aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2020-11-03fuzz: fix writing DMA patternsAlexander Bulekov1-20/+17
This code had all sorts of issues. We used a loop similar to address_space_write_rom, but I did not remove a "break" that only made sense in the context of the switch statement in the original code. Then, after the loop, we did a separate qtest_memwrite over the entire DMA access range, defeating the purpose of the loop. Additionally, we increment the buf pointer, and then try to g_free() it. Fix these problems. Reported-by: OSS-Fuzz (Issue 26725) Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reported-by: OSS-Fuzz (Issue 26691) Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Message-Id: <20201029172901.534442-2-alxndr@bu.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03tests/qtest: Fix potential NULL pointer dereference in qos_build_main_args()AlexChen1-1/+2
In qos_build_main_args(), the pointer 'path' is dereferenced before checking it is valid, which may lead to NULL pointer dereference. So move the assignment to 'cmd_line' after checking 'path' is valid. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Message-Id: <5FA16ED5.4000203@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03configure: fix gio_libs referenceBruce Rogers1-1/+1
The gio library detection code no longer works, due to a missing $ in front of the gio_libs reference. Make the string be $gio_libs. Fixes: 76346b6264a ("configure: Test that gio libs from pkg-config work") Signed-off-by: Bruce Rogers <brogers@suse.com> Message-Id: <20201103145121.668865-1-brogers@suse.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03meson: fix warning for bad sphinx-buildPaolo Bonzini1-1/+2
The warning was printing an empty string if the bad sphinx-build was not passed on the command line. Instead, always use the path that was returned by find_program. Reported-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03tests/qtest/libqos/ahci.c: Avoid NULL dereference in ahci_exec()Peter Maydell1-1/+4
In ahci_exec() we attempt to permit the caller to pass a NULL pointer for opts_in (in which case we use a default set of options). However although we check for NULL when setting up the opts variable at the top of the function, we unconditionally dereference opts_in at the end of the function as part of freeing the opts->buffer. Switch to checking whether the final buffer is the same as the buffer we started with, instead of assuming the value we started with is always opts_in->buffer. At the moment all the callers pass a non-NULL opts argument, so we never saw any crashes in practice. Fixes: Coverity CID 1432302 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20201103115257.23623-1-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03tests/qtest/libqtest.c: Check for setsockopt() failurePeter Maydell1-2/+7
In socket_accept() we use setsockopt() to set SO_RCVTIMEO, but we don't check the return value for failure. Do so. Fixes: Coverity CID 1432321 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20201103115112.19211-1-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03meson: vhost-user-gpu/virtiofsd: use absolute pathMarc Hartmayer2-2/+2
The option `libexecdir` is relative to `prefix` (see https://mesonbuild.com/Builtin-options.html), so we have to be aware of this when creating 50-qemu-gpu.json and 50-qemu-virtiofsd.json. Otherwise, tools like libvirt will not be able to find the executable. Fixes: 16bf7a3326d8 ("configure: move directory options from config-host.mak to meson") Signed-off-by: Marc Hartmayer <mhartmay@linux.ibm.com> Message-Id: <20201103112333.24734-1-mhartmay@linux.ibm.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03meson: use b_staticpic=false for meson >=0.56.0Paolo Bonzini2-3/+7
Meson 0.56.0 correctly builds non-PIC static libraries with -fPIE if b_pie=true. We do not have to pass b_staticpic=true if PIE is requested if Meson is new-enough, which improves performance. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03qtest: add a reproducer for LP#1878642Alexander Bulekov1-0/+15
https://bugs.launchpad.net/qemu/+bug/1878642 Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201102163336.115444-1-alxndr@bu.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03hw/isa/lpc_ich9: Ignore reserved/invalid SCI IRQPhilippe Mathieu-Daudé2-3/+12
libFuzzer triggered the following assertion: cat << EOF | qemu-system-i386 -M pc-q35-5.0 \ -nographic -monitor none -serial none \ -qtest stdio -d guest_errors -trace pci\* outl 0xcf8 0x8400f841 outl 0xcfc 0xebed205d outl 0x5d02 0xedf82049 EOF pci_cfg_write ICH9-LPC 31:0 @0x41 <- 0xebed205d hw/pci/pci.c:268: int pci_bus_get_irq_level(PCIBus *, int): Assertion `irq_num < bus->nirq' failed. This is because ich9_lpc_sci_irq() returns -1 for reserved (illegal) values, but ich9_lpc_pmbase_sci_update() considers it valid and store it in a 8-bit unsigned type. Then the 255 value is used as GSI IRQ, resulting in a PIRQ value of 247, more than ICH9_LPC_NB_PIRQS (8). Fix by simply ignoring the invalid access (and reporting it): pci_cfg_write ICH9-LPC 31:0 @0x41 <- 0xebed205d ICH9 LPC: SCI IRQ SEL #3 is reserved pci_cfg_read mch 00:0 @0x0 -> 0x8086 pci_cfg_read mch 00:0 @0x0 -> 0x29c08086 ... Cc: qemu-stable@nongnu.org Reported-by: Alexander Bulekov <alxndr@bu.edu> Fixes: 8f242cb724 ("ich9: implement SCI_IRQ_SEL register") BugLink: https://bugs.launchpad.net/qemu/+bug/1878642 Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20200717151705.18611-1-f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03scripts/oss-fuzz: rename bin/qemu-fuzz-i386Alexander Bulekov1-2/+2
OSS-Fuzz changed the way it scans for fuzzers in $DEST_DIR. The new code also scans subdirectories for fuzzers. This means that OSS-Fuzz is considering bin/qemu-fuzz-i386 as an independent fuzzer (it is not - it requires a --fuzz-target argument). This has led to coverage-build failures and false crash reports. To work around this, we take advantage of OSS-Fuzz' filename extension check - OSS-Fuzz will not run anything that has an extension that is not ".exe": https://github.com/google/oss-fuzz/blob/master/infra/utils.py#L115 Reported-by: OSS-Fuzz (Issue 26725) Reported-by: OSS-Fuzz (Issue 26679) Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20201101212245.185819-1-alxndr@bu.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03exec: Remove dead code (CID 1432876)Philippe Mathieu-Daudé1-9/+1
We removed the global_locking field in commit 4174495408a, leaving dead code around the 'unlocked' variable. Remove it to fix the DEADCODE issue reported by Coverity (CID 1432876). Fixes: 4174495408a ("exec: Remove MemoryRegion::global_locking field") Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20201030153752.1557776-1-philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03docs: expand sourceset documentationPaolo Bonzini2-53/+107
Expand on the usage of sourcesets and describe the CONFIG_ALL symbol. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03cutils: replace strdup with g_strdupPaolo Bonzini2-1/+2
Memory returned by get_relocated_path must be freed with free or g_free depending on the path that the function took; Coverity takes exception to this practice. The fix lets caller use g_free as is standard in QEMU. While at it, mention the requirements on the caller in the doc comment. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-03Merge remote-tracking branch ↵Peter Maydell6-41/+1106
'remotes/mdroth/tags/qga-pull-2020-10-27-v3-tag' into staging qemu-ga patch queue for soft-freeze * add guest-get-disks for w32/linux * add guest-{add,remove,get}-authorized-keys * fix API violations and schema documentation inconsistencies with recently-added guest-get-devices v3: - fix checkpatch errors regarding disallowed usages of g_assert* macros and other warnings v2: - fix BSD build error due to missing stub for guest_get_disks - fix clang build error on linux due to unused variable - disable qga-ssh-test for now due to a memory leak within GLib when G_TEST_OPTION_ISOLATE_DIRS is passed to g_test_init() since it break Gitlab CI build-oss-fuzz test - rebased and re-tested on master # gpg: Signature made Tue 03 Nov 2020 02:30:50 GMT # gpg: using RSA key CEACC9E15534EBABB82D3FA03353C9CEF108B584 # gpg: issuer "michael.roth@amd.com" # gpg: Good signature from "Michael Roth <flukshun@gmail.com>" [full] # gpg: aka "Michael Roth <mdroth@utexas.edu>" [full] # gpg: aka "Michael Roth <mdroth@linux.vnet.ibm.com>" [full] # Primary key fingerprint: CEAC C9E1 5534 EBAB B82D 3FA0 3353 C9CE F108 B584 * remotes/mdroth/tags/qga-pull-2020-10-27-v3-tag: qga: add ssh-get-authorized-keys meson: minor simplification qga: add *reset argument to ssh-add-authorized-keys qga: add ssh-{add,remove}-authorized-keys glib-compat: add g_unix_get_passwd_entry_qemu() qga: add implementation of guest-get-disks for Windows qga: add implementation of guest-get-disks for Linux qga: add command guest-get-disks qga: Flatten simple union GuestDeviceId qga-win: Fix guest-get-devices error API violations qga: Use common time encoding for guest-get-devices 'driver-date' qga: Rename guest-get-devices return member 'address' to 'id' Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-03Merge remote-tracking branch ↵Peter Maydell17-486/+581
'remotes/pmaydell/tags/pull-target-arm-20201102' into staging target-arm queue: * target/arm: Fix Neon emulation bugs on big-endian hosts * target/arm: fix handling of HCR.FB * target/arm: fix LORID_EL1 access check * disas/capstone: Fix monitor disassembly of >32 bytes * hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) * hw/arm/boot: fix SVE for EL3 direct kernel boot * hw/display/omap_lcdc: Fix potential NULL pointer dereference * hw/display/exynos4210_fimd: Fix potential NULL pointer dereference * target/arm: Get correct MMU index for other-security-state * configure: Test that gio libs from pkg-config work * hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work * docs: Fix building with Sphinx 3 * tests/qtest/npcm7xx_rng-test: Disable randomness tests # gpg: Signature made Mon 02 Nov 2020 17:09:00 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20201102: (26 commits) tests/qtest/npcm7xx_rng-test: Disable randomness tests qemu-option-trace.rst.inc: Don't use option:: markup scripts/kerneldoc: For Sphinx 3 use c:macro for macros with arguments hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts work configure: Test that gio libs from pkg-config work target/arm: Get correct MMU index for other-security-state hw/display/exynos4210_fimd: Fix potential NULL pointer dereference hw/display/omap_lcdc: Fix potential NULL pointer dereference hw/arm/boot: fix SVE for EL3 direct kernel boot hw/arm/smmuv3: Fix potential integer overflow (CID 1432363) disas/capstone: Fix monitor disassembly of >32 bytes target/arm: fix LORID_EL1 access check target/arm: fix handling of HCR.FB target/arm: Fix VUDOT/VSDOT (scalar) on big-endian hosts target/arm: Fix float16 pairwise Neon ops on big-endian hosts target/arm: Improve do_prewiden_3d target/arm: Simplify do_long_3d and do_2scalar_long target/arm: Rename neon_load_reg64 to vfp_load_reg64 target/arm: Add read/write_neon_element64 target/arm: Rename neon_load_reg32 to vfp_load_reg32 ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02qga: add ssh-get-authorized-keysMarc-André Lureau3-2/+106
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> *fix-up merge conflicts due to qga-ssh-test being disabled in earlier patch due to G_TEST_OPTION_ISOLATE_DIRS triggering build-oss-fuzz leak detector. *fix up style and disallowed g_assert* usage reported by checkpatch Signed-off-by: Michael Roth <michael.roth@amd.com>
2020-11-02meson: minor simplificationMarc-André Lureau1-6/+1
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Michael Roth <michael.roth@amd.com>
2020-11-02qga: add *reset argument to ssh-add-authorized-keysMichael Roth2-6/+50
I prefer 'reset' over 'clear', since 'clear' and keys may have some other relations or meaning. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> *fix disallowed g_assert* usage reported by checkpatch Signed-off-by: Michael Roth <michael.roth@amd.com>
2020-11-02qga: add ssh-{add,remove}-authorized-keysMarc-André Lureau3-1/+466
Add new commands to add and remove SSH public keys from ~/.ssh/authorized_keys. I took a different approach for testing, including the unit tests right with the code. I wanted to overwrite the function to get the user details, I couldn't easily do that over QMP. Furthermore, I prefer having unit tests very close to the code, and unit files that are domain specific (commands-posix is too crowded already). FWIW, that coding/testing style is Rust-style (where tests can or should even be part of the documentation!). Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1885332 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> *squashed in fix-ups for setting file ownership and use of QAPI conditionals for CONFIG_POSIX instead of stub definitions *disable qga-ssh-test for now due to G_TEST_OPTION_ISOLATE_DIRS triggering leak detector in build-oss-fuzz *fix disallowed g_assert* usage reported by checkpatch Signed-off-by: Michael Roth <michael.roth@amd.com>
2020-11-02glib-compat: add g_unix_get_passwd_entry_qemu()Marc-André Lureau1-0/+28
The glib function was introduced in 2.64. It's a safer version of getpwnam, and also simpler to use than getpwnam_r. Currently, it's only use by the next patch in qemu-ga, which doesn't (well well...) need the thread safety guarantees. Since the fallback version is still unsafe, I would rather keep the _qemu postfix, to make sure it's not being misused by mistake. When/if necessary, we can implement a safer fallback and drop the _qemu suffix. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com> *fix checkpatch warnings about newlines before/after block comments Signed-off-by: Michael Roth <michael.roth@amd.com>
2020-11-02Merge remote-tracking branch ↵Peter Maydell16-24/+832
'remotes/dgilbert/tags/pull-migration-20201102a' into staging Migration and virtiofs fixes 2020-11-02 Fixes for postcopy migration test hang A seccomp crash for virtiofsd on some !x86 Help message and minor CID fix And another crack at Max's set. Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> # gpg: Signature made Mon 02 Nov 2020 19:54:59 GMT # gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full] # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20201102a: tests/acceptance: Add virtiofs_submounts.py tests/acceptance/boot_linux: Accept SSH pubkey virtiofsd: Announce sub-mount points virtiofsd: Add mount ID to the lo_inode key meson.build: Check for statx() virtiofsd: Add attr_flags to fuse_entry_param virtiofsd: Check FUSE_SUBMOUNTS virtiofsd: Fix the help message of posix lock tools/virtiofsd: Check vu_init() return value (CID 1435958) virtiofsd: Seccomp: Add 'send' for syslog migration: Postpone the kick of the fault thread after recover migration: Unify reset of last_rb on destination node when recover Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02tests/acceptance: Add virtiofs_submounts.pyMax Reitz5-0/+662
This test invokes several shell scripts to create a random directory tree full of submounts, and then check in the VM whether every submount has its own ID and the structure looks as expected. (Note that the test scripts must be non-executable, so Avocado will not try to execute them as if they were tests on their own, too.) Because at this commit's date it is unlikely that the Linux kernel on the image provided by boot_linux.py supports submounts in virtio-fs, the test will be cancelled if no custom Linux binary is provided through the vmlinuz parameter. (The on-image kernel can be used by providing an empty string via vmlinuz=.) So, invoking the test can be done as follows: $ avocado run \ tests/acceptance/virtiofs_submounts.py \ -p vmlinuz=/path/to/linux/build/arch/x86/boot/bzImage This test requires root privileges (through passwordless sudo -n), because at this point, virtiofsd requires them. (If you have a timestamp_timeout period for sudoers (e.g. the default of 5 min), you can provide this by executing something like "sudo true" before invoking Avocado.) Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20201102161859.156603-8-mreitz@redhat.com> Tested-by: Eduardo Habkost <ehabkost@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02tests/acceptance/boot_linux: Accept SSH pubkeyMax Reitz1-6/+7
Let download_cloudinit() take an optional pubkey, which subclasses of BootLinux can pass through setUp(). Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Willian Rampazzo <willianr@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201102161859.156603-7-mreitz@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02virtiofsd: Announce sub-mount pointsMax Reitz2-0/+23
Whenever we encounter a directory with an st_dev or mount ID that differs from that of its parent, we set the FUSE_ATTR_SUBMOUNT flag so the guest can create a submount for it. We only need to do so in lo_do_lookup(). The following functions return a fuse_attr object: - lo_create(), though fuse_reply_create(): Calls lo_do_lookup(). - lo_lookup(), though fuse_reply_entry(): Calls lo_do_lookup(). - lo_mknod_symlink(), through fuse_reply_entry(): Calls lo_do_lookup(). - lo_link(), through fuse_reply_entry(): Creating a link cannot create a submount, so there is no need to check for it. - lo_getattr(), through fuse_reply_attr(): Announcing submounts when the node is first detected (at lookup) is sufficient. We do not need to return the submount attribute later. - lo_do_readdir(), through fuse_add_direntry_plus(): Calls lo_do_lookup(). Make announcing submounts optional, so submounts are only announced to the guest with the announce_submounts option. Some users may prefer the current behavior, so that the guest learns nothing about the host mount structure. (announce_submounts is force-disabled when the guest does not present the FUSE_SUBMOUNTS capability, or when there is no statx().) Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201102161859.156603-6-mreitz@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02virtiofsd: Add mount ID to the lo_inode keyMax Reitz2-10/+86
Using st_dev is not sufficient to uniquely identify a mount: You can mount the same device twice, but those are still separate trees, and e.g. by mounting something else inside one of them, they may differ. Using statx(), we can get a mount ID that uniquely identifies a mount. If that is available, add it to the lo_inode key. Most of this patch is taken from Miklos's mail here: https://marc.info/?l=fuse-devel&m=160062521827983 (virtiofsd-use-mount-id.patch attachment) Suggested-by: Miklos Szeredi <mszeredi@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201102161859.156603-5-mreitz@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02meson.build: Check for statx()Max Reitz1-0/+16
Check whether the glibc provides statx() and if so, define CONFIG_STATX. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201102161859.156603-4-mreitz@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02virtiofsd: Add attr_flags to fuse_entry_paramMax Reitz2-0/+7
fuse_entry_param is converted to fuse_attr on the line (by fill_entry()), so it should have a member that mirrors fuse_attr.flags. fill_entry() should then copy this fuse_entry_param.attr_flags to fuse_attr.flags. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201102161859.156603-3-mreitz@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02virtiofsd: Check FUSE_SUBMOUNTSMax Reitz2-0/+10
FUSE_SUBMOUNTS is a pure indicator by the kernel to signal that it supports submounts. It does not check its state in the init reply, so there is nothing for fuse_lowlevel.c to do but to check its existence and copy it into fuse_conn_info.capable. Signed-off-by: Max Reitz <mreitz@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Message-Id: <20201102161859.156603-2-mreitz@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02virtiofsd: Fix the help message of posix lockJiachen Zhang1-1/+1
The commit 88fc107956a5812649e5918e0c092d3f78bb28ad disabled remote posix locks by default. But the --help message still says it is enabled by default. So fix it to output no_posix_lock. Signed-off-by: Jiachen Zhang <zhangjiachen.jaycee@bytedance.com> Message-Id: <20201027081558.29904-1-zhangjiachen.jaycee@bytedance.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02tools/virtiofsd: Check vu_init() return value (CID 1435958)Philippe Mathieu-Daudé1-2/+5
Since commit 6f5fd837889, vu_init() can fail if malloc() returns NULL. This fixes the following Coverity warning: CID 1435958 (#1 of 1): Unchecked return value (CHECKED_RETURN) Fixes: 6f5fd837889 ("libvhost-user: support many virtqueues") Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20201102092339.2034297-1-philmd@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02virtiofsd: Seccomp: Add 'send' for syslogDr. David Alan Gilbert1-0/+1
On ppc, and some other archs, it looks like syslog ends up using 'send' rather than 'sendto'. Reference: https://github.com/kata-containers/kata-containers/issues/1050 Reported-by: amulmek1@in.ibm.com Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20201102150750.34565-1-dgilbert@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02migration: Postpone the kick of the fault thread after recoverPeter Xu1-3/+8
The new migrate_send_rp_req_pages_pending() call should greatly improve destination responsiveness because it will resync faulted address after postcopy recovery. However it is also the 1st place to initiate the page request from the main thread. One thing is overlooked on that migrate_send_rp_message_req_pages() is not designed to be thread-safe. So if we wake the fault thread before syncing all the faulted pages in the main thread, it means they can race. Postpone the wake up operation after the sync of faulted addresses. Fixes: 0c26781c09 ("migration: Sync requested pages after postcopy recovery") Tested-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Peter Xu <peterx@redhat.com> Message-Id: <20201102153010.11979-3-peterx@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02migration: Unify reset of last_rb on destination node when recoverPeter Xu2-2/+6
When postcopy recover happens, we need to reset last_rb after each return of postcopy_pause_fault_thread() because that means we just got the postcopy migration continued. Unify this reset to the place right before we want to kick the fault thread again, when we get the command MIG_CMD_POSTCOPY_RESUME from source. This is actually more than that - because the main thread on destination will now be able to call migrate_send_rp_req_pages_pending() too, so the fault thread is not the only user of last_rb now. Move the reset earlier will allow the first call to migrate_send_rp_req_pages_pending() to use the reset value even if called from the main thread. (NOTE: this is not a real fix to 0c26781c09 mentioned below, however it is just a mark that when picking up 0c26781c09 we'd better have this one too; the real fix will come later) Fixes: 0c26781c09 ("migration: Sync requested pages after postcopy recovery") Tested-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Peter Xu <peterx@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Message-Id: <20201102153010.11979-2-peterx@redhat.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-11-02qga: add implementation of guest-get-disks for WindowsTomáš Golembiovský1-6/+101
The command lists all the physical disk drives. Unlike for Linux partitions and virtual volumes are not listed. Example output: { "return": [ { "name": "\\\\.\\PhysicalDrive0", "partition": false, "address": { "serial": "QM00001", "bus-type": "sata", ... }, "dependents": [] } ] } Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com> Signed-off-by: Michael Roth <michael.roth@amd.com>
2020-11-02qga: add implementation of guest-get-disks for LinuxTomáš Golembiovský1-11/+292
The command lists all disks (real and virtual) as well as disk partitions. For each disk the list of dependent disks is also listed and /dev path is used as a handle so it can be matched with "name" field of other returned disk entries. For disk partitions the "dependents" list is populated with the the parent device for easier tracking of hierarchy. Example output: { "return": [ ... { "name": "/dev/dm-0", "partition": false, "dependents": [ "/dev/sda2" ], "alias": "luks-7062202e-5b9b-433e-81e8-6628c40da9f7" }, { "name": "/dev/sda2", "partition": true, "dependents": [ "/dev/sda" ] }, { "name": "/dev/sda", "partition": false, "address": { "serial": "SAMSUNG_MZ7LN512HCHP-000L1_S1ZKNXAG822493", "bus-type": "sata", ... "dev": "/dev/sda", "target": 0 }, "dependents": [] }, ... ] } Signed-off-by: Tomáš Golembiovský <tgolembi@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> *add missing stub for !defined(CONFIG_FSFREEZE) *remove unused deps_dir variable Signed-off-by: Michael Roth <michael.roth@amd.com>
2020-11-02Merge remote-tracking branch 'remotes/nvme/tags/pull-nvme-20201102' into stagingPeter Maydell12-300/+1022
nvme pull 2 Nov 2020 # gpg: Signature made Mon 02 Nov 2020 15:20:30 GMT # gpg: using RSA key DBC11D2D373B4A3755F502EC625156610A4F6CC0 # gpg: Good signature from "Keith Busch <kbusch@kernel.org>" [unknown] # gpg: aka "Keith Busch <keith.busch@gmail.com>" [unknown] # gpg: aka "Keith Busch <keith.busch@intel.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: DBC1 1D2D 373B 4A37 55F5 02EC 6251 5661 0A4F 6CC0 * remotes/nvme/tags/pull-nvme-20201102: (30 commits) hw/block/nvme: fix queue identifer validation hw/block/nvme: fix create IO SQ/CQ status codes hw/block/nvme: fix prp mapping status codes hw/block/nvme: report actual LBA data shift in LBAF hw/block/nvme: add trace event for requests with non-zero status code hw/block/nvme: add nsid to get/setfeat trace events hw/block/nvme: reject io commands if only admin command set selected hw/block/nvme: support for admin-only command set hw/block/nvme: validate command set selected hw/block/nvme: support per-namespace smart log hw/block/nvme: fix log page offset check hw/block/nvme: remove pointless rw indirection hw/block/nvme: update nsid when registered hw/block/nvme: change controller pci id pci: allocate pci id for nvme hw/block/nvme: support multiple namespaces hw/block/nvme: refactor identify active namespace id list hw/block/nvme: add support for sgl bit bucket descriptor hw/block/nvme: add support for scatter gather lists hw/block/nvme: harden cmb access ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02tests/qtest/npcm7xx_rng-test: Disable randomness testsPeter Maydell1-4/+10
The randomness tests in the NPCM7xx RNG test fail intermittently but fairly frequently. On my machine running the test in a loop: while QTEST_QEMU_BINARY=./qemu-system-aarch64 ./tests/qtest/npcm7xx_rng-test; do true; done will fail in less than a minute with an error like: ERROR:../../tests/qtest/npcm7xx_rng-test.c:256:test_first_byte_runs: assertion failed (calc_runs_p(buf.l, sizeof(buf) * BITS_PER_BYTE) > 0.01): (0.00286205989 > 0.01) (Failures have been observed on all 4 of the randomness tests, not just first_byte_runs.) It's not clear why these tests are failing like this, but intermittent failures make CI and merge testing awkward, so disable running them unless a developer specifically sets QEMU_TEST_FLAKY_RNG_TESTS when running the test suite, until we work out the cause. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20201102152454.8287-1-peter.maydell@linaro.org Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
2020-11-02qemu-option-trace.rst.inc: Don't use option:: markupPeter Maydell1-3/+3
Sphinx 3.2 is pickier than earlier versions about the option:: markup, and complains about our usage in qemu-option-trace.rst: ../../docs/qemu-option-trace.rst.inc:4:Malformed option description '[enable=]PATTERN', should look like "opt", "-opt args", "--opt args", "/opt args" or "+opt args" In this file, we're really trying to document the different parts of the top-level --trace option, which qemu-nbd.rst and qemu-img.rst have already introduced with an option:: markup. So it's not right to use option:: here anyway. Switch to a different markup (definition lists) which gives about the same formatted output. (Unlike option::, this markup doesn't produce index entries; but at the moment we don't do anything much with indexes anyway, and in any case I think it doesn't make much sense to have individual index entries for the sub-parts of the --trace option.) Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20201030174700.7204-3-peter.maydell@linaro.org
2020-11-02scripts/kerneldoc: For Sphinx 3 use c:macro for macros with argumentsPeter Maydell1-1/+17
The kerneldoc script currently emits Sphinx markup for a macro with arguments that uses the c:function directive. This is correct for Sphinx versions earlier than Sphinx 3, where c:macro doesn't allow documentation of macros with arguments and c:function is not picky about the syntax of what it is passed. However, in Sphinx 3 the c:macro directive was enhanced to support macros with arguments, and c:function was made more picky about what syntax it accepted. When kerneldoc is told that it needs to produce output for Sphinx 3 or later, make it emit c:function only for functions and c:macro for macros with arguments. We assume that anything with a return type is a function and anything without is a macro. This fixes the Sphinx error: /home/petmay01/linaro/qemu-from-laptop/qemu/docs/../include/qom/object.h:155:Error in declarator If declarator-id with parameters (e.g., 'void f(int arg)'): Invalid C declaration: Expected identifier in nested name. [error at 25] DECLARE_INSTANCE_CHECKER ( InstanceType, OBJ_NAME, TYPENAME) -------------------------^ If parenthesis in noptr-declarator (e.g., 'void (*f(int arg))(double)'): Error in declarator or parameters Invalid C declaration: Expecting "(" in parameters. [error at 39] DECLARE_INSTANCE_CHECKER ( InstanceType, OBJ_NAME, TYPENAME) ---------------------------------------^ Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Tested-by: Stefan Hajnoczi <stefanha@redhat.com> Message-id: 20201030174700.7204-2-peter.maydell@linaro.org
2020-11-02hw/intc/arm_gicv3_cpuif: Make GIC maintenance interrupts workPeter Maydell2-4/+2
In gicv3_init_cpuif() we copy the ARMCPU gicv3_maintenance_interrupt into the GICv3CPUState struct's maintenance_irq field. This will only work if the board happens to have already wired up the CPU maintenance IRQ before the GIC was realized. Unfortunately this is not the case for the 'virt' board, and so the value that gets copied is NULL (since a qemu_irq is really a pointer to an IRQState struct under the hood). The effect is that the CPU interface code never actually raises the maintenance interrupt line. Instead, since the GICv3CPUState has a pointer to the CPUState, make the dereference at the point where we want to raise the interrupt, to avoid an implicit requirement on board code to wire things up in a particular order. Reported-by: Jose Martins <josemartins90@gmail.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20201009153904.28529-1-peter.maydell@linaro.org Reviewed-by: Luc Michel <luc@lmichel.fr>
2020-11-02configure: Test that gio libs from pkg-config workPeter Maydell1-1/+9
On some hosts (eg Ubuntu Bionic) pkg-config returns a set of libraries for gio-2.0 which don't actually work when compiling statically. (Specifically, the returned library string includes -lmount, but not -lblkid which -lmount depends upon, so linking fails due to missing symbols.) Check that the libraries work, and don't enable gio if they don't, in the same way we do for gnutls. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20200928160402.7961-1-peter.maydell@linaro.org
2020-11-02target/arm: Get correct MMU index for other-security-statePeter Maydell1-1/+2
In arm_v7m_mmu_idx_for_secstate() we get the 'priv' level to pass to armv7m_mmu_idx_for_secstate_and_priv() by calling arm_current_el(). This is incorrect when the security state being queried is not the current one, because arm_current_el() uses the current security state to determine which of the banked CONTROL.nPRIV bits to look at. The effect was that if (for instance) Secure state was in privileged mode but Non-Secure was not then we would return the wrong MMU index. The only places where we are using this function in a way that could trigger this bug are for the stack loads during a v8M function-return and for the instruction fetch of a v8M SG insn. Fix the bug by expanding out the M-profile version of the arm_current_el() logic inline so it can use the passed in secstate rather than env->v7m.secure. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201022164408.13214-1-peter.maydell@linaro.org
2020-11-02hw/display/exynos4210_fimd: Fix potential NULL pointer dereferenceAlexChen1-1/+3
In exynos4210_fimd_update(), the pointer s is dereferinced before being check if it is valid, which may lead to NULL pointer dereference. So move the assignment to global_width after checking that the s is valid. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 5F9F8D88.9030102@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02hw/display/omap_lcdc: Fix potential NULL pointer dereferenceAlexChen1-3/+7
In omap_lcd_interrupts(), the pointer omap_lcd is dereferinced before being check if it is valid, which may lead to NULL pointer dereference. So move the assignment to surface after checking that the omap_lcd is valid and move surface_bits_per_pixel(surface) to after the surface assignment. Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: AlexChen <alex.chen@huawei.com> Message-id: 5F9CDB8A.9000001@huawei.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02hw/arm/boot: fix SVE for EL3 direct kernel bootRémi Denis-Courmont1-0/+3
When booting a CPU with EL3 using the -kernel flag, set up CPTR_EL3 so that SVE will not trap to EL3. Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20201030151541.11976-1-remi@remlab.net Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02hw/arm/smmuv3: Fix potential integer overflow (CID 1432363)Philippe Mathieu-Daudé1-1/+2
Use the BIT_ULL() macro to ensure we use 64-bit arithmetic. This fixes the following Coverity issue (OVERFLOW_BEFORE_WIDEN): CID 1432363 (#1 of 1): Unintentional integer overflow: overflow_before_widen: Potentially overflowing expression 1 << scale with type int (32 bits, signed) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type hwaddr (64 bits, unsigned). Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Acked-by: Eric Auger <eric.auger@redhat.com> Message-id: 20201030144617.1535064-1-philmd@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02disas/capstone: Fix monitor disassembly of >32 bytesPeter Maydell1-1/+1
If we're using the capstone disassembler, disassembly of a run of instructions more than 32 bytes long disassembles the wrong data for instructions beyond the 32 byte mark: (qemu) xp /16x 0x100 0000000000000100: 0x00000005 0x54410001 0x00000001 0x00001000 0000000000000110: 0x00000000 0x00000004 0x54410002 0x3c000000 0000000000000120: 0x00000000 0x00000004 0x54410009 0x74736574 0000000000000130: 0x00000000 0x00000000 0x00000000 0x00000000 (qemu) xp /16i 0x100 0x00000100: 00000005 andeq r0, r0, r5 0x00000104: 54410001 strbpl r0, [r1], #-1 0x00000108: 00000001 andeq r0, r0, r1 0x0000010c: 00001000 andeq r1, r0, r0 0x00000110: 00000000 andeq r0, r0, r0 0x00000114: 00000004 andeq r0, r0, r4 0x00000118: 54410002 strbpl r0, [r1], #-2 0x0000011c: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c 0x00000120: 54410001 strbpl r0, [r1], #-1 0x00000124: 00000001 andeq r0, r0, r1 0x00000128: 00001000 andeq r1, r0, r0 0x0000012c: 00000000 andeq r0, r0, r0 0x00000130: 00000004 andeq r0, r0, r4 0x00000134: 54410002 strbpl r0, [r1], #-2 0x00000138: 3c000000 .byte 0x00, 0x00, 0x00, 0x3c 0x0000013c: 00000000 andeq r0, r0, r0 Here the disassembly of 0x120..0x13f is using the data that is in 0x104..0x123. This is caused by passing the wrong value to the read_memory_func(). The intention is that at this point in the loop the 'cap_buf' buffer already contains 'csize' bytes of data for the instruction at guest addr 'pc', and we want to read in an extra 'tsize' bytes. Those extra bytes are therefore at 'pc + csize', not 'pc'. On the first time through the loop 'csize' happens to be zero, so the initial read of 32 bytes into cap_buf is correct and as long as the disassembly never needs to read more data we return the correct information. Use the correct guest address in the call to read_memory_func(). Cc: qemu-stable@nongnu.org Fixes: https://bugs.launchpad.net/qemu/+bug/1900779 Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20201022132445.25039-1-peter.maydell@linaro.org
2020-11-02target/arm: fix LORID_EL1 access checkRémi Denis-Courmont1-14/+5
Secure mode is not exempted from checking SCR_EL3.TLOR, and in the future HCR_EL2.TLOR when S-EL2 is enabled. Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-02target/arm: fix handling of HCR.FBRémi Denis-Courmont1-3/+2
HCR should be applied when NS is set, not when it is cleared. Signed-off-by: Rémi Denis-Courmont <remi.denis.courmont@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>