aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2022-07-29qapi: Add exit-failure PanicActionIlya Leoshkevich5-9/+23
Currently QEMU exits with code 0 on both panic an shutdown. For tests it is useful to return 1 on panic, so that it counts as a test failure. Introduce a new exit-failure PanicAction that makes main() return EXIT_FAILURE. Tests can use -action panic=exit-failure option to activate this behavior. Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: David Hildenbrand <david@redhat.com> Message-Id: <20220725223746.227063-2-iii@linux.ibm.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2022-07-29semihosting: Fix handling of buffer in TARGET_SYS_TMPNAMPeter Maydell1-2/+11
The TARGET_SYS_TMPNAM implementation has two bugs spotted by Coverity: * confusion about whether 'len' has the length of the string including or excluding the terminating NUL means we lock_user() len bytes of memory but memcpy() len + 1 bytes * In the error-exit cases we forget to free() the buffer that asprintf() returned to us Resolves: Coverity CID 1490285, 1490289 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-5-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-10-alex.bennee@linaro.org>
2022-07-29semihosting: Check for errors on SET_ARG()Peter Maydell1-3/+13
The SET_ARG() macro returns an error indication; we check this in the TARGET_SYS_GET_CMDLINE case but not when we use it in implementing TARGET_SYS_ELAPSED. Check for and handle the errors via the do_fault codepath, and update the comment documenting the SET_ARG() and GET_ARG() macros to note how they handle memory access errors. Resolves: Coverity CID 1490287 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-4-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-9-alex.bennee@linaro.org>
2022-07-29semihosting: Don't copy buffer after console_write()Peter Maydell1-1/+1
The console_write() semihosting function outputs guest data from a buffer; it doesn't update that buffer. It therefore doesn't need to pass a length value to unlock_user(), but can pass 0, meaning "do not copy any data back to the guest memory". Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-3-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-8-alex.bennee@linaro.org>
2022-07-29semihosting: Don't return negative values on ↵Peter Maydell1-1/+2
qemu_semihosting_console_write() failure The documentation comment for qemu_semihosting_console_write() says * Returns: number of bytes written -- this should only ever be short * on some sort of i/o error. and the callsites rely on this. However, the implementation code path which sends console output to a chardev doesn't honour this, and will return negative values on error. Bring it into line with the other implementation codepaths and the documentation, so that it returns 0 on error. Spotted by Coverity, because console_write() passes the return value to unlock_user(), which doesn't accept a negative length. Resolves: Coverity CID 1490288 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220719121110.225657-2-peter.maydell@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220725140520.515340-7-alex.bennee@linaro.org>
2022-07-29.gitlab-ci.d/windows.yml: Enable native Windows symlinkBin Meng1-0/+2
The following error message was seen during the configure: "ln: failed to create symbolic link 'x86_64-softmmu/qemu-system-x86_64.exe': No such file or directory" By default the MSYS environment variable is not defined, so the runtime behavior of winsymlinks is: if <target> does not exist, 'ln -s' fails. At the configure phase, the qemu-system-x86_64.exe has not been built so creation of the symbolic link fails hence the error message. Set winsymlinks to 'native' whose behavior is most similar to the behavior of 'ln -s' on *nix, that is: a) if native symlinks are enabled, and whether <target> exists or not, creates <destination> as a native Windows symlink; b) else if native symlinks are not enabled, and whether <target> exists or not, 'ln -s' creates as a Windows shortcut file. Signed-off-by: Bin Meng <bin.meng@windriver.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725123000.807608-1-bmeng.cn@gmail.com> Message-Id: <20220725140520.515340-6-alex.bennee@linaro.org>
2022-07-29.cirrus.yml: Change winsymlinks to 'native'Bin Meng1-1/+1
At present winsymlinks is set to 'nativestrict', and its behavior is: a) if native symlinks are enabled and <target> exists, creates <destination> as a native Windows symlink; b) else if native symlinks are not enabled or if <target> does not exist, 'ln -s' fails. This causes the following error message was seen during the configure: "ln: failed to create symbolic link 'x86_64-softmmu/qemu-system-x86_64.exe': No such file or directory" Change winsymlinks to 'native' whose behavior is most similar to the behavior of 'ln -s' on *nix, that is: a) if native symlinks are enabled, and whether <target> exists or not, creates <destination> as a native Windows symlink; b) else if native symlinks are not enabled, and whether <target> exists or not, 'ln -s' creates as a Windows shortcut file. Signed-off-by: Bin Meng <bin.meng@windriver.com> Acked-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Yonggang Luo <luoyonggang@gmail.com> Message-Id: <20220719161230.766063-1-bmeng.cn@gmail.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-5-alex.bennee@linaro.org>
2022-07-29gitlab: drop 'containers-layer2' stageDaniel P. Berrangé2-13/+12
Since we express dependencies via a 'needs' clause, we don't need to split container builds into separate stages. GitLab happily lets jobs depend on other jobs in the same stage and will run them when possible. Acked-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220722130431.2319019-4-berrange@redhat.com> [AJB: fix typo] Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20220725140520.515340-4-alex.bennee@linaro.org>
2022-07-29gitlab: show testlog.txt contents when cirrus/custom-runner jobs failDaniel P. Berrangé5-1/+30
When tests fail meson just displays a summary and tells you to look at the testlog.txt file for details. The native jobs on shared runners publish testlog.txt as an artifact. For the Cirrus jobs and custom runner jobs this is not currently possible. The best we can do is cat the log contents on failure, to give maintainers a fighting chance of diagnosing the problem. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220722130431.2319019-3-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220725140520.515340-3-alex.bennee@linaro.org>
2022-07-29tests: refresh to latest libvirt-ci moduleDaniel P. Berrangé19-18/+40
Notable changes: - libvirt-ci source tree was re-arranged, so the script we run now lives in a bin/ sub-dir - opensuse 15.2 is replaced by opensuse 15.3 - libslirp is temporarily dropped on opensuse as the libslirp-version.h is broken https://bugzilla.opensuse.org/show_bug.cgi?id=1201551 - The incorrectly named python3-virtualenv module was changed to python3-venv, but most distros don't need any package as 'venv' is a standard part of python - glibc-static was renamed to libc-static, to reflect fact that it isn't going to be glibc on all distros - The cmocka/json-c deps that were manually added to the centos dockerfile and are now consistently added to all targets Acked-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com> Message-Id: <20220722130431.2319019-2-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Acked-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220725140520.515340-2-alex.bennee@linaro.org>
2022-07-28Merge tag 'pull-ppc-20220728' of https://gitlab.com/danielhb/qemu into stagingRichard Henderson4-13/+109
ppc patch queue for 2022-07-28: Short queue with 2 Coverity fixes and one fix of the 'wait' insns that is causing hangs if the guest kernel uses the most up to date wait opcode. - target/ppc: - implement new wait variants to fix guest hang when using the new opcode - ppc440_uc: initialize length passed to cpu_physical_memory_map() - spapr_nvdimm: check if spapr_drc_index() returns NULL # -----BEGIN PGP SIGNATURE----- # # iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYuK8VgAKCRA82cqW3gMx # ZOc7AQDPMsFY9NHNqJ3O0MiX4Qoy8IGUreZ9dzZSS3zT1nxtEAD+Lwl0/aGO+dk+ # +NiIO80A5Agy/0g8PHie4qR3EqHEnwA= # =Q4eR # -----END PGP SIGNATURE----- # gpg: Signature made Thu 28 Jul 2022 09:41:58 AM PDT # gpg: using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164 # gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 17EB FF99 23D0 1800 AF28 3819 3CD9 CA96 DE03 3164 * tag 'pull-ppc-20220728' of https://gitlab.com/danielhb/qemu: target/ppc: Implement new wait variants hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map() hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.c Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-28target/ppc: Implement new wait variantsNicholas Piggin2-8/+91
ISA v2.06 adds new variations of wait, specified by the WC field. These are not all compatible with the prior wait implementation, because they add additional conditions that cause the processor to resume, which can cause software to hang or run very slowly. At this moment, with the current wait implementation and a pseries guest using mainline kernel with new wait upcodes [1], QEMU hangs during boot if more than one CPU is present: qemu-system-ppc64 -M pseries,x-vof=on -cpu POWER10 -smp 2 -nographic -kernel zImage.pseries -no-reboot QEMU will exit (as there's no filesystem) if the test "passes", or hang during boot if it hits the bug. ISA v3.0 changed the wait opcode and removed the new variants (retaining the WC field but making non-zero values reserved). ISA v3.1 added new WC values to the new wait opcode, and added a PL field. This patch implements the new wait encoding and supports WC variants with no-op implementations, which provides basic correctness as explained in comments. [1] https://lore.kernel.org/all/20220720132132.903462-1-npiggin@gmail.com/ Signed-off-by: Nicholas Piggin <npiggin@gmail.com> Reviewed-by: Víctor Colombo <victor.colombo@eldorado.org.br> Tested-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Message-Id: <20220720133352.904263-1-npiggin@gmail.com> [danielhb: added information about the bug being fixed] Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28hw/ppc/ppc440_uc: Initialize length passed to cpu_physical_memory_map()Peter Maydell1-1/+4
In dcr_write_dma(), there is code that uses cpu_physical_memory_map() to implement a DMA transfer. That function takes a 'plen' argument, which points to a hwaddr which is used for both input and output: the caller must set it to the size of the range it wants to map, and on return it is updated to the actual length mapped. The dcr_write_dma() code fails to initialize rlen and wlen, so will end up mapping an unpredictable amount of memory. Initialize the length values correctly, and check that we managed to map the entire range before using the fast-path memmove(). This was spotted by Coverity, which points out that we never initialized the variables before using them. Fixes: Coverity CID 1487137, 1487150 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220726182341.1888115-2-peter.maydell@linaro.org> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28hw/ppc: check if spapr_drc_index() returns NULL in spapr_nvdimm.cDaniel Henrique Barboza1-4/+14
spapr_nvdimm_flush_completion_cb() and flush_worker_cb() are using the DRC object returned by spapr_drc_index() without checking it for NULL. In this case we would be dereferencing a NULL pointer when doing SPAPR_NVDIMM(drc->dev) and PC_DIMM(drc->dev). This can happen if, during a scm_flush(), the DRC object is wrongly freed/released (e.g. a bug in another part of the code). spapr_drc_index() would then return NULL in the callbacks. Fixes: Coverity CID 1487108, 1487178 Reviewed-by: Greg Kurz <groug@kaod.org> Message-Id: <20220409200856.283076-2-danielhb413@gmail.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2022-07-28Merge tag 'pull-riscv-to-apply-20220728' of github.com:alistair23/qemu into ↵Richard Henderson2-7/+2
staging Sixth RISC-V PR for QEMU 7.1 This is a PR to go in for RC1. It fixes a segfault that occurs when using multiple sockets on the RISC-V virt board. It also includes a small fix to allow both Zmmul and M extensions. * Allow both Zmmul and M extension * Fix multi-socket plic configuraiton # -----BEGIN PGP SIGNATURE----- # # iQEzBAABCAAdFiEE9sSsRtSTSGjTuM6PIeENKd+XcFQFAmLh33AACgkQIeENKd+X # cFROBQf/QFxHsIX9clpAkHmK220efQ3rjHZtdCqQoCeRZp2EytFS9KZ6iae/BM9r # 3Z8cZci38kxjqTzsYJLj46yNO3AxHoFsDH41yWTMOsxjVWVlno/06R/C1B4Ek37N # kZXWKHzqfQvZRJIUAjKfVxaLtw9xRI9xYqWxVngdYSoW3HWHHz5UmA6fFoJ29QiZ # SKEgxhakrqhvN9GMm1aWGkLN10uD5lFWOBMYdqMVcWq48XSP3Df5FU2Xk0sfegXq # EqbIYKJL/Q6koyvmdpQz7VmtMAGjMTcmozEH8oN/MuCk7MCLmbloWVl+LF39SeTH # 3amapiJBtYBOwaNZUpb5TZkv/bEDIw== # =ip1R # -----END PGP SIGNATURE----- # gpg: Signature made Wed 27 Jul 2022 05:59:28 PM PDT # gpg: using RSA key F6C4AC46D4934868D3B8CE8F21E10D29DF977054 # gpg: Good signature from "Alistair Francis <alistair@alistair23.me>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: F6C4 AC46 D493 4868 D3B8 CE8F 21E1 0D29 DF97 7054 * tag 'pull-riscv-to-apply-20220728' of github.com:alistair23/qemu: hw/intc: sifive_plic: Fix multi-socket plic configuraiton RISC-V: Allow both Zmmul and M Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-27Merge tag 'pull-block-2022-07-27' of https://gitlab.com/vsementsov/qemu into ↵Richard Henderson3-3/+49
staging Block: fix parallels block driver # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCgAdFiEEi5wmzbL9FHyIDoahVh8kwfGfefsFAmLhi0cACgkQVh8kwfGf # efs1Dg/7BwbaJu5uZEGhz3+KBRPk5kdYKX60bOojac27pBTVo4OyiP7QFzBt4c6+ # 4yftT2vD7yTyzKANlmIYBvmjoIEw6eB09gJ5/mnUKgxTAS+thKo0e2v1zdncliy+ # h9SEYRT3RhlePJYSssZx8lW4gfCG2JZi5xSjfqbG50X7I8RgDtMmcj7EUwkvCkaI # WL3iZIuYPxkfFwbQ/6xVmwc6uE97tWom9Z0iyEgFIhtFGlrgV3zJrDJ2CbOXIbi+ # 9c2j4zmnMUZLwtdT2CFwyvO03iU8eMJxqnt4aSyByOAd/rqko+ugHeE53eZkND0Q # ci4bFq9XjgxOSsIqHXemIEUnuExhMuw5i7dtwR8w7K5Kwc88/44GTUgCZrPnBLx2 # smGX0g7BiCpNYXA8DkquOsUQf8cS67M3rjdTB6SiMo0KuQHe5O0RDQAwu7f+hnTw # vEyo8dk4xGqUvqYcOpLLBHDis1lghWwseC5gB/M6Q+KqvDF4WDpIWwPLfR1phJ0L # kA1M9QO+NAcUtLEuT7N22QU8LMTxAX/hSYpR5Jrt5g3R26h7w7VZEvJbpQaytXTY # VhDVWAGg9Xn3oxGTEyVqGP3Avik9OeoK9gCFiIyTEOL1jfEXqOsX8V6QkpaKP6c+ # WXWiWfV9A9D7O556Z92hUeDuWhQKb2w1dry2e7DPeSWiUmgHtyY= # =QfFj # -----END PGP SIGNATURE----- # gpg: Signature made Wed 27 Jul 2022 12:00:23 PM PDT # gpg: using RSA key 8B9C26CDB2FD147C880E86A1561F24C1F19F79FB # gpg: Good signature from "Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>" [unknown] # gpg: aka "Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 8B9C 26CD B2FD 147C 880E 86A1 561F 24C1 F19F 79FB * tag 'pull-block-2022-07-27' of https://gitlab.com/vsementsov/qemu: iotests/131: Add parallels regression test block/parallels: Fix buffer-based write call Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-28hw/intc: sifive_plic: Fix multi-socket plic configuraitonAtish Patra1-2/+2
Since commit 40244040a7ac, multi-socket configuration with plic is broken as the hartid for second socket is calculated incorrectly. The hartid stored in addr_config already includes the offset for the base hartid for that socket. Adding it again would lead to segfault while creating the plic device for the virt machine. qdev_connect_gpio_out was also invoked with incorrect number of gpio lines. Fixes: 40244040a7ac (hw/intc: sifive_plic: Avoid overflowing the addr_config buffer) Signed-off-by: Atish Patra <atishp@rivosinc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20220723090335.671105-1-atishp@rivosinc.com> [ Changes by AF: - Change the qdev_connect_gpio_out() numbering ] Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-07-27RISC-V: Allow both Zmmul and MPalmer Dabbelt1-5/+0
We got to talking about how Zmmul and M interact with each other https://github.com/riscv/riscv-isa-manual/issues/869 , and it turns out that QEMU's behavior is slightly wrong: having Zmmul and M is a legal combination, it just means that the multiplication instructions are supported even when M is disabled at runtime via misa. This just stops overriding M from Zmmul, with that the other checks for the multiplication instructions work as per the ISA. Signed-off-by: Palmer Dabbelt <palmer@rivosinc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20220714180033.22385-1-palmer@rivosinc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2022-07-26Update version for v7.1.0-rc0 releasev7.1.0-rc0Richard Henderson1-1/+1
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-26Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu ↵Richard Henderson16-107/+258
into staging pc,virtio: fixes Several fixes. From now on, regression fixes only. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmLgQr8PHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRpGUUIAKtNhrnKopGm4LlRpx8zN3Jc1Jo0nb648gaM # Oyi+Pl8+hpESUhaWN10XDk38/QuPQfIFeR2ZhfYjFTRlZE+n3X9LVlwL8ejjP8KH # AcWm78Ff/SLA45aMKMmw74pvEDNsoPYTp7TrfeIej5ub8BIXr8+8pqDdIR9WwtWO # PbhLNXkTT2yLEs6jCVT4/dyh7zivSkrY7G/RVmtUaFe3PgY8fdW2z3+Txz7UIMgw # CQoGuAucCO5ToBbs2CbT0V5yxY6G5VO6Qd8g0PzDW4M6GsY/Xr5QCnyJe0jTW0d6 # Dcc7UZFAzGNzyQCxHCic9xwTO+ZcJPJlH5TwknunxOb9xwCx4Qs= # =zN41 # -----END PGP SIGNATURE----- # gpg: Signature made Tue 26 Jul 2022 12:38:39 PM PDT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu: hw/virtio/virtio-iommu: Enforce power-of-two notify for both MAP and UNMAP i386/pc: restrict AMD only enforcing of 1Tb hole to new machine type i386/pc: relocate 4g start to 1T where applicable i386/pc: bounds check phys-bits against max used GPA i386/pc: factor out device_memory base/size to helper i386/pc: handle unitialized mr in pc_get_cxl_range_end() i386/pc: factor out cxl range start to helper i386/pc: factor out cxl range end to helper i386/pc: factor out above-4g end to an helper i386/pc: pass pci_hole64_size to pc_memory_init() i386/pc: create pci-host qdev prior to pc_memory_init() hw/i386: add 4g boundary start to X86MachineState hw/cxl: Fix size of constant in interleave granularity function. hw/i386/pc: Always place CXL Memory Regions after device_memory hw/machine: Clear out left over CXL related pointer from move of state handling to machines. acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug() Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-26hw/virtio/virtio-iommu: Enforce power-of-two notify for both MAP and UNMAPJean-Philippe Brucker1-19/+28
Currently we only enforce power-of-two mappings (required by the QEMU notifier) for UNMAP requests. A MAP request not aligned on a power-of-two may be successfully handled by VFIO, and then the corresponding UNMAP notify will fail because it will attempt to split that mapping. Ensure MAP and UNMAP notifications are consistent. Fixes: dde3f08b5cab ("virtio-iommu: Handle non power of 2 range invalidations") Reported-by: Tina Zhang <tina.zhang@intel.com> Signed-off-by: Jean-Philippe Brucker <jean-philippe@linaro.org> Message-Id: <20220718135636.338264-1-jean-philippe@linaro.org> Tested-by: Tina Zhang <tina.zhang@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26iotests/131: Add parallels regression testHanna Reitz2-1/+47
Test an allocating write to a parallels image that has a backing node. Before HEAD^, doing so used to give me a failed assertion (when the backing node contains only `42` bytes; the results varies with the value chosen, for `0` bytes, for example, all I get is EIO). Signed-off-by: Hanna Reitz <hreitz@redhat.com> Reviewed-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Message-Id: <20220714132801.72464-3-hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
2022-07-26block/parallels: Fix buffer-based write callHanna Reitz1-2/+2
Commit a4072543ccdddbd241d5962d9237b8b41fd006bf has changed the I/O here from working on a local one-element I/O vector to just using the buffer directly (using the bdrv_co_pread()/bdrv_co_pwrite() helper functions introduced shortly before). However, it only changed the bdrv_co_preadv() call to bdrv_co_pread() - the subsequent bdrv_co_pwritev() call stayed this way, and so still expects a QEMUIOVector pointer instead of a plain buffer. We must change that to be a bdrv_co_pwrite() call. Fixes: a4072543ccdddbd241d5962d ("block/parallels: use buffer-based io") Signed-off-by: Hanna Reitz <hreitz@redhat.com> Reviewed-by: Denis V. Lunev <den@openvz.org> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Message-Id: <20220714132801.72464-2-hreitz@redhat.com> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
2022-07-26Merge tag 'pull-target-arm-20220726' of ↵Richard Henderson5-20/+17
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * Update Coverity component definitions * target/arm: Add MO_128 entry to pred_esz_masks[] * configure: Fix portability issues * hw/display/bcm2835_fb: Fix framebuffer allocation address # -----BEGIN PGP SIGNATURE----- # # iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmLgBfkZHHBldGVyLm1h # eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3vFdD/wLVC2gJ4Uxt2Ri5vutF6fl # RKTNiIhcE/XQNUogQiVIERYJJ9CUOALtg3q/SPCItq0nFgNG4h+sB7Ms+VcYVmNd # iphbYBF4nFXYsAGlYIiAPU4I5SVnL4ORLMovRmlqMGYO/xlWe4LMIIOI+Iky4z9G # pgho7n0yuKNPwikFdX1nKH2lYvoh9pn/p8buwre4qg6z/p4XssV295NAWeGvynab # Sj9cmBvQC9ijKADvWXrfaGbHWQCAOwjRI7su/Ky0QGHjEprBpyCC8QtKEPP0flTh # ffWCPX/pATwkbOH6m7rVFhIpI0r+6UQaDX/5SWruMNRto6WocNbX3JYT4XzdNln9 # nkVTgqn5PTzfd801RmfhJ/iGV2zf3ZE/Entj3n1RrpxI1gb56Q2tFghJNVgnL4Mq # eBeODhPUJRqOd2dIcFKQbRhQs4Uaonu4V6QM+F7SekdV7VbU5VbJzB/9IvCkpNJo # TqHDLp3makEabonal2gucmhxon7+C+4NXv+YMzTQbG2g/lVa4kmXehEA5BDcFScE # XYKBEXkWsabV2IRVaZybu+0qkD+2PNtWQP3iAqOX8RPCGKieu4fbDTbzaPJAPNTb # OBgDnzO3tukwI1upHQDIuO06poGfwMjJGKR4IZgCphTzNO7AtzUBFR96wmoaJGfq # t7VO2lnKf5tGPifFTi/egg== # =SWMq # -----END PGP SIGNATURE----- # gpg: Signature made Tue 26 Jul 2022 08:19:21 AM PDT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] * tag 'pull-target-arm-20220726' of https://git.linaro.org/people/pmaydell/qemu-arm: hw/display/bcm2835_fb: Fix framebuffer allocation address configure: Avoid '==' bashism configure: Drop dead code attempting to use -msmall-data on alpha hosts configure: Don't use bash-specific string-replacement syntax configure: Add braces to clarify intent of $emu[[:space:]] configure: Add missing POSIX-required space target/arm: Add MO_128 entry to pred_esz_masks[] scripts/coverity-scan/COMPONENTS.md: Update slirp component info scripts/coverity-scan/COMPONENTS.md: Add loongarch component Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-07-26i386/pc: restrict AMD only enforcing of 1Tb hole to new machine typeJoao Martins4-2/+7
The added enforcing is only relevant in the case of AMD where the range right before the 1TB is restricted and cannot be DMA mapped by the kernel consequently leading to IOMMU INVALID_DEVICE_REQUEST or possibly other kinds of IOMMU events in the AMD IOMMU. Although, there's a case where it may make sense to disable the IOVA relocation/validation when migrating from a non-amd-1tb-aware qemu to one that supports it. Relocating RAM regions to after the 1Tb hole has consequences for guest ABI because we are changing the memory mapping, so make sure that only new machine enforce but not older ones. Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-12-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26i386/pc: relocate 4g start to 1T where applicableJoao Martins1-0/+54
It is assumed that the whole GPA space is available to be DMA addressable, within a given address space limit, except for a tiny region before the 4G. Since Linux v5.4, VFIO validates whether the selected GPA is indeed valid i.e. not reserved by IOMMU on behalf of some specific devices or platform-defined restrictions, and thus failing the ioctl(VFIO_DMA_MAP) with -EINVAL. AMD systems with an IOMMU are examples of such platforms and particularly may only have these ranges as allowed: 0000000000000000 - 00000000fedfffff (0 .. 3.982G) 00000000fef00000 - 000000fcffffffff (3.983G .. 1011.9G) 0000010000000000 - ffffffffffffffff (1Tb .. 16Pb[*]) We already account for the 4G hole, albeit if the guest is big enough we will fail to allocate a guest with >1010G due to the ~12G hole at the 1Tb boundary, reserved for HyperTransport (HT). [*] there is another reserved region unrelated to HT that exists in the 256T boundary in Fam 17h according to Errata #1286, documeted also in "Open-Source Register Reference for AMD Family 17h Processors (PUB)" When creating the region above 4G, take into account that on AMD platforms the HyperTransport range is reserved and hence it cannot be used either as GPAs. On those cases rather than establishing the start of ram-above-4g to be 4G, relocate instead to 1Tb. See AMD IOMMU spec, section 2.1.2 "IOMMU Logical Topology", for more information on the underlying restriction of IOVAs. After accounting for the 1Tb hole on AMD hosts, mtree should look like: 0000000000000000-000000007fffffff (prio 0, i/o): alias ram-below-4g @pc.ram 0000000000000000-000000007fffffff 0000010000000000-000001ff7fffffff (prio 0, i/o): alias ram-above-4g @pc.ram 0000000080000000-000000ffffffffff If the relocation is done or the address space covers it, we also add the the reserved HT e820 range as reserved. Default phys-bits on Qemu is TCG_PHYS_ADDR_BITS (40) which is enough to address 1Tb (0xff ffff ffff). On AMD platforms, if a ram-above-4g relocation is attempted and the CPU wasn't configured with a big enough phys-bits, an error message will be printed due to the maxphysaddr vs maxusedaddr check previously added. Suggested-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-11-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26i386/pc: bounds check phys-bits against max used GPAJoao Martins1-0/+27
Calculate max *used* GPA against the CPU maximum possible address and error out if the former surprasses the latter. This ensures max used GPA is reacheable by configured phys-bits. Default phys-bits on Qemu is TCG_PHYS_ADDR_BITS (40) which is enough for the CPU to address 1Tb (0xff ffff ffff) or 1010G (0xfc ffff ffff) in AMD hosts with IOMMU. This is preparation for AMD guests with >1010G, where it will want relocate ram-above-4g to be after 1Tb instead of 4G. Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-10-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26i386/pc: factor out device_memory base/size to helperJoao Martins1-15/+31
Move obtaining hole64_start from device_memory memory region base/size into an helper alongside correspondent getters in pc_memory_init() when the hotplug range is unitialized. While doing that remove the memory region based logic from this newly added helper. This is the final step that allows pc_pci_hole64_start() to be callable at the beginning of pc_memory_init() before any memory regions are initialized. Cc: Jonathan Cameron <jonathan.cameron@huawei.com> Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-9-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26i386/pc: handle unitialized mr in pc_get_cxl_range_end()Joao Martins1-10/+8
Remove pc_get_cxl_range_end() dependency on the CXL memory region, and replace with one that does not require the CXL host_mr to determine the start of CXL start. This in preparation to allow pc_pci_hole64_start() to be called early in pc_memory_init(), handle CXL memory region end when its underlying memory region isn't yet initialized. Cc: Jonathan Cameron <jonathan.cameron@huawei.com> Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Message-Id: <20220719170014.27028-8-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Igor Mammedov <imammedo@redhat.com>
2022-07-26i386/pc: factor out cxl range start to helperJoao Martins1-7/+17
Factor out the calculation of the base address of the memory region. It will be used later on for the cxl range end counterpart calculation and as well in pc_memory_init() CXL memory region initialization, thus avoiding duplication. Cc: Jonathan Cameron <jonathan.cameron@huawei.com> Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-7-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26i386/pc: factor out cxl range end to helperJoao Martins1-10/+21
Move calculation of CXL memory region end to separate helper. This is in preparation to a future change that removes CXL range dependency on the CXL memory region, with the goal of allowing pc_pci_hole64_start() to be called before any memory region are initialized. Cc: Jonathan Cameron <jonathan.cameron@huawei.com> Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-6-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26i386/pc: factor out above-4g end to an helperJoao Martins1-15/+14
There's a couple of places that seem to duplicate this calculation of RAM size above the 4G boundary. Move all those to a helper function. Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-5-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26i386/pc: pass pci_hole64_size to pc_memory_init()Joao Martins4-4/+19
Use the pre-initialized pci-host qdev and fetch the pci-hole64-size into pc_memory_init() newly added argument. Use PCI_HOST_PROP_PCI_HOLE64_SIZE pci-host property for fetching pci-hole64-size. This is in preparation to determine that host-phys-bits are enough and for pci-hole64-size to be considered to relocate ram-above-4g to be at 1T (on AMD platforms). Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-4-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26i386/pc: create pci-host qdev prior to pc_memory_init()Joao Martins4-9/+12
At the start of pc_memory_init() we usually pass a range of 0..UINT64_MAX as pci_memory, when really its 2G (i440fx) or 32G (q35). To get the real user value, we need to get pci-host passed property for default pci_hole64_size. Thus to get that, create the qdev prior to memory init to better make estimations on max used/phys addr. This is in preparation to determine that host-phys-bits are enough and also for pci-hole64-size to be considered to relocate ram-above-4g to be at 1T (on AMD platforms). Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-3-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26hw/i386: add 4g boundary start to X86MachineStateJoao Martins5-7/+12
Rather than hardcoding the 4G boundary everywhere, introduce a X86MachineState field @above_4g_mem_start and use it accordingly. This is in preparation for relocating ram-above-4g to be dynamically start at 1T on AMD platforms. Signed-off-by: Joao Martins <joao.m.martins@oracle.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20220719170014.27028-2-joao.m.martins@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26hw/cxl: Fix size of constant in interleave granularity function.Jonathan Cameron1-1/+1
Whilst the interleave granularity is always small enough that this isn't a real problem (much less than 4GiB) let's change the constant to ULL to fix the coverity warning. Reported-by: Peter Maydell <peter.maydell@linaro.org> Fixes: 829de299d1 ("hw/cxl/component: Add utils for interleave parameter encoding/decoding") Fixes: Coverity CID 1488868 Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20220701132300.2264-4-Jonathan.Cameron@huawei.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26hw/i386/pc: Always place CXL Memory Regions after device_memoryJonathan Cameron1-4/+2
Previously broken_reserved_end was taken into account, but Igor Mammedov identified that this could lead to a clash between potential RAM being mapped in the region and CXL usage. Hence always add the size of the device_memory memory region. This only affects the case where the broken_reserved_end flag was set. Fixes: 6e4e3ae936e6 ("hw/cxl/component: Implement host bridge MMIO (8.2.5, table 142)") Reported-by: Igor Mammedov <imammedo@redhat.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20220701132300.2264-3-Jonathan.Cameron@huawei.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26hw/machine: Clear out left over CXL related pointer from move of state ↵Jonathan Cameron1-1/+0
handling to machines. This got left behind in the move of the CXL setup code from core files to the machines that support it. Link: https://gitlab.com/qemu-project/qemu/-/commit/1ebf9001fb2701e3c00b401334c8f3900a46adaa Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20220701132300.2264-2-Jonathan.Cameron@huawei.com> Acked-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26acpi/nvdimm: Define trace events for NVDIMM and substitute nvdimm_debug()Robert Hoo3-27/+29
Signed-off-by: Robert Hoo <robert.hu@linux.intel.com> Reviewed-by: Jingqi Liu <jingqi.liu@intel.com> Message-Id: <20220704085852.330005-1-robert.hu@linux.intel.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2022-07-26hw/display/bcm2835_fb: Fix framebuffer allocation addressAlan Jian1-2/+1
This patch fixes the dedicated framebuffer mailbox interface by removing an unneeded offset. This means that we pick the framebuffer address in the same way that we do if the guest code uses the buffer allocate mechanism of the bcm2835_property interface (case 0x00040001: /* Allocate buffer */ in bcm2835_property.c). The documentation of this mailbox interface doesn't say anything about using parts of the request buffer address to affect the chosen framebuffer address: https://github.com/raspberrypi/firmware/wiki/Mailbox-framebuffer-interface Some baremetal applications like the Screen01/Screen02 examples from Baking Pi tutorial[1] didn't work before this patch. [1] https://www.cl.cam.ac.uk/projects/raspberrypi/tutorials/os/screen01.html Signed-off-by: Alan Jian <alanjian85@outlook.com> Message-id: 20220725145838.8412-1-alanjian85@outlook.com [PMM: tweaked commit message] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-26configure: Avoid '==' bashismPeter Maydell1-1/+1
The '==' operator to test is a bashism; the standard way to copmare strings is '='. This causes dash to complain: ../../configure: 681: test: linux: unexpected operator Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 20220720152631.450903-6-peter.maydell@linaro.org
2022-07-26configure: Drop dead code attempting to use -msmall-data on alpha hostsPeter Maydell1-7/+0
In commit 823eb013452e93d we moved the setting of ARCH from configure to meson.build, but we accidentally left behind one attempt to use $ARCH in configure, which was trying to add -msmall-data to the compiler flags on Alpha hosts. Since ARCH is now never set, the test always fails and we never add the flag. There isn't actually any need to use this compiler flag on Alpha: the original intent was that it would allow us to simplify our TCG codegen on that platform, but we never actually made the TCG changes that would rely on -msmall-data. Drop the effectively-dead code from configure, as we don't need it. This was spotted by shellcheck: In ./configure line 2254: case "$ARCH" in ^---^ SC2153: Possible misspelling: ARCH may not be assigned, but arch is. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 20220720152631.450903-5-peter.maydell@linaro.org
2022-07-26configure: Don't use bash-specific string-replacement syntaxPeter Maydell1-3/+4
The variable string-replacement syntax ${var/old/new} is a bashism (though it is also supported by some other shells), and for instance does not work with the NetBSD /bin/sh, which complains: ../src/configure: 687: Syntax error: Bad substitution Replace it with a more portable sed-based approach, similar to what we already do in quote_sh(). Note that shellcheck also diagnoses this: In ./configure line 687: e=${e/'\'/'\\'} ^-----------^ SC2039: In POSIX sh, string replacement is undefined. ^-- SC1003: Want to escape a single quote? echo 'This is how it'\''s done'. ^-- SC1003: Want to escape a single quote? echo 'This is how it'\''s done'. In ./configure line 688: e=${e/\"/'\"'} ^----------^ SC2039: In POSIX sh, string replacement is undefined. Fixes: 8154f5e64b0cf ("meson: Prefix each element of firmware path") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Tested-by: Thomas Huth <thuth@redhat.com> Message-id: 20220720152631.450903-4-peter.maydell@linaro.org
2022-07-26configure: Add braces to clarify intent of $emu[[:space:]]Peter Maydell1-1/+1
In shell script syntax, $var[something] is not special for variable expansion: $var is expanded. However, as it can look as if it were intended to be an array element access (the correct syntax for which is ${var[something]}), shellcheck recommends using explicit braces around ${var} to clarify the intended expansion. This fixes the warning: In ./configure line 2346: if "$target_ld" -verbose 2>&1 | grep -q "^[[:space:]]*$emu[[:space:]]*$"; then ^-- SC1087: Use braces when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-id: 20220720152631.450903-3-peter.maydell@linaro.org
2022-07-26configure: Add missing POSIX-required spacePeter Maydell1-1/+1
In commit 7d7dbf9dc15be6e1 we added a line to the configure script which is not valid POSIX shell syntax, because it is missing a space after a '!' character. shellcheck diagnoses this: if !(GIT="$git" "$source_path/scripts/git-submodule.sh" "$git_submodules_action" "$git_submodules"); then ^-- SC1035: You are missing a required space after the !. and the OpenBSD shell will not correctly handle this without the space. Fixes: 7d7dbf9dc15be6e1 ("configure: replace --enable/disable-git-update with --with-git-submodules") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Tested-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-id: 20220720152631.450903-2-peter.maydell@linaro.org
2022-07-26target/arm: Add MO_128 entry to pred_esz_masks[]Peter Maydell2-3/+4
In commit 7390e0e9ab8475, we added support for SME loads and stores. Unlike SVE loads and stores, these include handling of 128-bit elements. The SME load/store functions call down into the existing sve_cont_ldst_elements() function, which uses the element size MO_* value as an index into the pred_esz_masks[] array. Because this code path now has to handle MO_128, we need to add an extra element to the array. This bug was spotted by Coverity because it meant we were reading off the end of the array. Resolves: Coverity CID 1490539, 1490541, 1490543, 1490544, 1490545, 1490546, 1490548, 1490549, 1490550, 1490551, 1490555, 1490557, 1490558, 1490560, 1490561, 1490563 Fixes: 7390e0e9ab8475 ("target/arm: Implement SME LD1, ST1") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20220718100144.3248052-1-peter.maydell@linaro.org
2022-07-26scripts/coverity-scan/COMPONENTS.md: Update slirp component infoPeter Maydell1-2/+2
Update the regex for the slirp component now that it lives solely inside /slirp/, and note that it should be ignored in Coverity analysis (because it's a separate upstream project now, and they run Coverity on it themselves). Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20220718142310.16013-3-peter.maydell@linaro.org
2022-07-26scripts/coverity-scan/COMPONENTS.md: Add loongarch componentPeter Maydell1-0/+3
Add the component regex for the new loongarch target. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20220718142310.16013-2-peter.maydell@linaro.org
2022-07-26Merge tag 'linux-user-for-7.1-pull-request' of ↵Peter Maydell3-20/+5
https://gitlab.com/laurent_vivier/qemu into staging linux-user pull request 20220726 # gpg: Signature made Tue 26 Jul 2022 10:44:29 BST # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] # Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C * tag 'linux-user-for-7.1-pull-request' of https://gitlab.com/laurent_vivier/qemu: linux-user: Use target abi_int type for pipefd[1] in pipe() linux-user: Unconditionally use pipe2() syscall linux-user/hppa: Fix segfaults on page zero Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-07-26Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into stagingPeter Maydell2-13/+15
# gpg: Signature made Tue 26 Jul 2022 09:47:24 BST # gpg: using RSA key EF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * tag 'net-pull-request' of https://github.com/jasowang/qemu: vdpa: Fix memory listener deletions of iova tree vhost: Get vring base from vq, not svq e1000e: Fix possible interrupt loss when using MSI Signed-off-by: Peter Maydell <peter.maydell@linaro.org>