aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2021-12-15Move the libssh setup from configure to meson.buildThomas Huth4-31/+14
It's easier to do this in meson.build now. Message-Id: <20211209144801.148388-1-thuth@redhat.com> Acked-by: Richard W.M. Jones <rjones@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15tests/qtest: Add a function to check whether a machine is availableThomas Huth5-7/+37
It is nowadays possible to build QEMU with a reduced set of machines in each binary. However, the qtests still hard-code the expected machines and fail if the binary does not feature the required machine. Let's get a little bit more flexible here: Add a function that can be used to query whether a certain machine is available or not, and use it in some tests as an example (more work has to be done in other tests which will follow later). Message-Id: <20211201104347.51922-5-thuth@redhat.com> Acked-by: John Snow <jsnow@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15tests/qtest: Add a function that gets a list with available machine typesThomas Huth1-11/+53
For the upcoming patches, we will need a way to gets a list with all available machine types. Refactor the qtest_cb_for_every_machine() to split the related code out into a separate new function, and gather the aliases of the various machine types, too. Message-Id: <20211201104347.51922-4-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15tests/qtest: Fence the tests that need xlnx-zcu102 with CONFIG_XLNX_ZYNQMP_ARMThomas Huth1-2/+1
The 'xlnx-can-test' and the 'fuzz-xlnx-dp-test' need the "xlnx-zcu102" machine and thus should only be built and run if CONFIG_XLNX_ZYNQMP_ARM is enabled. Message-Id: <20211201104347.51922-3-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15tests/qtest: Run the PPC 32-bit tests with the 64-bit target binary, tooThomas Huth1-0/+1
The ppc64 target is a superset of the 32-bit target, so we should include the tests here, too. This used to be done in the past already, but it got lost during the conversion to meson. Fixes: a2ce7dbd91 ("meson: convert tests/qtest to meson") Message-Id: <20211201104347.51922-2-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15tests/libqtest: add a migration test with two couples of failover devicesLaurent Vivier1-0/+282
Signed-off-by: Laurent Vivier <lvivier@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20211208130350.10178-5-lvivier@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15tests/libqtest: add some virtio-net failover migration cancelling testsLaurent Vivier1-0/+282
Add some tests to check the state of the machine if the migration is cancelled while we are using virtio-net failover. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20211208130350.10178-4-lvivier@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15tests/qtest: add some tests for virtio-net failoverLaurent Vivier2-0/+792
Add test cases to test several error cases that must be generated by invalid failover configuration. Add a combination of coldplug and hotplug test cases to be sure the primary is correctly managed according the presence or not of the STANDBY feature. Signed-off-by: Laurent Vivier <lvivier@redhat.com> Message-Id: <20211208130350.10178-3-lvivier@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-15qtest/libqos: add a function to initialize secondary PCI busesLaurent Vivier3-0/+128
Scan the PCI devices to find bridge and set PCI_SECONDARY_BUS and PCI_SUBORDINATE_BUS (algorithm from seabios) Signed-off-by: Laurent Vivier <lvivier@redhat.com> Acked-by: Thomas Huth <thuth@redhat.com> Message-Id: <20211208130350.10178-2-lvivier@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-12-14Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into stagingRichard Henderson1-2/+3
Pull request An infinite loop fix for the userspace NVMe driver. # gpg: Signature made Thu 09 Dec 2021 07:21:08 AM PST # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] * tag 'block-pull-request' of https://gitlab.com/stefanha/qemu: block/nvme: fix infinite loop in nvme_free_req_queue_cb() Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-14Open 6.3 development treeRichard Henderson1-1/+1
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-14Update version for v6.2.0 releasev6.2.0Richard Henderson1-1/+1
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-09block/nvme: fix infinite loop in nvme_free_req_queue_cb()Stefan Hajnoczi1-2/+3
When the request free list is exhausted the coroutine waits on q->free_req_queue for the next free request. Whenever a request is completed a BH is scheduled to invoke nvme_free_req_queue_cb() and wake up waiting coroutines. 1. nvme_get_free_req() waits for a free request: while (q->free_req_head == -1) { ... trace_nvme_free_req_queue_wait(q->s, q->index); qemu_co_queue_wait(&q->free_req_queue, &q->lock); ... } 2. nvme_free_req_queue_cb() wakes up the coroutine: while (qemu_co_enter_next(&q->free_req_queue, &q->lock)) { ^--- infinite loop when free_req_head == -1 } nvme_free_req_queue_cb() and the coroutine form an infinite loop when q->free_req_head == -1. Fix this by checking q->free_req_head in nvme_free_req_queue_cb(). If the free request list is exhausted, don't wake waiting coroutines. Eventually an in-flight request will complete and the BH will be scheduled again, guaranteeing forward progress. Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20211208152246.244585-1-stefanha@redhat.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-07Update version for v6.2.0-rc4 releasev6.2.0-rc4Richard Henderson1-1/+1
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-07Merge tag 'pull-target-arm-20211207' of ↵Richard Henderson1-1/+2
https://git.linaro.org/people/pmaydell/qemu-arm into staging target-arm queue: * Fix calculation of ICH_MISR_EL2.LRENP to avoid incorrect generation of maintenance interrupts # gpg: Signature made Tue 07 Dec 2021 09:18:50 AM PST # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full] * tag 'pull-target-arm-20211207' of https://git.linaro.org/people/pmaydell/qemu-arm: gicv3: fix ICH_MISR's LRENP computation Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-07gicv3: fix ICH_MISR's LRENP computationDamien Hedde1-1/+2
According to the "Arm Generic Interrupt Controller Architecture Specification GIC architecture version 3 and 4" (version G: page 345 for aarch64 or 509 for aarch32): LRENP bit of ICH_MISR is set when ICH_HCR.LRENPIE==1 and ICH_HCR.EOIcount is non-zero. When only LRENPIE was set (and EOI count was zero), the LRENP bit was wrongly set and MISR value was wrong. As an additional consequence, if an hypervisor set ICH_HCR.LRENPIE, the maintenance interrupt was constantly fired. It happens since patch 9cee1efe92 ("hw/intc: Set GIC maintenance interrupt level to only 0 or 1") which fixed another bug about maintenance interrupt (most significant bits of misr, including this one, were ignored in the interrupt trigger). Fixes: 83f036fe3d ("hw/intc/arm_gicv3: Add accessors for ICH_ system registers") Signed-off-by: Damien Hedde <damien.hedde@greensocs.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20211207094427.3473-1-damien.hedde@greensocs.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-12-07Merge tag 'pull-tcg-20211207' of https://gitlab.com/rth7680/qemu into stagingRichard Henderson2-5/+16
Fix stack spills for arm neon. # gpg: Signature made Tue 07 Dec 2021 06:33:57 AM PST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [ultimate] * tag 'pull-tcg-20211207' of https://gitlab.com/rth7680/qemu: tcg/arm: Reduce vector alignment requirement for NEON Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-07tcg/arm: Reduce vector alignment requirement for NEONRichard Henderson2-5/+16
With arm32, the ABI gives us 8-byte alignment for the stack. While it's possible to realign the stack to provide 16-byte alignment, it's far easier to simply not encode 16-byte alignment in the VLD1 and VST1 instructions that we emit. Remove the assertion in temp_allocate_frame, limit natural alignment to the provided stack alignment, and add a comment. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1999878 Reported-by: Richard W.M. Jones <rjones@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20210912174925.200132-1-richard.henderson@linaro.org> Message-Id: <20211206191335.230683-2-richard.henderson@linaro.org>
2021-12-06Merge tag 'block-pull-request' of https://gitlab.com/stefanha/qemu into stagingRichard Henderson1-1/+1
Pull request # gpg: Signature made Mon 06 Dec 2021 07:27:19 AM PST # gpg: using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8 # gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full] # gpg: aka "Stefan Hajnoczi <stefanha@gmail.com>" [full] * tag 'block-pull-request' of https://gitlab.com/stefanha/qemu: virtio-blk: Fix clean up of host notifiers for single MR transaction. Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-06Merge tag 'mips-20211206' of https://github.com/philmd/qemu into stagingRichard Henderson3-13/+8
MIPS fixes - Do not emit SD instruction on 32-bit CPU (Jiaxun Yang) - Correctly catch load_elf() errors on Boston board (Jiaxun Yang) - Revert bogus CLI fix for ISA VGA devices (Alex Bennée) # gpg: Signature made Mon 06 Dec 2021 03:03:24 AM PST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] * tag 'mips-20211206' of https://github.com/philmd/qemu: Revert "vga: don't abort when adding a duplicate isa-vga device" hw/mips/boston: Fix load_elf() error detection hw/mips/bootloader: Fix write_ulong() Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-06virtio-blk: Fix clean up of host notifiers for single MR transaction.Mark Mielke1-1/+1
The code that introduced "virtio-blk: Configure all host notifiers in a single MR transaction" introduced a second loop variable to perform cleanup in second loop, but mistakenly still refers to the first loop variable within the second loop body. Fixes: d0267da61489 ("virtio-blk: Configure all host notifiers in a single MR transaction") Signed-off-by: Mark Mielke <mark.mielke@gmail.com> Message-id: CALm7yL08qarOu0dnQkTN+pa=BSRC92g31YpQQNDeAiT4yLZWQQ@mail.gmail.com Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
2021-12-06Revert "vga: don't abort when adding a duplicate isa-vga device"Alex Bennée1-10/+0
This reverts commit 7852a77f598635a67a222b6c1463c8b46098aed2. The check is bogus as it ends up finding itself and falling over. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/733 Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211206095209.2332376-1-alex.bennee@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06hw/mips/boston: Fix load_elf() error detectionJiaxun Yang1-2/+3
load_elf() gives negative return in case of error, not zero. Fixes: 10e3f30ff73 ("hw/mips/boston: Allow loading elf kernel and dtb") Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211130211729.7116-3-jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-06hw/mips/bootloader: Fix write_ulong()Jiaxun Yang1-1/+5
bl_gen_write_ulong uses sd for both 32 and 64 bit CPU, while sd is illegal on 32 bit CPUs. Replace sd with sw on 32bit CPUs. Fixes: 3ebbf86128f ("hw/mips: Add a bootloader helper") Signed-off-by: Jiaxun Yang <jiaxun.yang@flygoat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211130211729.7116-2-jiaxun.yang@flygoat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2021-12-03Merge tag 'seabios-20211203-pull-request' of git://git.kraxel.org/qemu into ↵Richard Henderson13-0/+0
staging seabios: update from snapshot to final 1.15.0 release (no code changes). # gpg: Signature made Fri 03 Dec 2021 12:55:34 AM PST # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] * tag 'seabios-20211203-pull-request' of git://git.kraxel.org/qemu: seabios: update binaries to 1.15.0 seabios: update submodule to 1.15.0 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-03seabios: update binaries to 1.15.0Gerd Hoffmann12-0/+0
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-03seabios: update submodule to 1.15.0Gerd Hoffmann1-0/+0
Update seabios to the final release. No code changes compared to the snapshot merged a few weeks ago. shortlog 64f37cc530f1..rel-1.15.0 --------------------------------- Kevin O'Connor (1): docs: Note v1.15.0 release Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2021-12-02Merge tag 'ide-pull-request' of https://gitlab.com/jsnow/qemu into stagingRichard Henderson2-3/+58
Pull request # gpg: Signature made Wed 01 Dec 2021 10:17:38 PM PST # gpg: using RSA key F9B7ABDBBCACDF95BE76CBD07DEF8106AAFC390E # gpg: Good signature from "John Snow (John Huston) <jsnow@redhat.com>" [full] * tag 'ide-pull-request' of https://gitlab.com/jsnow/qemu: tests/qtest/fdc-test: Add a regression test for CVE-2021-20196 hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196 hw/block/fdc: Extract blk_create_empty_drive() Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-02tests/qtest/fdc-test: Add a regression test for CVE-2021-20196Philippe Mathieu-Daudé1-0/+38
Without the previous commit, when running 'make check-qtest-i386' with QEMU configured with '--enable-sanitizers' we get: AddressSanitizer:DEADLYSIGNAL ================================================================= ==287878==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000344 ==287878==The signal is caused by a WRITE memory access. ==287878==Hint: address points to the zero page. #0 0x564b2e5bac27 in blk_inc_in_flight block/block-backend.c:1346:5 #1 0x564b2e5bb228 in blk_pwritev_part block/block-backend.c:1317:5 #2 0x564b2e5bcd57 in blk_pwrite block/block-backend.c:1498:11 #3 0x564b2ca1cdd3 in fdctrl_write_data hw/block/fdc.c:2221:17 #4 0x564b2ca1b2f7 in fdctrl_write hw/block/fdc.c:829:9 #5 0x564b2dc49503 in portio_write softmmu/ioport.c:201:9 Add the reproducer for CVE-2021-20196. Suggested-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20211124161536.631563-4-philmd@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-02hw/block/fdc: Kludge missing floppy drive to fix CVE-2021-20196Philippe Mathieu-Daudé1-1/+13
Guest might select another drive on the bus by setting the DRIVE_SEL bit of the DIGITAL OUTPUT REGISTER (DOR). The current controller model doesn't expect a BlockBackend to be NULL. A simple way to fix CVE-2021-20196 is to create an empty BlockBackend when it is missing. All further accesses will be safely handled, and the controller state machines keep behaving correctly. Cc: qemu-stable@nongnu.org Fixes: CVE-2021-20196 Reported-by: Gaoning Pan (Ant Security Light-Year Lab) <pgn@zju.edu.cn> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20211124161536.631563-3-philmd@redhat.com BugLink: https://bugs.launchpad.net/qemu/+bug/1912780 Resolves: https://gitlab.com/qemu-project/qemu/-/issues/338 Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Reviewed-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-02hw/block/fdc: Extract blk_create_empty_drive()Philippe Mathieu-Daudé1-2/+7
We are going to re-use this code in the next commit, so extract it as a new blk_create_empty_drive() function. Inspired-by: Hanna Reitz <hreitz@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-id: 20211124161536.631563-2-philmd@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2021-12-01Update version for v6.2.0-rc3 releasev6.2.0-rc3Richard Henderson1-1/+1
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-12-01MAINTAINERS: Change my email addressEduardo Habkost1-6/+6
The ehabkost@redhat.com email address will stop working on 2021-12-01, change it to my personal email address. Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20211129163053.2506734-1-ehabkost@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com> Message-Id: <20211130204722.2732997-2-ehabkost@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29Merge tag 'pull-ppc-20211129' of https://github.com/legoater/qemu into stagingRichard Henderson4-7/+12
ppc 6.2 queue: * Hash64 MMU fix for FreeBSD installer # gpg: Signature made Mon 29 Nov 2021 09:49:54 PM CET # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * tag 'pull-ppc-20211129' of https://github.com/legoater/qemu: target/ppc: fix Hash64 MMU update of PTE bit R Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29target/ppc: fix Hash64 MMU update of PTE bit RLeandro Lupori4-7/+12
When updating the R bit of a PTE, the Hash64 MMU was using a wrong byte offset, causing the first byte of the adjacent PTE to be corrupted. This caused a panic when booting FreeBSD, using the Hash MMU. Fixes: a2dd4e83e76b ("ppc/hash64: Rework R and C bit updates") Signed-off-by: Leandro Lupori <leandro.lupori@eldorado.org.br> Signed-off-by: Cédric Le Goater <clg@kaod.org>
2021-11-29Merge tag 'pull-for-6.2-291121-1' of https://github.com/stsquad/qemu into ↵Richard Henderson10-19/+46
staging TCG, plugin and build fixes: - introduce CF_NOIRQ to avoid watchpoint race - fix avocado plugin test - fix linker issue with weird paths - band-aid for gdbstub race - updates for MAINTAINERS - fix some compiler warning in example plugin # gpg: Signature made Mon 29 Nov 2021 04:16:22 PM CET # gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full] * tag 'pull-for-6.2-291121-1' of https://github.com/stsquad/qemu: tests/plugin/syscall.c: fix compiler warnings MAINTAINERS: Add section for Aarch64 GitLab custom runner MAINTAINERS: Remove me as a reviewer for the build and test/avocado gdbstub: handle a potentially racing TaskState plugins/meson.build: fix linker issue with weird paths tests/avocado: fix tcg_plugin mem access count test accel/tcg: suppress IRQ check for special TBs accel/tcg: introduce CF_NOIRQ Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29Merge tag 'linux-user-for-6.2-pull-request' of git://github.com/vivier/qemu ↵Richard Henderson4-0/+16
into staging linux-user pull request 20211129 Fix losetup # gpg: Signature made Mon 29 Nov 2021 03:04:30 PM CET # gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C # gpg: issuer "laurent@vivier.eu" # gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full] # gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full] # gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full] * tag 'linux-user-for-6.2-pull-request' of git://github.com/vivier/qemu: linux-user: implement more loop ioctls Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29tests/plugin/syscall.c: fix compiler warningsJuro Bystricky1-5/+3
Fix compiler warnings. The warnings can result in a broken build. This patch fixes warnings such as: In file included from /usr/include/glib-2.0/glib.h:111, from ../tests/plugin/syscall.c:13: ../tests/plugin/syscall.c: In function ‘print_entry’: /usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: ‘out’ may be used uninitialized in this function [-Werror=maybe-uninitialized] g_free (*pp); ^~~~~~~~~~~~ ../tests/plugin/syscall.c:82:23: note: ‘out’ was declared here g_autofree gchar *out; ^~~ In file included from /usr/include/glib-2.0/glib.h:111, from ../tests/plugin/syscall.c:13: ../tests/plugin/syscall.c: In function ‘vcpu_syscall_ret’: /usr/include/glib-2.0/glib/glib-autocleanups.h:28:3: error: ‘out’ may be used uninitialized in this function [-Werror=maybe-uninitialized] g_free (*pp); ^~~~~~~~~~~~ ../tests/plugin/syscall.c:73:27: note: ‘out’ was declared here g_autofree gchar *out; ^~~ cc1: all warnings being treated as errors Signed-off-by: Juro Bystricky <juro.bystricky@intel.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20211128011551.2115468-1-juro.bystricky@intel.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211129140932.4115115-9-alex.bennee@linaro.org>
2021-11-29MAINTAINERS: Add section for Aarch64 GitLab custom runnerPhilippe Mathieu-Daudé1-0/+6
Add a MAINTAINERS section to cover the GitLab YAML config file containing the jobs run on the custom runner sponsored by the Works On Arm project [*]. [*] https://developer.arm.com/solutions/infrastructure/works-on-arm Suggested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20211116163226.2719320-1-f4bug@amsat.org> Message-Id: <20211129140932.4115115-8-alex.bennee@linaro.org>
2021-11-29MAINTAINERS: Remove me as a reviewer for the build and test/avocadoWillian Rampazzo1-2/+2
Remove me as a reviewer for the Build and test automation and the Integration Testing with the Avocado Framework and add Beraldo Leal. Signed-off-by: Willian Rampazzo <willianr@redhat.com> Reviewed-by: Beraldo Leal <bleal@redhat.com> Message-Id: <20211122191124.31620-1-willianr@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20211129140932.4115115-7-alex.bennee@linaro.org>
2021-11-29gdbstub: handle a potentially racing TaskStateAlex Bennée1-1/+1
When dealing with multi-threaded userspace programs there is a race condition with the addition of cpu->opaque (aka TaskState). This is due to cpu_copy calling cpu_create which updates the global vCPU list. However the task state isn't set until later. This shouldn't be a problem because the new thread can't have executed anything yet but the gdbstub code does liberally iterate through the CPU list in various places. This sticking plaster ensure the not yet fully realized vCPU is given an pid of -1 which should be enough to ensure it doesn't show up anywhere else. In the longer term I think the code that manages the association between vCPUs and attached GDB processes could do with a clean-up and re-factor. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Cc: Richard Henderson <richard.henderson@linaro.org> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/730 Message-Id: <20211129140932.4115115-6-alex.bennee@linaro.org>
2021-11-29plugins/meson.build: fix linker issue with weird pathsAlex Bennée1-2/+2
Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Tested-by: Stefan Weil <sw@weilnetz.de> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/712 Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211129140932.4115115-5-alex.bennee@linaro.org>
2021-11-29tests/avocado: fix tcg_plugin mem access count testAlex Bennée1-1/+1
When we cleaned up argument handling the test was missed. Fixes: 5ae589faad ("tests/plugins/mem: introduce "track" arg and make args not positional") Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <20211129140932.4115115-4-alex.bennee@linaro.org>
2021-11-29accel/tcg: suppress IRQ check for special TBsAlex Bennée3-4/+13
When we set cpu->cflags_next_tb it is because we want to carefully control the execution of the next TB. Currently there is a race that causes the second stage of watchpoint handling to get ignored if an IRQ is processed before we finish executing the instruction that triggers the watchpoint. Use the new CF_NOIRQ facility to avoid the race. We also suppress IRQs when handling precise self modifying code to avoid unnecessary bouncing. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Cc: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru> Fixes: https://gitlab.com/qemu-project/qemu/-/issues/245 Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211129140932.4115115-3-alex.bennee@linaro.org>
2021-11-29accel/tcg: introduce CF_NOIRQAlex Bennée2-4/+18
Here we introduce a new compiler flag to disable the checking of exit request (icount_decr.u32). This is useful when we want to ensure the next block cannot be preempted by an asynchronous event. Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20211129140932.4115115-2-alex.bennee@linaro.org>
2021-11-29Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu ↵Richard Henderson7-10/+65
into staging virtio,pci,pc: bugfixes Lots of small fixes all over the place. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 29 Nov 2021 02:50:06 PM CET # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] * tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu: Fix bad overflow check in hw/pci/pcie.c intel-iommu: ignore leaf SNP bit in scalable mode virtio-balloon: correct used length virtio-balloon: process all in sgs for free_page_vq vdpa: Add dummy receive callback failover: fix unplug pending detection virtio-mmio : fix the crash in the vm shutdown Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2021-11-29linux-user: implement more loop ioctlsAndreas Schwab4-0/+16
LOOP_CONFIGURE is now used by losetup, and it cannot cope with ENOSYS. Signed-off-by: Andreas Schwab <schwab@suse.de> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <mvmtug4mbfx.fsf_-_@suse.de> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
2021-11-29Fix bad overflow check in hw/pci/pcie.cDaniella Lee1-2/+2
Orginal qemu commit hash:14d02cfbe4adaeebe7cb833a8cc71191352cf03b In function pcie_add_capability, an assert contains the "offset < offset + size" expression. Both variable offset and variable size are uint16_t, the comparison is always true due to type promotion. The next expression may be the same. It might be like this: Thread 1 "qemu-system-x86" hit Breakpoint 1, pcie_add_capability ( dev=0x555557ce5f10, cap_id=1, cap_ver=2 '\002', offset=256, size=72) at ../hw/pci/pcie.c:930 930 { (gdb) n 931 assert(offset >= PCI_CONFIG_SPACE_SIZE); (gdb) n 932 assert(offset < offset + size); (gdb) p offset $1 = 256 (gdb) p offset < offset + size $2 = 1 (gdb) set offset=65533 (gdb) p offset < offset + size $3 = 1 (gdb) p offset < (uint16_t)(offset + size) $4 = 0 Signed-off-by: Daniella Lee <daniellalee111@gmail.com> Message-Id: <20211126061324.47331-1-daniellalee111@gmail.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-11-29intel-iommu: ignore leaf SNP bit in scalable modeJason Wang2-0/+8
When booting with scalable mode, I hit this error: qemu-system-x86_64: vtd_iova_to_slpte: detected splte reserve non-zero iova=0xfffff002, level=0x1slpte=0x102681803) qemu-system-x86_64: vtd_iommu_translate: detected translation failure (dev=01:00:00, iova=0xfffff002) qemu-system-x86_64: New fault is not recorded due to compression of faults This is because the SNP bit is set for second level page table since Linux kernel commit 6c00612d0cba1 ("iommu/vt-d: Report right snoop capability when using FL for IOVA") even if SC is not supported by the hardware. To unbreak the guest, ignore the leaf SNP bit for scalable mode first. In the future we may consider to add SC support. Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20211129033618.3857-1-jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com>
2021-11-29virtio-balloon: correct used lengthJason Wang1-3/+3
Spec said: "and len the total of bytes written into the buffer." For inflateq, deflateq and statsq, we don't process in_sg so the used length should be zero. For free_page_vq, tough the pages could be changed by the device (in the destination), spec said: "Note: len is particularly useful for drivers using untrusted buffers: if a driver does not know exactly how much has been written by the device, the driver would have to zero the buffer in advance to ensure no data leakage occurs." So 0 should be used as well here. Signed-off-by: Jason Wang <jasowang@redhat.com> Message-Id: <20211129030841.3611-2-jasowang@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: David Hildenbrand <david@redhat.com>