call ncq_finish(). In case of error, ncq_cb() will call ncq_err() (which will clear ncq_tfs->used), and then call ncq_finish(), thus using ncq_tfs->used is sufficient to tell if finished should get set or not. Signed-off-by: Niklas Cassel <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-id: [email protected] Signed-off-by: John Snow <[email protected]> (cherry picked from commit 9f89423537653de07ca40c18b5ff5b70b104cc93) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d536158 - Browse repository at this point
Copy the full SHA d536158View commit details -
hw/i2c/aspeed: Fix Tx count and Rx size error in buffer pool mode
Fixed inconsistency between the regisiter bit field definition header file and the ast2600 datasheet. The reg name is I2CD1C:Pool Buffer Control Register in old register mode and I2CC0C: Master/Slave Pool Buffer Control Register in new register mode. They share bit field [12:8]:Transmit Data Byte Count and bit field [29:24]:Actual Received Pool Buffer Size according to the datasheet. According to the ast2600 datasheet,the actual Tx count is Transmit Data Byte Count plus 1, and the max Rx size is Receive Pool Buffer Size plus 1, both in Pool Buffer Control Register. The version before forgot to plus 1, and mistake Rx count for Rx size. Signed-off-by: Hang Yu <[email protected]> Fixes: 3be3d6c ("aspeed: i2c: Migrate to registerfields API") Reviewed-by: Cédric Le Goater <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> (cherry picked from commit 97b8aa5ae9ff197394395eda5062ea3681e09c28) Signed-off-by: Michael Tokarev <[email protected]>
Hang Yu authored and Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 9dc6f05 - Browse repository at this point
Copy the full SHA 9dc6f05View commit details -
hw/i2c/aspeed: Fix TXBUF transmission start position error
According to the ast2600 datasheet and the linux aspeed i2c driver, the TXBUF transmission start position should be TXBUF[0] instead of TXBUF[1],so the arg pool_start is useless,and the address is not included in TXBUF.So even if Tx Count equals zero,there is at least 1 byte data needs to be transmitted,and M_TX_CMD should not be cleared at this condition.The driver url is: https://github.com/AspeedTech-BMC/linux/blob/aspeed-master-v5.15/drivers/i2c/busses/i2c-ast2600.c Signed-off-by: Hang Yu <[email protected]> Fixes: 6054fc7 ("aspeed/i2c: Add support for pool buffer transfers") Reviewed-by: Cédric Le Goater <[email protected]> Signed-off-by: Cédric Le Goater <[email protected]> (cherry picked from commit 961faf3ddbd8ffcdf776bbcf88af0bc97218114a) Signed-off-by: Michael Tokarev <[email protected]>
Hang Yu authored and Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 25ec23a - Browse repository at this point
Copy the full SHA 25ec23aView commit details -
qemu-options.hx: Rephrase the descriptions of the -hd* and -cdrom opt…
…ions The current description says that these options will create a device on the IDE bus, which is only true on x86. So rephrase these sentences a little bit to speak of "default bus" instead. Signed-off-by: Thomas Huth <[email protected]> Reviewed-by: Alex Bennée <[email protected]> Signed-off-by: Michael Tokarev <[email protected]> (cherry picked from commit bcd8e243083c878884e52d609deddbe6be17c730) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 01bf87c - Browse repository at this point
Copy the full SHA 01bf87cView commit details -
docs tests: Fix use of migrate_set_parameter
docs/multi-thread-compression.txt uses parameter names with underscores instead of dashes. Wrong since day one. docs/rdma.txt, tests/qemu-iotests/181, and tests/qtest/test-hmp.c are wrong the same way since commit cbde7be (v6.0.0). Hard to see, as test-hmp doesn't check whether the commands work, and iotest 181 appears to be unaffected. Fixes: 263170e (docs: Add a doc about multiple thread compression) Fixes: cbde7be (migrate: remove QMP/HMP commands for speed, downtime and cache size) Signed-off-by: Markus Armbruster <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Signed-off-by: Michael Tokarev <[email protected]> (cherry picked from commit b21a6e31a182a5ae7436a444f840d49aac07c94f) Signed-off-by: Michael Tokarev <[email protected]>
Markus Armbruster authored and Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 6356785 - Browse repository at this point
Copy the full SHA 6356785View commit details -
hw/net/vmxnet3: Fix guest-triggerable assert()
The assert() that checks for valid MTU sizes can be triggered by the guest (e.g. with the reproducer code from the bug ticket https://gitlab.com/qemu-project/qemu/-/issues/517 ). Let's avoid this problem by simply logging the error and refusing to activate the device instead. Fixes: d05dcd9 ("net: vmxnet3: validate configuration values during activate") Signed-off-by: Thomas Huth <[email protected]> Cc: [email protected] Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Signed-off-by: Michael Tokarev <[email protected]> [Mjt: change format specifier from %d to %u for uint32_t argument] (cherry picked from commit 90a0778421acdf4ca903be64c8ed19378183c944) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 93d4107 - Browse repository at this point
Copy the full SHA 93d4107View commit details -
qxl: don't assert() if device isn't yet initialized
If the PCI BAR isn't yet mapped or was unmapped, QXL_IO_SET_MODE will assert(). Instead, report a guest bug and keep going. This can be reproduced with: cat << EOF | ./qemu-system-x86_64 -vga qxl -m 2048 -nodefaults -qtest stdio outl 0xcf8 0x8000101c outl 0xcfc 0xc000 outl 0xcf8 0x80001001 outl 0xcfc 0x01000000 outl 0xc006 0x00 EOF Fixes: https://gitlab.com/qemu-project/qemu/-/issues/1829 Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Thomas Huth <[email protected]> Cc: [email protected] Signed-off-by: Michael Tokarev <[email protected]> (cherry picked from commit 95bef686e490bc3afc3f51f5fc6e20bf260b938c) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for eeee989 - Browse repository at this point
Copy the full SHA eeee989View commit details -
virtio: Drop out of coroutine context in virtio_load()
virtio_load() as a whole should run in coroutine context because it reads from the migration stream and we don't want this to block. However, it calls virtio_set_features_nocheck() and devices don't expect their .set_features callback to run in a coroutine and therefore call functions that may not be called in coroutine context. To fix this, drop out of coroutine context for calling virtio_set_features_nocheck(). Without this fix, the following crash was reported: #0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44 #1 0x00007efc738c05d3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78 #2 0x00007efc73873d26 in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26 #3 0x00007efc738477f3 in __GI_abort () at abort.c:79 #4 0x00007efc7384771b in __assert_fail_base (fmt=0x7efc739dbcb8 "", assertion=assertion@entry=0x560aebfbf5cf "!qemu_in_coroutine()", file=file@entry=0x560aebfcd2d4 "../block/graph-lock.c", line=line@entry=275, function=function@entry=0x560aebfcd34d "void bdrv_graph_rdlock_main_loop(void)") at assert.c:92 #5 0x00007efc7386ccc6 in __assert_fail (assertion=0x560aebfbf5cf "!qemu_in_coroutine()", file=0x560aebfcd2d4 "../block/graph-lock.c", line=275, function=0x560aebfcd34d "void bdrv_graph_rdlock_main_loop(void)") at assert.c:101 #6 0x0000560aebcd8dd6 in bdrv_register_buf () #7 0x0000560aeb97ed97 in ram_block_added.llvm () #8 0x0000560aebb8303f in ram_block_add.llvm () #9 0x0000560aebb834fa in qemu_ram_alloc_internal.llvm () #10 0x0000560aebb2ac98 in vfio_region_mmap () #11 0x0000560aebb3ea0f in vfio_bars_register () #12 0x0000560aebb3c628 in vfio_realize () #13 0x0000560aeb90f0c2 in pci_qdev_realize () #14 0x0000560aebc40305 in device_set_realized () #15 0x0000560aebc48e07 in property_set_bool.llvm () #16 0x0000560aebc46582 in object_property_set () #17 0x0000560aebc4cd58 in object_property_set_qobject () #18 0x0000560aebc46ba7 in object_property_set_bool () #19 0x0000560aeb98b3ca in qdev_device_add_from_qdict () #20 0x0000560aebb1fbaf in virtio_net_set_features () #21 0x0000560aebb46b51 in virtio_set_features_nocheck () #22 0x0000560aebb47107 in virtio_load () #23 0x0000560aeb9ae7ce in vmstate_load_state () #24 0x0000560aeb9d2ee9 in qemu_loadvm_state_main () #25 0x0000560aeb9d45e1 in qemu_loadvm_state () #26 0x0000560aeb9bc32c in process_incoming_migration_co.llvm () #27 0x0000560aebeace56 in coroutine_trampoline.llvm () Cc: [email protected] Buglink: https://issues.redhat.com/browse/RHEL-832 Signed-off-by: Kevin Wolf <[email protected]> Message-ID: <[email protected]> Reviewed-by: Stefan Hajnoczi <[email protected]> Signed-off-by: Kevin Wolf <[email protected]> (cherry picked from commit 92e2e6a867334a990f8d29f07ca34e3162fdd6ec) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for df33ce9 - Browse repository at this point
Copy the full SHA df33ce9View commit details -
arm64: Restore trapless ptimer access
Due to recent KVM changes, QEMU is setting a ptimer offset resulting in unintended trap and emulate access and a consequent performance hit. Filter out the PTIMER_CNT register to restore trapless ptimer access. Quoting Andrew Jones: Simply reading the CNT register and writing back the same value is enough to set an offset, since the timer will have certainly moved past whatever value was read by the time it's written. QEMU frequently saves and restores all registers in the get-reg-list array, unless they've been explicitly filtered out (with Linux commit 680232a94c12, KVM_REG_ARM_PTIMER_CNT is now in the array). So, to restore trapless ptimer accesses, we need a QEMU patch to filter out the register. See https://lore.kernel.org/kvmarm/[email protected]/T/#m0770023762a821db2a3f0dd0a7dc6aa54e0d0da9 for additional context. Cc: [email protected] Signed-off-by: Andrew Jones <[email protected]> Signed-off-by: Colton Lewis <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Tested-by: Colton Lewis <[email protected]> Message-id: [email protected] Signed-off-by: Peter Maydell <[email protected]> (cherry picked from commit 682814e2a3c883b27f24b9e7cab47313c49acbd4) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 9832a67 - Browse repository at this point
Copy the full SHA 9832a67View commit details -
hw/char/riscv_htif: Fix printing of console characters on big endian …
…hosts The character that should be printed is stored in the 64 bit "payload" variable. The code currently tries to print it by taking the address of the variable and passing this pointer to qemu_chr_fe_write(). However, this only works on little endian hosts where the least significant bits are stored on the lowest address. To do this in a portable way, we have to store the value in an uint8_t variable instead. Fixes: 5033606 ("RISC-V HTIF Console") Signed-off-by: Thomas Huth <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Reviewed-by: Bin Meng <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-Id: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit c255946e3df4d9660e4f468a456633c24393d468) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 3d6251f - Browse repository at this point
Copy the full SHA 3d6251fView commit details -
hw/char/riscv_htif: Fix the console syscall on big endian hosts
Values that have been read via cpu_physical_memory_read() from the guest's memory have to be swapped in case the host endianess differs from the guest. Fixes: a6e13e3 ("riscv_htif: Support console output via proxy syscall") Signed-off-by: Thomas Huth <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Reviewed-by: Bin Meng <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Message-Id: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit 058096f1c55ab688db7e1d6814aaefc1bcd87f7a) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b9f8329 - Browse repository at this point
Copy the full SHA b9f8329View commit details -
target/riscv/cpu.c: add zmmul isa string
zmmul was promoted from experimental to ratified in commit 6d00ffa. Add a riscv,isa string for it. Fixes: 6d00ffa ("target/riscv: move zmmul out of the experimental properties") Signed-off-by: Daniel Henrique Barboza <[email protected]> Reviewed-by: Weiwei Li <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Message-Id: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit 50f9464962fb41f04fd5f42e7ee2cb60942aba89) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 987e90c - Browse repository at this point
Copy the full SHA 987e90cView commit details -
target/riscv: Fix page_check_range use in fault-only-first
Commit bef6f00(accel/tcg: Return bool from page_check_range) converts integer return value to bool type. However, it wrongly converted the use of the API in riscv fault-only-first, where page_check_range < = 0, should be converted to !page_check_range. Signed-off-by: LIU Zhiwei <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit 4cc9f284d5971ecd8055d26ef74c23ef0be8b8f5) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 6c24b60 - Browse repository at this point
Copy the full SHA 6c24b60View commit details -
target/riscv: Fix zfa fleq.d and fltq.d
Commit a47842d ("riscv: Add support for the Zfa extension") implemented the zfa extension. However, it has some typos for fleq.d and fltq.d. Both of them misused the fltq.s helper function. Fixes: a47842d ("riscv: Add support for the Zfa extension") Signed-off-by: LIU Zhiwei <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Reviewed-by: Weiwei Li <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit eda633a534f8af4abe3a88731bba6dacdb973993) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8ae2012 - Browse repository at this point
Copy the full SHA 8ae2012View commit details -
hw/intc: Fix upper/lower mtime write calculation
When writing the upper mtime, we should keep the original lower mtime whose value is given by cpu_riscv_read_rtc() instead of cpu_riscv_read_rtc_raw(). The same logic applies to writes to lower mtime. Signed-off-by: Jason Chien <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit e0922b73baf00c4c19d4ad30d09bb94f7ffea0f4) Signed-off-by: Michael Tokarev <[email protected]>
Jason Chien authored and Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 566dac7 - Browse repository at this point
Copy the full SHA 566dac7View commit details -
hw/intc: Make rtc variable names consistent
The variables whose values are given by cpu_riscv_read_rtc() should be named "rtc". The variables whose value are given by cpu_riscv_read_rtc_raw() should be named "rtc_r". Signed-off-by: Jason Chien <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit 9382a9eafccad8dc6a487ea3a8d2bed03dc35db9) Signed-off-by: Michael Tokarev <[email protected]>
Jason Chien authored and Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 60a7f5c - Browse repository at this point
Copy the full SHA 60a7f5cView commit details -
linux-user/riscv: Use abi type for target_ucontext
We should not use types dependend on host arch for target_ucontext. This bug is found when run rv32 applications. Signed-off-by: LIU Zhiwei <[email protected]> Reviewed-by: Richard Henderson <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit ae7d4d625cab49657b9fc2be09d895afb9bcdaf0) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 2947da7 - Browse repository at this point
Copy the full SHA 2947da7View commit details -
hw/riscv: virt: Fix riscv,pmu DT node path
On a dtb dumped from the virt machine, dt-validate complains: soc: pmu: {'riscv,event-to-mhpmcounters': [[1, 1, 524281], [2, 2, 524284], [65561, 65561, 524280], [65563, 65563, 524280], [65569, 65569, 524280]], 'compatible': ['riscv,pmu']} should not be valid under {'type': 'object'} from schema $id: http://devicetree.org/schemas/simple-bus.yaml# That's pretty cryptic, but running the dtb back through dtc produces something a lot more reasonable: Warning (simple_bus_reg): /soc/pmu: missing or empty reg/ranges property Moving the riscv,pmu node out of the soc bus solves the problem. Signed-off-by: Conor Dooley <[email protected]> Acked-by: Alistair Francis <[email protected]> Reviewed-by: Daniel Henrique Barboza <[email protected]> Message-ID: <20230727-groom-decline-2c57ce42841c@spud> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit 9ff31406312500053ecb5f92df01dd9ce52e635d) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for b822207 - Browse repository at this point
Copy the full SHA b822207View commit details -
target/riscv: fix satp_mode_finalize() when satp_mode.supported = 0
In the same emulated RISC-V host, the 'host' KVM CPU takes 4 times longer to boot than the 'rv64' KVM CPU. The reason is an unintended behavior of riscv_cpu_satp_mode_finalize() when satp_mode.supported = 0, i.e. when cpu_init() does not set satp_mode_max_supported(). satp_mode_max_from_map(map) does: 31 - __builtin_clz(map) This means that, if satp_mode.supported = 0, satp_mode_supported_max wil be '31 - 32'. But this is C, so satp_mode_supported_max will gladly set it to UINT_MAX (4294967295). After that, if the user didn't set a satp_mode, set_satp_mode_default_map(cpu) will make cfg.satp_mode.map = cfg.satp_mode.supported So satp_mode.map = 0. And then satp_mode_map_max will be set to satp_mode_max_from_map(cpu->cfg.satp_mode.map), i.e. also UINT_MAX. The guard "satp_mode_map_max > satp_mode_supported_max" doesn't protect us here since both are UINT_MAX. And finally we have 2 loops: for (int i = satp_mode_map_max - 1; i >= 0; --i) { Which are, in fact, 2 loops from UINT_MAX -1 to -1. This is where the extra delay when booting the 'host' CPU is coming from. Commit 43d1de3 already set a precedence for satp_mode.supported = 0 in a different manner. We're doing the same here. If supported == 0, interpret as 'the CPU wants the OS to handle satp mode alone' and skip satp_mode_finalize(). We'll also put a guard in satp_mode_max_from_map() to assert out if map is 0 since the function is not ready to deal with it. Cc: Alexandre Ghiti <[email protected]> Fixes: 6f23aae ("riscv: Allow user to set the satp mode") Signed-off-by: Daniel Henrique Barboza <[email protected]> Reviewed-by: Andrew Jones <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit 3a2fc23563885c219c73c8f24318921daf02f3f2) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 1d4fb58 - Browse repository at this point
Copy the full SHA 1d4fb58View commit details -
target/riscv/pmp.c: respect mseccfg.RLB for pmpaddrX changes
When the rule-lock bypass (RLB) bit is set in the mseccfg CSR, the PMP configuration lock bits must not apply. While this behavior is implemented for the pmpcfgX CSRs, this bit is not respected for changes to the pmpaddrX CSRs. This patch ensures that pmpaddrX CSR writes work even on locked regions when the global rule-lock bypass is enabled. Signed-off-by: Leon Schuermann <[email protected]> Reviewed-by: Mayuresh Chitale <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit 4e3adce1244e1ca30ec05874c3eca14911dc0825) Signed-off-by: Michael Tokarev <[email protected]>
Leon Schuermann authored and Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 7385e00 - Browse repository at this point
Copy the full SHA 7385e00View commit details -
target/riscv: Allocate itrigger timers only once
riscv_trigger_init() had been called on reset events that can happen several times for a CPU and it allocated timers for itrigger. If old timers were present, they were simply overwritten by the new timers, resulting in a memory leak. Divide riscv_trigger_init() into two functions, namely riscv_trigger_realize() and riscv_trigger_reset() and call them in appropriate timing. The timer allocation will happen only once for a CPU in riscv_trigger_realize(). Fixes: 5a4ae64 ("target/riscv: Add itrigger support when icount is enabled") Signed-off-by: Akihiko Odaki <[email protected]> Reviewed-by: Philippe Mathieu-Daudé <[email protected]> Reviewed-by: LIU Zhiwei <[email protected]> Reviewed-by: Alistair Francis <[email protected]> Message-ID: <[email protected]> Signed-off-by: Alistair Francis <[email protected]> (cherry picked from commit a7c272df82af11c568ea83921b04334791dccd5e) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for cae7dc1 - Browse repository at this point
Copy the full SHA cae7dc1View commit details -
virtio-gpu/win32: set the destroy function on load
Don't forget to unmap the resource memory. Fixes: commit 9462ff4 ("virtio-gpu/win32: allocate shareable 2d resources/images") Signed-off-by: Marc-André Lureau <[email protected]> (cherry picked from commit 04562ee88e99d71f4e6017f64123f726dd8b41e1) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for d4919bb - Browse repository at this point
Copy the full SHA d4919bbView commit details -
ui: fix crash when there are no active_console
Thread 1 "qemu-system-x86" received signal SIGSEGV, Segmentation fault. 0x0000555555888630 in dpy_ui_info_supported (con=0x0) at ../ui/console.c:812 812 return con->hw_ops->ui_info != NULL; (gdb) bt #0 0x0000555555888630 in dpy_ui_info_supported (con=0x0) at ../ui/console.c:812 #1 0x00005555558a44b1 in protocol_client_msg (vs=0x5555578c76c0, data=0x5555581e93f0 <incomplete sequence \373>, len=24) at ../ui/vnc.c:2585 #2 0x00005555558a19ac in vnc_client_read (vs=0x5555578c76c0) at ../ui/vnc.c:1607 #3 0x00005555558a1ac2 in vnc_client_io (ioc=0x5555581eb0e0, condition=G_IO_IN, opaque=0x5555578c76c0) at ../ui/vnc.c:1635 Fixes: https://issues.redhat.com/browse/RHEL-2600 Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Albert Esteve <[email protected]> (cherry picked from commit 48a35e12faf90a896c5aa4755812201e00d60316) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 8b47922 - Browse repository at this point
Copy the full SHA 8b47922View commit details -
s390x/ap: fix missing subsystem reset registration
A subsystem reset contains a reset of AP resources which has been missing. Adding the AP bridge to the list of device types that need reset fixes this issue. Reviewed-by: Jason J. Herne <[email protected]> Reviewed-by: Tony Krowiak <[email protected]> Signed-off-by: Janosch Frank <[email protected]> Fixes: a51b315 ("s390x/ap: base Adjunct Processor (AP) object model") Message-ID: <[email protected]> Signed-off-by: Thomas Huth <[email protected]> (cherry picked from commit 297ec01f0b9864ea8209ca0ddc6643b4c0574bdb) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 60da830 - Browse repository at this point
Copy the full SHA 60da830View commit details -
meson: Fix targetos match for illumos and Solaris.
qemu 8.1.0 breaks on illumos platforms due to _XOPEN_SOURCE and others no longer being set correctly, leading to breakage such as: https://us-central.manta.mnx.io/pkgsrc/public/reports/trunk/tools/20230908.1404/qemu-8.1.0/build.log This is a result of meson conversion which incorrectly matches against 'solaris' instead of 'sunos' for uname. First time submitting a patch here, hope I did it correctly. Thanks. Signed-off-by: Jonathan Perkin <[email protected]> Message-ID: <[email protected]> Cc: [email protected] Signed-off-by: Paolo Bonzini <[email protected]> (cherry picked from commit fb0a8b0e238277296907ffe765bf76874cfc1df6) Signed-off-by: Michael Tokarev <[email protected]> (Mjt: omit net/meson.build change before v8.1.0-279-g73258b3864, adjust context befor v8.1.0-288-g2fc36530de)
Configuration menu - View commit details
-
Copy full SHA for 56270e5 - Browse repository at this point
Copy the full SHA 56270e5View commit details -
tpm: fix crash when FD >= 1024 and unnecessary errors due to EINTR
Replace select() with poll() to fix a crash when QEMU has a large number of FDs. Also use RETRY_ON_EINTR to avoid unnecessary errors due to EINTR. Cc: [email protected] Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2020133 Fixes: 56a3c24 ("tpm: Probe for connected TPM 1.2 or TPM 2") Signed-off-by: Marc-André Lureau <[email protected]> Reviewed-by: Michael Tokarev <[email protected]> Reviewed-by: Stefan Berger <[email protected]> Signed-off-by: Stefan Berger <[email protected]> (cherry picked from commit 8e32ddff69b6b4547cc00592ad816484e160817a) Signed-off-by: Michael Tokarev <[email protected]>
Configuration menu - View commit details
-
Copy full SHA for 045fa84 - Browse repository at this point
Copy the full SHA 045fa84View commit details -
Update version for 8.1.1 release
Signed-off-by: Michael Tokarev <[email protected]>
Michael Tokarev committedSep 21, 2023 Configuration menu - View commit details
-
Copy full SHA for 6bb4a8a - Browse repository at this point
Copy the full SHA 6bb4a8aView commit details
Commits on Oct 1, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 6d3f109 - Browse repository at this point
Copy the full SHA 6d3f109View commit details -
Configuration menu - View commit details
-
Copy full SHA for c257946 - Browse repository at this point
Copy the full SHA c257946View commit details -
Configuration menu - View commit details
-
Copy full SHA for 03e21cb - Browse repository at this point
Copy the full SHA 03e21cbView commit details -
Configuration menu - View commit details
-
Copy full SHA for bcfc299 - Browse repository at this point
Copy the full SHA bcfc299View commit details -
Configuration menu - View commit details
-
Copy full SHA for 1fb001d - Browse repository at this point
Copy the full SHA 1fb001dView commit details -
Configuration menu - View commit details
-
Copy full SHA for 223eae4 - Browse repository at this point
Copy the full SHA 223eae4View commit details
Commits on Oct 2, 2023
-
Configuration menu - View commit details
-
Copy full SHA for 7ad74cf - Browse repository at this point
Copy the full SHA 7ad74cfView commit details -
Configuration menu - View commit details
-
Copy full SHA for 5e68c2e - Browse repository at this point
Copy the full SHA 5e68c2eView commit details -
Configuration menu - View commit details
-
Copy full SHA for a7a3b1d - Browse repository at this point
Copy the full SHA a7a3b1dView commit details