aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2023-03-06audio/alsaaudio: use g_new0() instead of audio_calloc()Volker Rümelin1-5/+1
Replace audio_calloc() with the equivalent g_new0(). The value of the g_new0() argument count is >= 1, which means g_new0() will never return NULL. Also remove the unnecessary NULL check. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20230121094735.11644-6-vr_qemu@t-online.de>
2023-03-06audio/mixeng: use g_new0() instead of audio_calloc()Volker Rümelin3-16/+2
Replace audio_calloc() with the equivalent g_new0(). With a n_structs argument of 1, g_new0() never returns NULL. Also remove the unnecessary NULL checks. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20230121094735.11644-5-vr_qemu@t-online.de>
2023-03-06audio: remove unused #define AUDIO_STRINGIFYVolker Rümelin1-3/+0
Remove the unused #define AUDIO_STRINGIFY. It was last used before commit 470bcabd8f ("audio: Replace AUDIO_FUNC with __func__"). Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20230121094735.11644-4-vr_qemu@t-online.de>
2023-03-06audio: rename hardware store to backendVolker Rümelin1-2/+2
Use a consistent friendly name for the HWVoiceOut and HWVoiceIn structures. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230121094735.11644-3-vr_qemu@t-online.de>
2023-03-06audio: don't show unnecessary error messagesVolker Rümelin1-1/+1
Let the audio_pcm_create_voice_pair_* functions handle error reporting. This avoids an additional error message in case the guest selected an unimplemented sample rate. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20230121094735.11644-2-vr_qemu@t-online.de>
2023-03-06audio: log unimplemented audio device sample ratesVolker Rümelin2-0/+14
Some emulated audio devices allow guests to select very low sample rates that the audio subsystem doesn't support. The lowest supported sample rate depends on the audio backend used and in most cases can be changed with various -audiodev arguments. Until now, the audio_bug function emits an error message similar to the following error message A bug was just triggered in audio_calloc Save all your work and restart without audio I am sorry Context: audio_pcm_sw_alloc_resources_out passed invalid arguments to audio_calloc nmemb=0 size=16 (len=0) audio: Could not allocate buffer for `ac97.po' (0 samples) and the audio subsystem continues without sound for the affected device. The fact that the selected sample rate is not supported is not a guest error. Instead of displaying an error message, the missing audio support is now logged. Simply continuing without sound is correct, since the audio stream won't transport anything reasonable at such high resample ratios anyway. The AUD_open_* functions return NULL like before. The opened audio device will not be registered in the audio subsystem and consequently the audio frontend callback functions will not be called. The AUD_read and AUD_write functions return early in this case. This is necessary because, for example, the Sound Blaster 16 emulation calls AUD_write from the DMA callback function. Acked-by: Christian Schoenebeck <qemu_oss@crudebyte.com> Signed-off-by: Volker Rümelin <vr_qemu@t-online.de> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20230121094735.11644-1-vr_qemu@t-online.de>
2023-03-06MAINTAINERS: add myself to ui/ and audio/Marc-André Lureau1-0/+2
Helping out with patch review & queue handling. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230207085610.1033536-1-marcandre.lureau@redhat.com>
2023-03-04configure: Disable thread-safety warnings on macOSThomas Huth1-1/+4
The enablement of -Wthread-safety broke compilation on macOS (if -Werror is enabled, like in our CI). Disable it there by default until the problems are resolved. Signed-off-by: Thomas Huth <thuth@redhat.com> Acked-by: Kevin Wolf <kwolf@redhat.com> Message-id: 20230301113425.286946-1-thuth@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-04tests/qtest/migration-test: Disable migration/multifd/tcp/plain/cancelPeter Maydell1-2/+8
migration-test has been flaky for a long time, both in CI and otherwise: https://gitlab.com/qemu-project/qemu/-/jobs/3806090216 (a FreeBSD job) 32/648 ERROR:../tests/qtest/migration-helpers.c:205:wait_for_migration_status: assertion failed: (g_test_timer_elapsed() < MIGRATION_STATUS_WAIT_TIMEOUT) ERROR on a local macos x86 box: ▶ 34/621 ERROR:../../tests/qtest/migration-helpers.c:151:migrate_query_not_failed: assertion failed: (!g_str_equal(status, "failed")) ERROR 34/621 qemu:qtest+qtest-i386 / qtest-i386/migration-test ERROR 168.12s killed by signal 6 SIGABRT ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― stderr: qemu-system-i386: Failed to peek at channel query-migrate shows failed migration: Unable to write to socket: Broken pipe ** ERROR:../../tests/qtest/migration-helpers.c:151:migrate_query_not_failed: assertion failed: (!g_str_equal(status, "failed")) (test program exited with status code -6) ―――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――――― ▶ 37/621 ERROR:../../tests/qtest/migration-helpers.c:151:migrate_query_not_failed: assertion failed: (!g_str_equal(status, "failed")) ERROR 37/621 qemu:qtest+qtest-x86_64 / qtest-x86_64/migration-test ERROR 174.37s killed by signal 6 SIGABRT ――――――――――――――――――――――――――――――――――――― ✀ ――――――――――――――――――――――――――――――――――――― stderr: query-migrate shows failed migration: Unable to write to socket: Broken pipe ** ERROR:../../tests/qtest/migration-helpers.c:151:migrate_query_not_failed: assertion failed: (!g_str_equal(status, "failed")) (test program exited with status code -6) In the cases where I've looked at the underlying log, this seems to be in the migration/multifd/tcp/plain/cancel subtest. Disable that specific subtest by default until somebody can track down the underlying cause. Enthusiasts can opt back in by setting QEMU_TEST_FLAKY_TESTS=1 in their environment. We might need to disable more parts of this test if this isn't sufficient to fix the flakiness. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Message-id: 20230302172211.4146376-1-peter.maydell@linaro.org
2023-03-04Merge tag 'pull-ppc-20230303' of https://gitlab.com/danielhb/qemu into stagingPeter Maydell6-71/+85
ppc patch queue for 2023-03-03: This queue includes a stub implementation for the dcblc instruction to avoid an illegal instrunction exception when using u-boot with mpc85xx. It also includes a PHB fix with user-created pnv-phb devices and Skiboot. # -----BEGIN PGP SIGNATURE----- # # iIwEABYKADQWIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCZAJllhYcZGFuaWVsaGI0 # MTNAZ21haWwuY29tAAoJEDzZypbeAzFk02YA/2YnJl0aRw6hgiayI2rLbcwQcVfp # oGAhh4QmqFL2UJw2AQDra0kh9sxBSEcqhltNnOa08tBnHPts3W/A8nmFtCd4Cw== # =VRNM # -----END PGP SIGNATURE----- # gpg: Signature made Fri 03 Mar 2023 21:24:38 GMT # gpg: using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164 # gpg: issuer "danielhb413@gmail.com" # gpg: Good signature from "Daniel Henrique Barboza <danielhb413@gmail.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 17EB FF99 23D0 1800 AF28 3819 3CD9 CA96 DE03 3164 * tag 'pull-ppc-20230303' of https://gitlab.com/danielhb/qemu: pnv_phb4_pec: Simplify/align code to parent user-created PHBs pnv_phb4_pec: Move pnv_phb4_get_pec() to rightful file pnv_phb4_pec: Only export existing PHBs to the device tree pnv_phb4_pec: Keep track of instantiated PHBs target/ppc/translate: Add dummy implementation for dcblc instruction Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-03pnv_phb4_pec: Simplify/align code to parent user-created PHBsFrederic Barrat5-25/+22
When instantiating a user-created PHB on P9/P10, we don't really have a reason any more to go through an indirection in pnv_chip_add_phb() in pnv.c, we can go straight to the right function in pnv_phb4_pec.c. That way, default PHBs and user-created PHBs are all handled in the same file. This patch also renames pnv_phb4_get_pec() to pnv_pec_add_phb() to better reflect that it "hooks" a PHB to a PEC. For P8, the PHBs are parented to the chip directly, so it makes sense to keep calling pnv_chip_add_phb() in pnv.c, to also be consistent with where default PHBs are handled. The only change here is that, since that function is now only used for P8, we can refine the return type. So overall, the PnvPHB front-end now has a pnv_phb_user_get_parent() function which handles the parenting of the user-created PHBs by calling the right function in the right file based on the processor version. It's also easily extensible if we ever need to support a different parent object. Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Message-Id: <20230302163715.129635-5-fbarrat@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-03-03pnv_phb4_pec: Move pnv_phb4_get_pec() to rightful fileFrederic Barrat3-43/+42
The function pnv_phb4_get_pec() exposes some internals of the PEC and PHB logic, yet it was in the higher level hw/ppc/pnv.c file for historical reasons: P8 implements the PHBs from pnv.c directly, but on P9/P10, it's done through the CEC model, which has its own file. So move pnv_phb4_get_pec() to hw/pci-host/pnv_phb4_pec.c, where it fits naturally. While at it, replace the PnvPHB4 parameter by the PnvPHB front-end, since it has all the information needed and simplify it a bit. No functional changes. Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Message-Id: <20230302163715.129635-4-fbarrat@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-03-03pnv_phb4_pec: Only export existing PHBs to the device treeFrederic Barrat1-2/+6
So far, we were always exporting all possible PHBs to the device tree. It works well when using the default config but it potentially adds non-existing devices when using '-nodefaults' and user-created PHBs, causing the firmware (skiboot) to report errors when probing those PHBs. This patch only exports PHBs which have been realized to the device tree. Fixes: d786be3fe746 ("ppc/pnv: enable user created pnv-phb for powernv9") Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Message-Id: <20230302163715.129635-3-fbarrat@linux.ibm.com> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-03-03pnv_phb4_pec: Keep track of instantiated PHBsFrederic Barrat3-5/+10
Add an array on the PEC object to keep track of the PHBs which are instantiated. The array can be sparsely populated when using user-created PHBs. It will be useful for the next patch to only export instantiated PHBs in the device tree. Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Frederic Barrat <fbarrat@linux.ibm.com> Message-Id: <20230302163715.129635-2-fbarrat@linux.ibm.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-03-03target/ppc/translate: Add dummy implementation for dcblc instructionBernhard Beschow1-0/+9
The dcblc instruction is used by u-boot in mpc85xx/start.S. Without it, an illegal istruction exception is generated very early in the boot process where the processor is not yet able to handle exceptions. See: https://github.com/u-boot/u-boot/blob/v2023.01/arch/powerpc/cpu/mpc85xx/start.S#L1840 Signed-off-by: Bernhard Beschow <shentey@gmail.com> Message-Id: <20230130184950.5241-1-shentey@gmail.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com> Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
2023-03-03Merge tag 'pull-aspeed-20230302' of https://github.com/legoater/qemu into ↵Peter Maydell16-77/+419
staging aspeed queue: * fix for the Aspeed I2C slave mode * a new I2C echo device from Klaus and its associated test in avocado. * initial SoC cleanups to allow the use of block devices instead of drives on the command line. * new facebook machines and eeprom fixes for the Fuji * readline fix # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmQAnrQACgkQUaNDx8/7 # 7KGIvQ//Te2eSxlZNxAXHb3HSVFRaBW+2EkJzNlalX75olFSzCLe8BnAHK5xPlYv # JjU0aPjWaPohPLdbNbAsJY2B8AwMGbUTjSv+ORRWF6s97LTVD9WcAYHgOTCz6d2X # ZrArJ5msEQAFEySOLmBqTcuyW3t4w8XeII+B09HZIS8Gn3F9kX5+4JCw9E4sX8fS # n9ayclMmrXCPbkGA4bfwJp3KI1Tc/WXNRyG0AmPEmepid7ECr5tVvQoXRMF1Sy/D # 10qbHEcmQXvZDy85M2ED1niOac4oU+EY8Wvjzkgc36uXcjqf0jIUfw56cwGSNVkW # MhPXSMiH4tEjgxmtzld3LeA6TGfrFcCvRXYiCuYWHjBS3gptlqY6Q0580vxoQVXL # lTYui57LB1YStNLcLG9toP0d4/fRfeqEx7ddCQKlopnW/K392eoJo0aYoVGVJhIC # 3QhN525EFUwMm4FDpdSW29Gfbk/ytpf0u4hQ6JPeBl8psirRKqCGuwr5NOnPYTaN # yErlsq2eL83t9kLo+2YIqgWic85wNP3kqAjIaE6lminqX7sWFH3V1g9HqUQZVG1g # msatZMiCCvwSFuz3DPkSfnuhqwaHuhvCATZloCtguCmnbUK9qUVVzvodKw62sZrd # GdS2XvRNyoOwezz0tDEvPipyZ7RpcaatryHNuzGwRsE5Lvr73dg= # =ExnJ # -----END PGP SIGNATURE----- # gpg: Signature made Thu 02 Mar 2023 13:03:48 GMT # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * tag 'pull-aspeed-20230302' of https://github.com/legoater/qemu: aspeed/smc: Replace SysBus IRQs with GPIO lines aspeed: Add a boot_rom overlap region in the SoC spi_boot container aspeed: Introduce a spi_boot region under the SoC aspeed/fuji : correct the eeprom size hw/at24c : modify at24c to support 1 byte address mode hw/arm/aspeed: Adding new machine Tiogapass in QEMU hw/arm/aspeed: Adding new machine Yosemitev2 in QEMU tests/avocado/machine_aspeed.py: Add an I2C slave test hw/misc: add a toy i2c echo device hw/i2c: only schedule pending master when bus is idle readline: fix hmp completion issue Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-03Merge tag 'pull-loongarch-20230303' of https://gitlab.com/gaosong/qemu into ↵Peter Maydell8-73/+70
staging pull-loongarch-20230303 # -----BEGIN PGP SIGNATURE----- # # iLMEAAEIAB0WIQS4/x2g0v3LLaCcbCxAov/yOSY+3wUCZAFb5wAKCRBAov/yOSY+ # 35hmA/sHIGXU5zQV6p6DBILFGEE6x91sPtV8WKY3zujVY0hsfD4SF6bKTaKJYisZ # EztZZ5/EunQcu/vfgO46YtYysEWzrzGiinbZ5lAjxk6sdlBYlfcTQLAQEEW3zPbP # qB3SiiGmGQ0iYFHIlkyi1tCF5OEmqqQKrHYrNVk6cGBoJle2PA== # =giPH # -----END PGP SIGNATURE----- # gpg: Signature made Fri 03 Mar 2023 02:31:03 GMT # gpg: using RSA key B8FF1DA0D2FDCB2DA09C6C2C40A2FFF239263EDF # gpg: Good signature from "Song Gao <m17746591750@163.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: B8FF 1DA0 D2FD CB2D A09C 6C2C 40A2 FFF2 3926 3EDF * tag 'pull-loongarch-20230303' of https://gitlab.com/gaosong/qemu: hw/loongarch/virt: add system_powerdown hmp command support target/loongarch: Implement Chip Configuraiton Version Register(0x0000) docs/system/loongarch: update loongson3.rst and rename it to virt.rst loongarch: Add smbios command line option. hw/loongarch/virt: rename PCH_PIC_IRQ_OFFSET with VIRT_GSI_BASE Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-03Merge tag 'migration-20230302-pull-request' of ↵Peter Maydell2-3/+26
https://gitlab.com/juan.quintela/qemu into staging Migraiton Pull request Hi This pull requests include: - use-after-free in test-vmstate (eric) - fix exec migration in windows (berberian) Please apply. # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEGJn/jt6/WMzuA0uC9IfvGFhy1yMFAmQAynUACgkQ9IfvGFhy # 1yMAKhAAyLAVSDvCh8uRvAZ4sHzZTmCuvMpGol8wromFta9Ub0vLqcK8F3neYERb # xsRmYxcfaGR0dcf4j8CNAdUjO3NJjiSlWFqFYizIWZNQ2Hotgfkizxifk7l1eRO5 # L4TvOcdS0oRAgwLvcE9SDjtRMYwCBey/opgQCAaWWVk/NLDEYKNOuPNSdrpPhMPL # LBBPNj1ATmKYPGxsdm3U8VwFu9VuevmQ9AxEhW4Euf9Ex0Ie+hxGjHZmzrJrbYUL # 3p2cyu/ShU3MxsKowgmFnDkL3zyihYPAKhb1YJ+csRLFJX/zKVJcH7ZVzJOSR3GQ # ZoksI1RciwBfbl1IVD+TgrZrZnFd5ltto3zxSrjLFFnB4lhtg5bUDwMG8/o5qx3d # YaJOaeTJbmqd+SRPxrqbLWWGpsXUJc1rEVcYh2rclyOxvwda1xJrl7/2N2ZeS6VD # GO7FhcaprpxvLF+WYmhuCIS3RbOC35/Hx11bgQL8da8lxPQsOfsPTkRpzeWa4exX # ET+fqvlQp8ApHDVF/VA8vD31brSv3moL6GmVnZeT/Fi5xa7Ntb3Mnn5DkDoXgSKo # DQjie+ZTRJ/E4VbY53FAeUh4M3OPf5NaZyzgx3K68XMZJ6THiLmwqDa/vO53Q0QP # kMNVYAA9FbBFIozDpa2l+fCNxaawKqVBK4yYoEBZcBLYjb+7540= # =fku0 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 02 Mar 2023 16:10:29 GMT # gpg: using RSA key 1899FF8EDEBF58CCEE034B82F487EF185872D723 # gpg: Good signature from "Juan Quintela <quintela@redhat.com>" [full] # gpg: aka "Juan Quintela <quintela@trasno.org>" [full] # Primary key fingerprint: 1899 FF8E DEBF 58CC EE03 4B82 F487 EF18 5872 D723 * tag 'migration-20230302-pull-request' of https://gitlab.com/juan.quintela/qemu: Fix exec migration on Windows (w32+w64). test-vmstate: fix bad GTree usage, use-after-free Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-03Merge tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu ↵Peter Maydell61-396/+357
into staging virtio,pc,pci: features, cleanups, fixes vhost-user support without ioeventfd word replacements in vhost user spec shpc improvements cleanups, fixes all over the place Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # -----BEGIN PGP SIGNATURE----- # # iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmQBO8QPHG1zdEByZWRo # YXQuY29tAAoJECgfDbjSjVRpMUMH/3/FVp4qaF4CDwCHn7xWFRJpOREIhX/iWfUu # lGkwxnB7Lfyqdg7i4CAfgMf2emWKZchEE2DamfCo5bIX0IgRU3DWcOdR9ePvJ29J # cKwIYpxZcB4RYSoWL5OUakQLCT3JOu4XWaXeVjyHABjQhf3lGpwN4KmIOBGOy/N6 # 0YHOQScW2eW62wIOwhAEuYQceMt6KU32Uw3tLnMbJliiBf3a/hPctVNM9TFY9pcd # UYHGfBx/zD45owf1lTVEQFDg0eqPZKWW29g5haiOd5oAyXHHolzu+bt3bU7lH46b # f7iP12LqDudyrgoF5YWv3NJ4HaGm5V3kPqNqLLF/mjF7alxG+N8= # =hN3h # -----END PGP SIGNATURE----- # gpg: Signature made Fri 03 Mar 2023 00:13:56 GMT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * tag 'for_upstream' of https://git.kernel.org/pub/scm/virt/kvm/mst/qemu: (53 commits) tests/data/acpi/virt: drop (most) duplicate files. hw/cxl/mailbox: Use new UUID network order define for cel_uuid qemu/uuid: Add UUID static initializer qemu/bswap: Add const_le64() tests: acpi: Update q35/DSDT.cxl for removed duplicate UID hw/i386/acpi: Drop duplicate _UID entry for CXL root bridge tests/acpi: Allow update of q35/DSDT.cxl hw/cxl: Add CXL_CAPACITY_MULTIPLIER definition hw/cxl: set cxl-type3 device type to PCI_CLASS_MEMORY_CXL hw/pci-bridge/cxl_downstream: Fix type naming mismatch hw/mem/cxl_type3: Improve error handling in realize() MAINTAINERS: Add Fan Ni as Compute eXpress Link QEMU reviewer intel-iommu: send UNMAP notifications for domain or global inv desc smmu: switch to use memory_region_unmap_iommu_notifier_range() memory: introduce memory_region_unmap_iommu_notifier_range() intel-iommu: fail DEVIOTLB_UNMAP without dt mode intel-iommu: fail MAP notifier without caching mode memory: Optimize replay of guest mapping chardev/char-socket: set s->listener = NULL in char_socket_finalize hw/pci: Trace IRQ routing on PCI topology ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-03Merge tag 'pull-riscv-to-apply-20230303' of ↵Peter Maydell20-574/+538
https://gitlab.com/palmer-dabbelt/qemu into staging Fifth RISC-V PR for QEMU 8.0 * Experimantal support for writable misa. * Support for Svadu extension. * Support for the Zicond extension. * Fixes to gdbstub, CSR accesses, dependencies between the various floating-point exceptions, and XTheadMemPair. * Many cleanups. # -----BEGIN PGP SIGNATURE----- # # iQJHBAABCAAxFiEEKzw3R0RoQ7JKlDp6LhMZ81+7GIkFAmQBrrUTHHBhbG1lckBk # YWJiZWx0LmNvbQAKCRAuExnzX7sYicHrD/9dHBDOYNwyT/C2Q31NHMcEsVN6J0kW # 0sVyDb2/TUFoXmClMwS6jZYQQwWD7tjjB7BDcvPJ0QKLblDoZFX5JyxpQypIKWcs # It/E6mk7aG0epH1GoB/mbHFDbeCm4tbo7Vf6cQGpV/vGWBUaOS67c5nenUK7Tlqw # NTr9qak+9NYVswvMHZ0lUKtO12W1g/1EVkict2/90P2snWbPZ+foWomifGNljmhy # 5WtCNp27uBKF/uuD9xubLOxSEcqtZFTuKJy7U3azV4I0IKfd6Is83Kd0IwBOrTgT # MYkFdtQE1jgbkXYVZjft6ymLuqJrcLFYwD8C2zdNAXJLk1Y+MCtGafgW6f6SkT6B # FrNaSOqQ9xXiaNStF2FwYdmZ476zcY+eEg2rH1grTwCMewZ9r7m3+H8iat/tR0pt # 9scYAre1oaL33LB6DGZi3JkssNYyj42sutcNao2hQXRHcsh+vv1dLR+Di2mO6Ji5 # MNfvEgCrWWZjNVSwvhwCXdJPqqpyTbkRf8HJEp0gWvjk6VoF8sWidDw/8oMLj+wW # qZur7GNe+piJNvly85aFSL9J3SX7RyNeDzX/yK3b4k+g6I/ZziQaNgQtB9gYcm6w # mj3snCwRbEMEhdhPH0+Chm0Wb97knHJS14Vq9wCe2xh16o3HM5FspboLFkGZMjDV # tRDPFb7pitwdlA== # =FMkl # -----END PGP SIGNATURE----- # gpg: Signature made Fri 03 Mar 2023 08:24:21 GMT # gpg: using RSA key 2B3C3747446843B24A943A7A2E1319F35FBB1889 # gpg: issuer "palmer@dabbelt.com" # gpg: Good signature from "Palmer Dabbelt <palmer@dabbelt.com>" [unknown] # gpg: aka "Palmer Dabbelt <palmerdabbelt@google.com>" [unknown] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 00CE 76D1 8349 60DF CE88 6DF8 EF4C A150 2CCB AB41 # Subkey fingerprint: 2B3C 3747 4468 43B2 4A94 3A7A 2E13 19F3 5FBB 1889 * tag 'pull-riscv-to-apply-20230303' of https://gitlab.com/palmer-dabbelt/qemu: (59 commits) target/riscv/vector_helper.c: avoid env_archcpu() when reading RISCVCPUConfig target/riscv/vector_helper.c: create vext_set_tail_elems_1s() target/riscv/csr.c: avoid env_archcpu() usages when reading RISCVCPUConfig target/riscv/csr.c: use riscv_cpu_cfg() to avoid env_cpu() pointers target/riscv/csr.c: simplify mctr() target/riscv/csr.c: use env_archcpu() in ctr() target/riscv: Export Svadu property target/riscv: Add *envcfg.HADE related check in address translation target/riscv: Add *envcfg.PBMTE related check in address translation target/riscv: Add csr support for svadu target/riscv: Fix the relationship of PBMTE/STCE fields between menvcfg and henvcfg target/riscv: Fix the relationship between menvcfg.PBMTE/STCE and Svpbmt/Sstc extensions hw/riscv: Move the dtb load bits outside of create_fdt() hw/riscv: Skip re-generating DT nodes for a given DTB target/riscv: Add support for Zicond extension RISC-V: XTheadMemPair: Remove register restrictions for store-pair target/riscv: Fix checking of whether instruciton at 'pc_next' spans pages target/riscv: Group all predicate() routines together target/riscv: Drop priv level check in mseccfg predicate() target/riscv: Allow debugger to access sstc CSRs ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-03hw/loongarch/virt: add system_powerdown hmp command supportSong Gao3-0/+14
For loongarch virt machine, add powerdown notification callback and send ACPI_POWER_DOWN_STATUS event by acpi ged. Also add acpi dsdt table for ACPI_POWER_BUTTON_DEVICE device in this patch. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn> Message-Id: <20230303010548.295580-1-gaosong@loongson.cn>
2023-03-03target/loongarch: Implement Chip Configuraiton Version Register(0x0000)Song Gao2-0/+3
According to the 3A5000 manual 4.1 implement Chip Configuration Version Register(0x0000). Signed-off-by: Song Gao <gaosong@loongson.cn> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20230227071046.1445572-1-gaosong@loongson.cn>
2023-03-03docs/system/loongarch: update loongson3.rst and rename it to virt.rstSong Gao1-59/+38
Since the EDK2 had already support LoongArch, update build bios, and update cpu type, cross-tools. Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn> Message-Id: <20230227035905.1290953-1-gaosong@loongson.cn>
2023-03-03loongarch: Add smbios command line option.Song Gao1-1/+1
LoongArch has enabled CONFIG_SMBIOS, but didn't enable CLI '-smbios'. Fixes: 3efa6fa1e629 ("hw/loongarch: Add smbios support") Acked-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Song Gao <gaosong@loongson.cn> Message-Id: <20230227035905.1290953-2-gaosong@loongson.cn>
2023-03-03hw/loongarch/virt: rename PCH_PIC_IRQ_OFFSET with VIRT_GSI_BASEBibo Mao3-13/+14
In theory gsi base can start from 0 on loongarch virt machine, however gsi base is hard-coded in linux kernel loongarch system, else system fails to boot. This patch renames macro PCH_PIC_IRQ_OFFSET with VIRT_GSI_BASE, keeps value unchanged. GSI base is common concept in acpi spec and easy to understand. Signed-off-by: Bibo Mao <maobibo@loongson.cn> Reviewed-by: Song Gao <gaosong@loongson.cn> Message-Id: <20221228030719.991878-1-maobibo@loongson.cn> Signed-off-by: Song Gao <gaosong@loongson.cn>
2023-03-02tests/data/acpi/virt: drop (most) duplicate files.Michael S. Tsirkin14-0/+0
When virt ACPI files were added, lots of duplicates were created because we forgot that there's a no-prefix fallback: e.g. if tests/data/acpi/virt/APIC.memhp is not there then test will use tests/data/acpi/virt/APIC. Drop these. These were found with $find tests/data/acpi/ -type f -exec sha256sum '{}' ';'|sort -d|uniq -w 64 --all-repeated=separate (trick: -d does a dictionary sort so a no-suffix file ends up first). Note: there are still a bunch of issues with duplicates left even after this. First pc and q35 are often identical. Second, sometimes files are identical but not identical to the default fallback, e.g. tests/data/acpi/pc/SLIT.cphp and tests/data/acpi/pc/SLIT.memhp or tests/data/acpi/q35/HMAT.acpihmat-noinitiator and tests/data/acpi/virt/HMAT.acpihmatvirt Finding a way to deduplicate these is still a TODO item - softlinks maybe? We also need to make rebuild-expected-aml.sh smarter about not creating these duplicates in the 1st place. And maybe we should use softlinks instead of relying on a fallback to make it explicit what version does each test expect? Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02hw/cxl/mailbox: Use new UUID network order define for cel_uuidIra Weiny3-9/+8
The cel_uuid was programatically generated previously because there was no static initializer for network order UUIDs. Use the new network order initializer for cel_uuid. Adjust cxl_initialize_mailbox() because it can't fail now. Update specification reference. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Gregory Price <gregory.price@memverge.com> Tested-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-11-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02qemu/uuid: Add UUID static initializerIra Weiny1-0/+12
UUID's are defined as network byte order fields. No static initializer was available for UUID's in their standard big endian format. Define a big endian initializer for UUIDs. Reviewed-by: Gregory Price <gregory.price@memverge.com> Tested-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-10-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02qemu/bswap: Add const_le64()Ira Weiny1-1/+11
Gcc requires constant versions of cpu_to_le* calls. Add a 64 bit version. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Gregory Price <gregory.price@memverge.com> Tested-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-9-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02tests: acpi: Update q35/DSDT.cxl for removed duplicate UIDJonathan Cameron2-1/+0
Dropping the ID effects this table in trivial fashion. Reviewed-by: Gregory Price <gregory.price@memverge.com> Tested-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-8-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02hw/i386/acpi: Drop duplicate _UID entry for CXL root bridgeJonathan Cameron1-1/+0
Noticed as this prevents iASL disasembling the DSDT table. Reviewed-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Gregory Price <gregory.price@memverge.com> Tested-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-7-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02tests/acpi: Allow update of q35/DSDT.cxlJonathan Cameron1-0/+1
Next patch will drop duplicate _UID entry so allow update. Reviewed-by: Gregory Price <gregory.price@memverge.com> Tested-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-6-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02hw/cxl: Add CXL_CAPACITY_MULTIPLIER definitionGregory Price1-6/+9
Remove usage of magic numbers when accessing capacity fields and replace with CXL_CAPACITY_MULTIPLIER, matching the kernel definition. Signed-off-by: Gregory Price <gregory.price@memverge.com> Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-5-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02hw/cxl: set cxl-type3 device type to PCI_CLASS_MEMORY_CXLGregory Price1-2/+1
Current code sets to STORAGE_EXPRESS and then overrides it. Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Reviewed-by: Ira Weiny <ira.weiny@intel.com> Signed-off-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-4-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02hw/pci-bridge/cxl_downstream: Fix type naming mismatchJonathan Cameron1-1/+1
Fix capitalization difference between struct name and typedef. Tested-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Gregory Price <gregory.price@memverge.com> Tested-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-3-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02hw/mem/cxl_type3: Improve error handling in realize()Jonathan Cameron1-2/+10
msix_init_exclusive_bar() can fail, so if it does cleanup the address space. Reviewed-by: Ira Weiny <ira.weiny@intel.com> Reviewed-by: Gregory Price <gregory.price@memverge.com> Tested-by: Gregory Price <gregory.price@memverge.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20230206172816.8201-2-Jonathan.Cameron@huawei.com> Reviewed-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02MAINTAINERS: Add Fan Ni as Compute eXpress Link QEMU reviewerJonathan Cameron1-0/+1
Fan Ni has offered to help out with QEMU CXL emulation reviewing. Add him as a designated reviewer. Thanks to Fan for stepping up after I requested help following Ben stepping down as co-maintainer. Fan base been active in testing and review recently so great to have Fan on board. Based on patch [PATCH] MAINTAINERS: Remove CXL maintainer Ben Widawsky Message-id: <20230220212437.1462314-1-armbru@redhat.com> Message-Id: <20230228113926.11485-1-Jonathan.Cameron@huawei.com> Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Acked-by: Markus Armbruster <armbru@redhat.com> Acked-by: Fan Ni <fan.ni@samsung.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02intel-iommu: send UNMAP notifications for domain or global inv descPeter Xu1-5/+9
We don't send UNMAP notification upon domain or global invalidation which will lead the notifier can't work correctly. One example is to use vhost remote IOTLB without enabling device IOTLB. Fixing this by sending UNMAP notification. Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20230223065924.42503-6-jasowang@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02smmu: switch to use memory_region_unmap_iommu_notifier_range()Jason Wang1-15/+1
Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20230223065924.42503-5-jasowang@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02memory: introduce memory_region_unmap_iommu_notifier_range()Jason Wang2-0/+23
This patch introduces a new helper to unmap the range of a specific IOMMU notifier. Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20230223065924.42503-4-jasowang@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02intel-iommu: fail DEVIOTLB_UNMAP without dt modeJason Wang1-0/+8
Without dt mode, device IOTLB notifier won't work since guest won't send device IOTLB invalidation descriptor in this case. Let's fail early instead of misbehaving silently. Reviewed-by: Laurent Vivier <lvivier@redhat.com> Tested-by: Laurent Vivier <lvivier@redhat.com> Tested-by: Viktor Prutyanov <viktor@daynix.com> Buglink: https://bugzilla.redhat.com/2156876 Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20230223065924.42503-3-jasowang@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02intel-iommu: fail MAP notifier without caching modeJason Wang1-0/+7
Without caching mode, MAP notifier won't work correctly since guest won't send IOTLB update event when it establishes new mappings in the I/O page tables. Let's fail the IOMMU notifiers early instead of misbehaving silently. Reviewed-by: Eric Auger <eric.auger@redhat.com> Tested-by: Viktor Prutyanov <viktor@daynix.com> Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20230223065924.42503-2-jasowang@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02memory: Optimize replay of guest mappingZhenzhong Duan2-3/+3
On x86, there are two notifiers registered due to vtd-ir memory region splitting the whole address space. During replay of the address space for each notifier, the whole address space is scanned which is unnecessory. We only need to scan the space belong to notifier montiored space. Assert when notifier is used to monitor beyond iommu memory region's address space. Signed-off-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Message-Id: <20230215065238.713041-1-zhenzhong.duan@intel.com> Acked-by: Peter Xu <peterx@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02chardev/char-socket: set s->listener = NULL in char_socket_finalizeYajun Wu1-0/+1
After live migration with virtio block device, qemu crash at: #0 0x000055914f46f795 in object_dynamic_cast_assert (obj=0x559151b7b090, typename=0x55914f80fbc4 "qio-channel", file=0x55914f80fb90 "/images/testvfe/sw/qemu.gerrit/include/io/channel.h", line=30, func=0x55914f80fcb8 <__func__.17257> "QIO_CHANNEL") at ../qom/object.c:872 #1 0x000055914f480d68 in QIO_CHANNEL (obj=0x559151b7b090) at /images/testvfe/sw/qemu.gerrit/include/io/channel.h:29 #2 0x000055914f4812f8 in qio_net_listener_set_client_func_full (listener=0x559151b7a720, func=0x55914f580b97 <tcp_chr_accept>, data=0x5591519f4ea0, notify=0x0, context=0x0) at ../io/net-listener.c:166 #3 0x000055914f580059 in tcp_chr_update_read_handler (chr=0x5591519f4ea0) at ../chardev/char-socket.c:637 #4 0x000055914f583dca in qemu_chr_be_update_read_handlers (s=0x5591519f4ea0, context=0x0) at ../chardev/char.c:226 #5 0x000055914f57b7c9 in qemu_chr_fe_set_handlers_full (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false, sync_state=true) at ../chardev/char-fe.c:279 #6 0x000055914f57b86d in qemu_chr_fe_set_handlers (b=0x559152bf23a0, fd_can_read=0x0, fd_read=0x0, fd_event=0x0, be_change=0x0, opaque=0x0, context=0x0, set_open=false) at ../chardev/char-fe.c:304 #7 0x000055914f378caf in vhost_user_async_close (d=0x559152bf21a0, chardev=0x559152bf23a0, vhost=0x559152bf2420, cb=0x55914f2fb8c1 <vhost_user_blk_disconnect>) at ../hw/virtio/vhost-user.c:2725 #8 0x000055914f2fba40 in vhost_user_blk_event (opaque=0x559152bf21a0, event=CHR_EVENT_CLOSED) at ../hw/block/vhost-user-blk.c:395 #9 0x000055914f58388c in chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:61 #10 0x000055914f583905 in qemu_chr_be_event (s=0x5591519f4ea0, event=CHR_EVENT_CLOSED) at ../chardev/char.c:81 #11 0x000055914f581275 in char_socket_finalize (obj=0x5591519f4ea0) at ../chardev/char-socket.c:1083 #12 0x000055914f46f073 in object_deinit (obj=0x5591519f4ea0, type=0x5591519055c0) at ../qom/object.c:680 #13 0x000055914f46f0e5 in object_finalize (data=0x5591519f4ea0) at ../qom/object.c:694 #14 0x000055914f46ff06 in object_unref (objptr=0x5591519f4ea0) at ../qom/object.c:1202 #15 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b76c50, name=0x559151b7b250 "char3", opaque=0x5591519f4ea0) at ../qom/object.c:1747 #16 0x000055914f46ee86 in object_property_del_all (obj=0x559151b76c50) at ../qom/object.c:632 #17 0x000055914f46f0d2 in object_finalize (data=0x559151b76c50) at ../qom/object.c:693 #18 0x000055914f46ff06 in object_unref (objptr=0x559151b76c50) at ../qom/object.c:1202 #19 0x000055914f4715a4 in object_finalize_child_property (obj=0x559151b6b560, name=0x559151b76630 "chardevs", opaque=0x559151b76c50) at ../qom/object.c:1747 #20 0x000055914f46ef67 in object_property_del_child (obj=0x559151b6b560, child=0x559151b76c50) at ../qom/object.c:654 #21 0x000055914f46f042 in object_unparent (obj=0x559151b76c50) at ../qom/object.c:673 #22 0x000055914f58632a in qemu_chr_cleanup () at ../chardev/char.c:1189 #23 0x000055914f16c66c in qemu_cleanup () at ../softmmu/runstate.c:830 #24 0x000055914eee7b9e in qemu_default_main () at ../softmmu/main.c:38 #25 0x000055914eee7bcc in main (argc=86, argv=0x7ffc97cb8d88) at ../softmmu/main.c:48 In char_socket_finalize after s->listener freed, event callback function vhost_user_blk_event will be called to handle CHR_EVENT_CLOSED. vhost_user_blk_event is calling qio_net_listener_set_client_func_full which is still using s->listener. Setting s->listener = NULL after object_unref(OBJECT(s->listener)) can solve this issue. Signed-off-by: Yajun Wu <yajunw@nvidia.com> Acked-by: Jiri Pirko <jiri@nvidia.com> Message-Id: <20230214021430.3638579-1-yajunw@nvidia.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02hw/pci: Trace IRQ routing on PCI topologyPhilippe Mathieu-Daudé2-0/+9
Trace how IRQ are rooted from EP to RC. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20230211152239.88106-3-philmd@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02libvhost-user: check for NULL when allocating a virtqueue elementCarlos López1-0/+7
Check the return value for malloc(), avoiding a NULL pointer dereference, and propagate error in function callers. Found with GCC 13 and -fanalyzer: ../subprojects/libvhost-user/libvhost-user.c: In function ‘virtqueue_alloc_element’: ../subprojects/libvhost-user/libvhost-user.c:2556:19: error: dereference of possibly-NULL ‘elem’ [CWE-690] [-Werror=analyzer-possible-null-dereference] 2556 | elem->out_num = out_num; | ~~~~~~~~~~~~~~^~~~~~~~~ ‘virtqueue_alloc_element’: event 1 | | 2554 | assert(sz >= sizeof(VuVirtqElement)); | | ^~~~~~ | | | | | (1) following ‘true’ branch (when ‘sz > 31’)... | ‘virtqueue_alloc_element’: events 2-4 | | 2555 | elem = malloc(out_sg_end); | | ^~~~ ~~~~~~~~~~~~~~~~~~ | | | | | | | (3) this call could return NULL | | (2) ...to here | 2556 | elem->out_num = out_num; | | ~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (4) ‘elem’ could be NULL: unchecked value from (3) | Signed-off-by: Carlos López <clopez@suse.de> Message-Id: <20230210112514.16858-1-clopez@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02vhost: avoid a potential use of an uninitialized variable in vhost_svq_poll()Carlos López1-1/+1
In vhost_svq_poll(), if vhost_svq_get_buf() fails due to a device providing invalid descriptors, len is left uninitialized and returned to the caller, potentally leaking stack data or causing undefined behavior. Fix this by initializing len to 0. Found with GCC 13 and -fanalyzer (abridged): ../hw/virtio/vhost-shadow-virtqueue.c: In function ‘vhost_svq_poll’: ../hw/virtio/vhost-shadow-virtqueue.c:538:12: warning: use of uninitialized value ‘len’ [CWE-457] [-Wanalyzer-use-of-uninitialized-value] 538 | return len; | ^~~ ‘vhost_svq_poll’: events 1-4 | | 522 | size_t vhost_svq_poll(VhostShadowVirtqueue *svq) | | ^~~~~~~~~~~~~~ | | | | | (1) entry to ‘vhost_svq_poll’ |...... | 525 | uint32_t len; | | ~~~ | | | | | (2) region created on stack here | | (3) capacity: 4 bytes |...... | 528 | if (vhost_svq_more_used(svq)) { | | ~ | | | | | (4) inlined call to ‘vhost_svq_more_used’ from ‘vhost_svq_poll’ (...) | 528 | if (vhost_svq_more_used(svq)) { | | ^~~~~~~~~~~~~~~~~~~~~~~~~ | | || | | |(8) ...to here | | (7) following ‘true’ branch... |...... | 537 | vhost_svq_get_buf(svq, &len); | | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (9) calling ‘vhost_svq_get_buf’ from ‘vhost_svq_poll’ | +--> ‘vhost_svq_get_buf’: events 10-11 | | 416 | static VirtQueueElement *vhost_svq_get_buf(VhostShadowVirtqueue *svq, | | ^~~~~~~~~~~~~~~~~ | | | | | (10) entry to ‘vhost_svq_get_buf’ |...... | 423 | if (!vhost_svq_more_used(svq)) { | | ~ | | | | | (11) inlined call to ‘vhost_svq_more_used’ from ‘vhost_svq_get_buf’ | (...) | ‘vhost_svq_get_buf’: event 14 | | 423 | if (!vhost_svq_more_used(svq)) { | | ^ | | | | | (14) following ‘false’ branch... | ‘vhost_svq_get_buf’: event 15 | |cc1: | (15): ...to here | <------+ | ‘vhost_svq_poll’: events 16-17 | | 537 | vhost_svq_get_buf(svq, &len); | | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~ | | | | | (16) returning to ‘vhost_svq_poll’ from ‘vhost_svq_get_buf’ | 538 | return len; | | ~~~ | | | | | (17) use of uninitialized value ‘len’ here Note by Laurent Vivier <lvivier@redhat.com>: The return value is only used to detect an error: vhost_svq_poll vhost_vdpa_net_cvq_add vhost_vdpa_net_load_cmd vhost_vdpa_net_load_mac -> a negative return is only used to detect error vhost_vdpa_net_load_mq -> a negative return is only used to detect error vhost_vdpa_net_handle_ctrl_avail -> a negative return is only used to detect error Fixes: d368c0b052ad ("vhost: Do not depend on !NULL VirtQueueElement on vhost_svq_flush") Signed-off-by: Carlos López <clopez@suse.de> Message-Id: <20230213085747.19956-1-clopez@suse.de> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02pcie: set power indicator to off on reset by defaultVladimir Sementsov-Ogievskiy1-0/+1
It should not be zero, the only valid values are ON, OFF and BLINK. Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Anton Kuchin <antonkuchin@yandex-team.ru> Message-Id: <20230216180356.156832-13-vsementsov@yandex-team.ru> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2023-03-02Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingPeter Maydell82-223/+13477
* bugfixes * show machine ACPI support in QAPI * Core Xen emulation support for KVM/x86 # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmQAlrYUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroONWwf/fxDUMcZUvvatNxiVMhNfqEt/cL0F # Durv1PmbbeVh9PP0W7XFkEXO3LCIRDyR4rtmCs7gHGdmzDOWQ+QIWgQijQ/y7ElQ # bTVsvs0+s/6H3csP3dJTJaXSHshbQvrAZTsyk5KcAB6xdL1KqulfLUoGvXJhAmRs # NKZN8un+nuAhFhL0VBWA9eQaP+BVHQI5ItAj8PaoBby4+Q9fNnat6j1/G4iLly8J # dxIwCnuRHLiB3melWtadwbv6ddLJFeZNa50HUIsynqoItTzmRVr+oXz1yfq087dB # 9uksmoqb+icGEdwqs0iYbQ/dhVnIrMDpn/n2Us28S5VdIMVvxr1JEbEkSQ== # =0jY8 # -----END PGP SIGNATURE----- # gpg: Signature made Thu 02 Mar 2023 12:29:42 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (62 commits) Makefile: qemu-bundle is a directory qapi: Add 'acpi' field to 'query-machines' output hw/xen: Subsume xen_be_register_common() into xen_be_init() i386/xen: Document Xen HVM emulation kvm/i386: Add xen-evtchn-max-pirq property hw/xen: Support MSI mapping to PIRQ hw/xen: Support GSI mapping to PIRQ hw/xen: Implement emulated PIRQ hypercall support i386/xen: Implement HYPERVISOR_physdev_op hw/xen: Automatically add xen-platform PCI device for emulated Xen guests hw/xen: Add basic ring handling to xenstore hw/xen: Add xen_xenstore device for xenstore emulation hw/xen: Add backend implementation of interdomain event channel support i386/xen: handle HVMOP_get_param i386/xen: Reserve Xen special pages for console, xenstore rings i386/xen: handle PV timer hypercalls hw/xen: Implement GNTTABOP_query_size i386/xen: Implement HYPERVISOR_grant_table_op and GNTTABOP_[gs]et_verson hw/xen: Support mapping grant frames hw/xen: Add xen_gnttab device for grant table emulation ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2023-03-02Fix exec migration on Windows (w32+w64).John Berberian, Jr1-0/+24
* Use cmd instead of /bin/sh on Windows. * Try to auto-detect cmd.exe's path, but default to a hard-coded path. Note that this will require that gspawn-win[32|64]-helper.exe and gspawn-win[32|64]-helper-console.exe are included in the Windows binary distributions (cc: Stefan Weil). Signed-off-by: "John Berberian, Jr" <jeb.study@gmail.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>