diff options
| author | Peter Maydell <peter.maydell@linaro.org> | 2024-03-20 15:05:51 +0000 |
|---|---|---|
| committer | Peter Maydell <peter.maydell@linaro.org> | 2024-03-20 15:05:51 +0000 |
| commit | a1d86c4d707ecb94524844b69a0273aa307af04f (patch) | |
| tree | 557abdeff381b12632659786991bd0fbe61c86e9 | |
| parent | 3d5befc97f8d3c2355c2271ba04c3618c4456033 (diff) | |
| parent | 05007258f02da253af370387b69fe98e9f37b320 (diff) | |
| download | qemu-a1d86c4d707ecb94524844b69a0273aa307af04f.zip qemu-a1d86c4d707ecb94524844b69a0273aa307af04f.tar.gz qemu-a1d86c4d707ecb94524844b69a0273aa307af04f.tar.bz2 | |
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* fix use-after-free issue
* fix i386 TLB issue
* fix crash with wrong -M confidential-guest-support argument
* fix NULL pointer dereference in x86 MCE injection
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmX6uvYUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroOBPgf/b9i2aQx42PeBbftlOpDlzV0q/Cqw
# PnONSOKeE4By0qzhehwYdL0e4E63u8f3yvPKBAoQrikBZS68fo4e3wCOc+CkeVfc
# lcIsoGLgIaEoKpMUdxN9+jkyjurpplG79b/LFYXVMCOENnomHV0oYeSxfOXL/L8c
# y4yvZ9C6VQSFnemqp+YyzrRad+oRD2hOuc+1RVp+3rxXprkgyfRJAtLvh73MZcvS
# CaAd2a8ajm2kmQLVv6FeqEr3fgMqbpr2Yeny3n/+T5TdTI2vEODI1JxH2VR/mzYN
# uiyWS8urQx5P99ICRSOX43WDU5SaUzVYEka8gELf3I5twDudFHtHjKieLA==
# =UFlw
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 20 Mar 2024 10:31:18 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
meson: remove dead dictionary access
tests/plugins: fix use-after-free bug
target/i386: Revert monitor_puts() in do_inject_x86_mce()
vl: do not assert if sev-guest is used together with TCG
vl: convert qemu_machine_creation_done() to Error **
target/i386: fix direction of "32-bit MMU" test
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
| -rw-r--r-- | contrib/plugins/howvec.c | 2 | ||||
| -rw-r--r-- | meson.build | 2 | ||||
| -rw-r--r-- | system/vl.c | 19 | ||||
| -rw-r--r-- | target/i386/cpu.c | 2 | ||||
| -rw-r--r-- | target/i386/cpu.h | 2 | ||||
| -rw-r--r-- | target/i386/helper.c | 2 |
6 files changed, 16 insertions, 13 deletions
diff --git a/contrib/plugins/howvec.c b/contrib/plugins/howvec.c index 2d10c87..94bbc53 100644 --- a/contrib/plugins/howvec.c +++ b/contrib/plugins/howvec.c @@ -167,9 +167,9 @@ static gint cmp_exec_count(gconstpointer a, gconstpointer b) static void free_record(gpointer data) { InsnExecCount *rec = (InsnExecCount *) data; + qemu_plugin_scoreboard_free(rec->count.score); g_free(rec->insn); g_free(rec); - qemu_plugin_scoreboard_free(rec->count.score); } static void plugin_exit(qemu_plugin_id_t id, void *p) diff --git a/meson.build b/meson.build index b375248..c9c3217 100644 --- a/meson.build +++ b/meson.build @@ -3951,7 +3951,7 @@ foreach target : target_dirs c_args: c_args, dependencies: arch_deps + deps + exe['dependencies'], objects: lib.extract_all_objects(recursive: true), - link_depends: [block_syms, qemu_syms] + exe.get('link_depends', []), + link_depends: [block_syms, qemu_syms], link_args: link_args, win_subsystem: exe['win_subsystem']) diff --git a/system/vl.c b/system/vl.c index 70f4cec..c644222 100644 --- a/system/vl.c +++ b/system/vl.c @@ -2653,7 +2653,7 @@ static void qemu_create_cli_devices(void) rom_reset_order_override(); } -static void qemu_machine_creation_done(void) +static bool qemu_machine_creation_done(Error **errp) { MachineState *machine = MACHINE(qdev_get_machine()); @@ -2676,15 +2676,15 @@ static void qemu_machine_creation_done(void) qdev_machine_creation_done(); - if (machine->cgs) { - /* - * Verify that Confidential Guest Support has actually been initialized - */ - assert(machine->cgs->ready); + if (machine->cgs && !machine->cgs->ready) { + error_setg(errp, "accelerator does not support confidential guest %s", + object_get_typename(OBJECT(machine->cgs))); + exit(1); } if (foreach_device_config(DEV_GDB, gdbserver_start) < 0) { - exit(1); + error_setg(errp, "could not start gdbserver"); + return false; } if (!vga_interface_created && !default_vga && vga_interface_type != VGA_NONE) { @@ -2692,6 +2692,7 @@ static void qemu_machine_creation_done(void) "type does not use that option; " "No VGA device has been created"); } + return true; } void qmp_x_exit_preconfig(Error **errp) @@ -2703,7 +2704,9 @@ void qmp_x_exit_preconfig(Error **errp) qemu_init_board(); qemu_create_cli_devices(); - qemu_machine_creation_done(); + if (!qemu_machine_creation_done(errp)) { + return; + } if (loadvm) { RunState state = autostart ? RUN_STATE_RUNNING : runstate_get(); diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 9a210d8..33760a2 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -7735,7 +7735,7 @@ static bool x86_cpu_has_work(CPUState *cs) static int x86_cpu_mmu_index(CPUState *cs, bool ifetch) { CPUX86State *env = cpu_env(cs); - int mmu_index_32 = (env->hflags & HF_CS64_MASK) ? 1 : 0; + int mmu_index_32 = (env->hflags & HF_CS64_MASK) ? 0 : 1; int mmu_index_base = (env->hflags & HF_CPL_MASK) == 3 ? MMU_USER64_IDX : !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP64_IDX : diff --git a/target/i386/cpu.h b/target/i386/cpu.h index 952174b..6b05738 100644 --- a/target/i386/cpu.h +++ b/target/i386/cpu.h @@ -2334,7 +2334,7 @@ static inline bool is_mmu_index_32(int mmu_index) static inline int cpu_mmu_index_kernel(CPUX86State *env) { - int mmu_index_32 = (env->hflags & HF_LMA_MASK) ? 1 : 0; + int mmu_index_32 = (env->hflags & HF_LMA_MASK) ? 0 : 1; int mmu_index_base = !(env->hflags & HF_SMAP_MASK) ? MMU_KNOSMAP64_IDX : ((env->hflags & HF_CPL_MASK) < 3 && (env->eflags & AC_MASK)) ? MMU_KNOSMAP64_IDX : MMU_KSMAP64_IDX; diff --git a/target/i386/helper.c b/target/i386/helper.c index 2070dd0..23ccb23 100644 --- a/target/i386/helper.c +++ b/target/i386/helper.c @@ -430,7 +430,7 @@ static void do_inject_x86_mce(CPUState *cs, run_on_cpu_data data) if (need_reset) { emit_guest_memory_failure(MEMORY_FAILURE_ACTION_RESET, ar, recursive); - monitor_puts(params->mon, msg); + monitor_printf(params->mon, "%s", msg); qemu_log_mask(CPU_LOG_RESET, "%s\n", msg); qemu_system_reset_request(SHUTDOWN_CAUSE_GUEST_RESET); return; |