| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
If there is no audiodev do not send the audio ack in response to
VNC_ENCODING_AUDIO, so that clients aren't told audio exists, and
immediately drop the client if they try to send any audio control messages
when audio is not advertised.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
tls-cipher-suites is an object that is used to inject TLS configuration
into the guest (via fw_cfg). It is never used for host-side TLS
operation, and therefore it need not be available in the tools.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Otherwise when a FORMAT UNIT command is issued, the SCSI layer can become
confused because it can find itself in the situation where it thinks there
is still data to be transferred which can cause the next emulated SCSI
command to fail.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Fixes: 6ab71761 ("scsi-disk: add FORMAT UNIT command")
Tested-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230913204410.65650-4-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
In the case where a SCSI layer transfer is incorrectly terminated, it is
possible for a TI command to cause a SCSI buffer overflow due to the
expected transfer data length being less than the available data in the
FIFO. When this occurs the unsigned async_len variable underflows and
becomes a large offset which writes past the end of the allocated SCSI
buffer.
Restrict the non-DMA transfer length to be the smallest of the expected
transfer length and the available FIFO data to ensure that it is no longer
possible for the SCSI buffer overflow to occur.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1810
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230913204410.65650-3-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The call to esp_dma_enable() was being made with the SYSBUS_ESP type instead of
the ESP type. This meant that when GPIO 1 was being used to trigger a DMA
request from an external DMA controller, the setting of ESPState's dma_enabled
field would clobber unknown memory whilst the dma_cb callback pointer would
typically return NULL so the DMA request would never start.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230913204410.65650-2-mark.cave-ayland@ilande.co.uk>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Add back test-plugins and, after making sure it is always defined,
do so unconditionally.
Reported-by: Alex Bennée <alex.bennee@linaro.org>
Fixes: 2c13c574418 ("configure, meson: move --enable-plugins to meson", 2023-09-07)
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
These are either built because they are dependencies of other targets,
or not needed at all because they are used via extract_objects().
Mark them as "build_by_default: false"; if applicable, mark them
as "fa" so that -Wl,--whole-archive does not interact with the
linker script used for fuzzing.
(The "fa" hack is brittle; updating to Meson 1.1 would allow using
declare_dependency(objects: ...) instead).
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1044
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
A new enough libfdt is included in all of Debian 11, Ubuntu 20.04
and MSYS2. It has also been included for several minor releases
in Fedora and openSUSE Leap, as well as in CentOS. Therefore
there is no need anymore to ship the sources together with the QEMU
tarballs.
Keep the wrap file so that it can be used with --enable-download,
but do not ship the sources anymore with either archive-source.sh
or make-release.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The property was only used on QEMU 1.6 machine types.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
This code is not needed anymore in the supported machine types.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
A register access error typically means something seriously wrong
happened so that anything bad can happen after that and recovery is
impossible.
Even failing one register access is catastorophic as
architecture-specific code are not written so that it torelates such
failures.
Make sure the VM stop and nothing worse happens if such an error occurs.
Signed-off-by: Akihiko Odaki <akihiko.odaki@daynix.com>
Message-ID: <20221201102728.69751-1-akihiko.odaki@daynix.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Our linker script for optionroms specifies only the placement of the
.text section, leaving the linker free to place the remaining sections
at arbitrary places in the file.
Since at least binutils 2.39, the .note.gnu.build-id section is now
being placed at the start of the file, which causes label addresses to
be shifted. For linuxboot_dma.bin that means that the PnP header
(among others) will not be found when determining the type of ROM at
optionrom_setup():
(0x1c is the label _pnph, where the magic "PnP" is)
$ xxd /usr/share/qemu/linuxboot_dma.bin | grep "PnP"
00000010: 0000 0000 0000 0000 0000 1c00 2450 6e50 ............$PnP
$ xxd pc-bios/optionrom/linuxboot_dma.bin | grep "PnP"
00000010: 0000 0000 0000 0000 0000 4c00 2450 6e50 ............$PnP
^bad
Using a freshly built linuxboot_dma.bin ROM results in a broken boot:
SeaBIOS (version rel-1.16.2-0-gea1b7a073390-prebuilt.qemu.org)
Booting from Hard Disk...
Boot failed: could not read the boot disk
Booting from Floppy...
Boot failed: could not read the boot disk
No bootable device.
We're not using the build-id section, so pass the --build-id=none
option to the linker to remove it entirely.
Note: In theory, this same issue could happen with any other
section. The ideal solution would be to have all unused sections
discarded in the linker script. However that would be a larger change,
specially for the pvh rom which uses the .bss and COMMON sections so
I'm addressing only the immediate issue here.
Reported-by: Vasiliy Ulyanov <vulyanov@suse.de>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230926192502.15986-1-farosas@suse.de>
Cc: stable@vger.kernel.org
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Now that the return path thread is allowed to finish during a paused
migration, we can move the cleanup of the QEMUFiles to the main
migration thread.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230918172822.19052-9-farosas@suse.de>
|
|
Replace the return path retry logic with finishing and restarting the
thread. This fixes a race when resuming the migration that leads to a
segfault.
Currently when doing postcopy we consider that an IO error on the
return path file could be due to a network intermittency. We then keep
the thread alive but have it do cleanup of the 'from_dst_file' and
wait on the 'postcopy_pause_rp' semaphore. When the user issues a
migrate resume, a new return path is opened and the thread is allowed
to continue.
There's a race condition in the above mechanism. It is possible for
the new return path file to be setup *before* the cleanup code in the
return path thread has had a chance to run, leading to the *new* file
being closed and the pointer set to NULL. When the thread is released
after the resume, it tries to dereference 'from_dst_file' and crashes:
Thread 7 "return path" received signal SIGSEGV, Segmentation fault.
[Switching to Thread 0x7fffd1dbf700 (LWP 9611)]
0x00005555560e4893 in qemu_file_get_error_obj (f=0x0, errp=0x0) at ../migration/qemu-file.c:154
154 return f->last_error;
(gdb) bt
#0 0x00005555560e4893 in qemu_file_get_error_obj (f=0x0, errp=0x0) at ../migration/qemu-file.c:154
#1 0x00005555560e4983 in qemu_file_get_error (f=0x0) at ../migration/qemu-file.c:206
#2 0x0000555555b9a1df in source_return_path_thread (opaque=0x555556e06000) at ../migration/migration.c:1876
#3 0x000055555602e14f in qemu_thread_start (args=0x55555782e780) at ../util/qemu-thread-posix.c:541
#4 0x00007ffff38d76ea in start_thread (arg=0x7fffd1dbf700) at pthread_create.c:477
#5 0x00007ffff35efa6f in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:95
Here's the race (important bit is open_return_path happening before
migration_release_dst_files):
migration | qmp | return path
--------------------------+-----------------------------+---------------------------------
qmp_migrate_pause()
shutdown(ms->to_dst_file)
f->last_error = -EIO
migrate_detect_error()
postcopy_pause()
set_state(PAUSED)
wait(postcopy_pause_sem)
qmp_migrate(resume)
migrate_fd_connect()
resume = state == PAUSED
open_return_path <-- TOO SOON!
set_state(RECOVER)
post(postcopy_pause_sem)
(incoming closes to_src_file)
res = qemu_file_get_error(rp)
migration_release_dst_files()
ms->rp_state.from_dst_file = NULL
post(postcopy_pause_rp_sem)
postcopy_pause_return_path_thread()
wait(postcopy_pause_rp_sem)
rp = ms->rp_state.from_dst_file
goto retry
qemu_file_get_error(rp)
SIGSEGV
-------------------------------------------------------------------------------------------
We can keep the retry logic without having the thread alive and
waiting. The only piece of data used by it is the 'from_dst_file' and
it is only allowed to proceed after a migrate resume is issued and the
semaphore released at migrate_fd_connect().
Move the retry logic to outside the thread by waiting for the thread
to finish before pausing the migration.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230918172822.19052-8-farosas@suse.de>
|
|
We'll start calling the await_return_path_close_on_source() function
from other parts of the code, so move all of the related checks and
tracepoints into it.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230918172822.19052-7-farosas@suse.de>
|
|
This file is owned by the return path thread which is already doing
cleanup.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230918172822.19052-6-farosas@suse.de>
|
|
It's not safe to call qemu_file_shutdown() on the to_dst_file without
first checking for the file's presence under the lock. The cleanup of
this file happens at postcopy_pause() and migrate_fd_cleanup() which
are not necessarily running in the same thread as migrate_fd_cancel().
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230918172822.19052-5-farosas@suse.de>
|
|
We cannot call qemu_file_shutdown() on the return path file without
taking the file lock. The return path thread could be running it's
cleanup code and have just cleared the from_dst_file pointer.
Checking ms->to_dst_file for errors could also race with
migrate_fd_cleanup() which clears the to_dst_file pointer.
Protect both accesses by taking the file lock.
This was caught by inspection, it should be rare, but the next patches
will start calling this code from other places, so let's do the
correct thing.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230918172822.19052-4-farosas@suse.de>
|
|
We don't need to set the rp_state.error right after a shutdown because
qemu_file_shutdown() always sets the QEMUFile error, so the return
path thread would have seen it and set the rp error itself.
Setting the error outside of the thread is also racy because the
thread could clear it after we set it.
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230918172822.19052-3-farosas@suse.de>
|
|
We hit intermit CI issue on failing at migration-test over the unit test
preempt/plain:
qemu-system-x86_64: Unable to read from socket: Connection reset by peer
Memory content inconsistency at 5b43000 first_byte = bd last_byte = bc current = 4f hit_edge = 1
**
ERROR:../tests/qtest/migration-test.c:300:check_guests_ram: assertion failed: (bad == 0)
(test program exited with status code -6)
Fabiano debugged into it and found that the preempt thread can quit even
without receiving all the pages, which can cause guest not receiving all
the pages and corrupt the guest memory.
To make sure preempt thread finished receiving all the pages, we can rely
on the page_requested_count being zero because preempt channel will only
receive requested page faults. Note, not all the faulted pages are required
to be sent via the preempt channel/thread; imagine the case when a
requested page is just queued into the background main channel for
migration, the src qemu will just still send it via the background channel.
Here instead of spinning over reading the count, we add a condvar so the
main thread can wait on it if that unusual case happened, without burning
the cpu for no good reason, even if the duration is short; so even if we
spin in this rare case is probably fine. It's just better to not do so.
The condvar is only used when that special case is triggered. Some memory
ordering trick is needed to guarantee it from happening (against the
preempt thread status field), so the main thread will always get a kick
when that triggers correctly.
Closes: https://gitlab.com/qemu-project/qemu/-/issues/1886
Debugged-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Fabiano Rosas <farosas@suse.de>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-ID: <20230918172822.19052-2-farosas@suse.de>
|
|
* new round of audio cleanups
* various shadowed local variable fixes in vl, mptsas, pm_smbus, target/i386
* remove deprecated pc-i440fx-1.4 up to pc-i440fx-1.7
* remove PCI drivers from 128K bios.bin
* remove unused variable in user-exec-stub.c
* small fixes for ui/vnc
* scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467]
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmUTDaoUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroMvEgf+NrSaP4pmHrYcVtm43fnKXoLHFrCx
# KYfoK9Lke/DDkTff6rrcfW/Wyqid6Pp9Ch4Rrpr/X71X5gi+c6xb5klC8cpSfLg4
# gtuGctj7WL7KR/067EsLqHvzBob/iebFhZwhtsBrI+z65X+J9pOK78efBTdhezq4
# EEHTWohMAg1I/MWBK5VnOk2fI4+9z9K9zP5AtWmJzwwJkQUoEyl+YDkVmIhMYoGn
# CapRO7i2wIvtoF4wuQUCGsOLmrcWTvRIOcV13k3b6PYCPC40/N9AOpiiyg3XqNah
# UKKM9CcgVnCzCc4Jar2QD+MzkTDxhmQSyLFJgtzrW7CQSE5YB3sUHj3CXg==
# =8nvs
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 26 Sep 2023 12:58:18 EDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
audio: remove shadowed locals
compiler: introduce QEMU_ANNOTATE
block: mark mixed functions that can suspend
target/i386/svm_helper: eliminate duplicate local variable
target/i386/seg_helper: remove shadowed variable
target/i386/seg_helper: introduce tss_set_busy
target/i386/translate: avoid shadowed local variables
target/i386/cpu: avoid shadowed local variables
target/i386/kvm: eliminate shadowed local variables
m48t59-test: avoid possible overflow on ABS
pm_smbus: rename variable to avoid shadowing
mptsas: avoid shadowed local variables
ui/vnc: fix handling of VNC_FEATURE_XVP
ui/vnc: fix debug output for invalid audio message
vl: remove shadowed local variables
hw/scsi/scsi-disk: Disallow block sizes smaller than 512 [CVE-2023-42467]
user-exec-stub: remove unused variable
seabios: remove PCI drivers from bios.bin
pc_piix: remove pc-i440fx-1.4 up to pc-i440fx-1.7
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Allow a more shorter syntax when defining wrapper macros for
__attribute__((annotate(...))).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The marking should be extended transitively to all functions that call
these ones, so that static analysis can be done much more efficiently.
However, this is a start and makes it possible to use vrc's path-based
searches to find potential bugs where coroutine_fns call blocking functions.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
This shadows an outer "cs" variable that is initialized to the
same expression.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Return the width of the new task directly from switch_tss_ra.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Eliminate a shadowed local variable in the process.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Just remove the declaration. There is nothing in the function after the
switch statement, so it is safe to do.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Reuse the pointer variable used for the unversioned model.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
These are harmless are they die immediately after their use.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Originally meant to avoid a shadowed variable "s", which was fixed by
renaming the outer declaration to "qts". Avoid the chance of an overflow
in the computation of ABS(t - s).
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Acked-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
NBD patches through 2023-09-25
- Denis V. Lunev: iotest improvements
- Eric Blake: further work towards 64-bit NBD extensions
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCAAdFiEEccLMIrHEYCkn0vOqp6FrSiUnQ2oFAmUR2MUACgkQp6FrSiUn
# Q2q6jAf+PT65XzMAhgKvu1vIeMSQqyCocNB2MCOzNp+46uB9bNbPPLQSH2EX+t6p
# kQfHyHUl4YMi0EqgCfodiewlaUKeMxP3cPWMGYaYZ16uNMOIYL1boreDAcM25rb5
# P3TV3DAWTWSclUxrkTC2DxAIBPgsPsGG/2daqOMDEdinxlIywCMJDEIHc9gwwd/t
# 7laz9V1cOW9NbQXrM7eTofJKPKIeqZ+w0kvqrf9HBvZl9CqwHADi7xoz9xP+fN+f
# 713ED/hwt0FIlixtIm2/8vu7nn09cu6m9NaKsMOomsYg9Z6wU3ctivViG5NLq3MD
# OOUu51dV8gRRAXAFU5vKb0d93D27zQ==
# =Ik02
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 25 Sep 2023 15:00:21 EDT
# gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A
# gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full]
# gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full]
# gpg: aka "[jpeg image of size 6874]" [full]
# Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A
* tag 'pull-nbd-2023-09-25' of https://repo.or.cz/qemu/ericb:
nbd/server: Refactor handling of command sanity checks
nbd: Prepare for 64-bit request effect lengths
nbd: Add types for extended headers
nbd/client: Pass mode through to nbd_send_request
nbd: Replace bool structured_reply with mode enum
iotests: improve 'not run' message for nbd-multiconn test
iotests: use TEST_IMG_FILE instead of TEST_IMG in _require_large_file
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Rename the argument so that "addr" is only used inside the for loop.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
VNC_FEATURE_XVP was not shifted left before adding it to vs->features,
so it was never enabled; but it was also checked the wrong way with
a logical AND instead of vnc_has_feature. Fix both places.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The debug message was cut and pasted from the invalid audio format
case, but the audio message is at bytes 2-3.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
We are doing things like
nb_sectors /= (s->qdev.blocksize / BDRV_SECTOR_SIZE);
in the code here (e.g. in scsi_disk_emulate_mode_sense()), so if
the blocksize is smaller than BDRV_SECTOR_SIZE (=512), this crashes
with a division by 0 exception. Thus disallow block sizes of 256
bytes to avoid this situation.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1813
CVE: 2023-42467
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230925091854.49198-1-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
enable_cpu_pm is only used by softmmu-specific code, namely target/i386/host-cpu.c
and target/i386/kvm/*. It does not need a stub definition anymore.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
bios.bin is now used only by ISA PC, so PCI drivers are not necessary.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
These are the last users of the 128K SeaBIOS blob in the i440FX family.
Removing them allows us to drop PCI support from the 128K blob,
thus making it easier to update SeaBIOS to newer versions.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
staging
* Make keyutils independent from keyring in meson.build
* Simplify the NIC init code of the jazz machine a little bit
* Minor qtest and avocado fixes
# -----BEGIN PGP SIGNATURE-----
#
# iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmURS8gRHHRodXRoQHJl
# ZGhhdC5jb20ACgkQLtnXdP5wLbVn4A/+NQKFZcN7gVn5JXkK7kf6i01LNmAoqjj9
# QeQL+WCoNC68OApw7DxIEnpBYT0G42NTHHx4SYeOvzJUzCpeWcxYzQUz58ObZML7
# +OKsiOsaHu3/qOuihBCn43et6moLdDCWbee5Zr6JQv/Fjn3q3nEQZnJDWdw8vm1v
# csYQJZOD6HelLVMmbLfl1szzrykDTT53NhPncH/SjPz6we17sKqHqmT6LBUIsXcV
# u2LaowppKmT7Ooexu6SmsCagLhtWuYo1iGGcRqoojtRWo7eZtWLrAy2DJpyFkPBW
# AIYBfntRISZv4eBGCxcVfvODD/Q4OXHuYTfGzD3m+ELJ6hUk/+d4/aHJ2hm+KEm+
# AD0IpDtimaEmyQTPlaWHhhEur/82JZ+zYlxUMPf3+hglB/rbr6fhA0SMAV6nwR0r
# N8jnB8UCml9oDxJVvDZyrcPMGFs1xlr5FVSHHEoL338SvSfjG3NOEtcNao9n6A8d
# rO2CfPzI7peQhKWAzJL+qpnmenyIniH23tFnf2mpOZ0g45ZWtJeT0CXL3aQO3XAZ
# m56pkM0d/etAHHRoLQ5D/iKZpwiTRLjdzsJ0gMAQsIuRlG/j5h+zou0vUMgm6F8F
# igRHLxytlywZBTCABm2XIlKmaJp8hQlVQMpKsv/BwzTvzzk0GGS5d1qzzFt5WWR7
# 4rSalTn5Xuw=
# =FioB
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 25 Sep 2023 04:58:48 EDT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2023-09-25' of https://gitlab.com/thuth/qemu:
tests/avocado: fix waiting for vm shutdown in replay_linux
hw/mips/jazz: Simplify the NIC setup code
hw/mips/jazz: Move the NIC init code into a separate function
tests/qtest/netdev-socket: Do not test multicast on Darwin
tests/qtest/m48t59-test: Silence compiler warning with -Wshadow
tests/qtest/netdev-socket: Raise connection timeout to 120 seconds
meson.build: Make keyutils independent from keyring
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
* add host ticks function for RISC-V
* target/i386: Export GDS_NO bit
* target/i386: add support for bit 56 of MSR_IA32_VMX_BASIC
* first part of audiodev cleanups
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmUNtYUUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroN7Uwf9Fy4aE1PHzSNr2FqT4rUSYrT4N8cL
# QiPeB8JiJUnl73TcCkTwi7S/Az+37okv+Qsr7eh1wdarY8DOYir9dGJU3TGzICSw
# cgPImb99rhBc2kEmwciCWGlhXIMD8WNN64EanPPg5VeQYdzrorYwl7jCTMQMBR5H
# wtOq3f6FfYJonVwZ6YOmbioD2mFfoGBuiDcYmTTw440vrruKqHagbm5onD1SY9kR
# SM0/HXcYaKB6Ae9qNKhyR9h94KZzDUkCvcTLdFGtK90GBs4VxZVHQn6Dpkh5lPtT
# t0MbMv1mcO6ODzg9TxO3gUAgoklTy3gM2wISXo5C9NGuxmF2svwkuQl5pg==
# =CuIa
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 22 Sep 2023 11:40:53 EDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
vl: recognize audiodev groups in configuration files
tests/qtest: Specify audiodev= and -audiodev
hw/display/xlnx_dp.c: Add audiodev property
hw/audio/lm4549: Add errp error reporting to init function
hw/audio: Simplify hda audio init
hw/input/tsc210x: Extract common init code into new function
qemu/timer: Add host ticks function for RISC-V
target/i386: Export GDS_NO bit to guests
target/i386: enumerate bit 56 of MSR_IA32_VMX_BASIC
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
https://git.linaro.org/people/pmaydell/qemu-arm into staging
target-arm queue:
* target/m68k: Add URL to semihosting spec
* docs/devel/loads-stores: Fix git grep regexes
* hw/arm/boot: Set SCR_EL3.FGTEn when booting kernel
* linux-user: Correct SME feature names reported in cpuinfo
* linux-user: Add missing arm32 hwcaps
* Don't skip MTE checks for LDRT/STRT at EL0
* Implement FEAT_HBC
* Implement FEAT_MOPS
* audio/jackaudio: Avoid dynamic stack allocation
* sbsa-ref: add non-secure EL2 virtual timer
* elf2dmp: improve Win2022, Win11 and large dumps
# -----BEGIN PGP SIGNATURE-----
#
# iQJNBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmUMfwAZHHBldGVyLm1h
# eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3jvnD/0QE/oOxfr+wkDUkTasSwVc
# UNfhObMj3h8x2XApqXckXnckew97I7hh7OLk35p9Ncea7fb6CvGMZ/DJir7AG4aQ
# Anpd5g2Qo0AMfPIyvoJ5pgtqZ1aS/EpBfYixmjL/zY6+zNzoVzWG/KfL+XamW6ir
# 6U7EqcAUzfX0+Splcxs5WgCDI5nGtn0B42EwOMpmwsH4opfr6HTn8Rzbn9gIwKU7
# u82PaKAqWPYD0ev9NQra+VVTrrFS4SCcqkV+SoYu0Cg5vvBlgAVcx0Zz2objp9LC
# 96fOtFH4Rch611j87WiGvN+fxQawqYzAYdy2y+j0wwuonTH9G3PpdZZT0557NjeS
# rFpW2UQebDqZ3ZTDwhzefsVKc3emLZtEd+RFa/YcDtao0afKfbSHv5A2/pGHxzlv
# 8psKOOH82WXTOHwFKA2o0lXDAauzirY+1Avy0vozNzPCdErXPgMHY4tABU77PpER
# Pz17jJO9C1AGyQVF+o09ieJR2Du5Wb2LLcZP3+5Ctm0SNVmREKKNcMkhJiEM9snm
# PQBR7FNEbAuQAO2MDK70dWUcTNtOv4Q1jgTR+aYd2MrArxCmAA5Zd9gjeYDwv6XH
# n242ONDAhlG1fY5f5giE3vCrcV1FDbvHEn6GDVilgMrF3a3Iw30xUaATiO09hIfi
# XAwGwLtMsp21WDa5PsfZVw==
# =dalQ
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 21 Sep 2023 13:36:00 EDT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [full]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [full]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [full]
# gpg: aka "Peter Maydell <peter@archaic.org.uk>" [unknown]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* tag 'pull-target-arm-20230921' of https://git.linaro.org/people/pmaydell/qemu-arm: (30 commits)
elf2dmp: rework PDB_STREAM_INDEXES::segments obtaining
elf2dmp: use Linux mmap with MAP_NORESERVE when possible
elf2dmp: introduce merging of physical memory runs
elf2dmp: introduce physical block alignment
elf2dmp: replace PE export name check with PDB name check
sbsa-ref: add non-secure EL2 virtual timer
audio/jackaudio: Avoid dynamic stack allocation in qjack_process()
audio/jackaudio: Avoid dynamic stack allocation in qjack_client_init
target/arm: Enable FEAT_MOPS for CPU 'max'
target/arm: Implement the CPY* instructions
target/arm: Implement MTE tag-checking functions for FEAT_MOPS copies
target/arm: Implement the SETG* instructions
target/arm: Define new TB flag for ATA0
target/arm: Implement the SET* instructions
target/arm: Implement MTE tag-checking functions for FEAT_MOPS
target/arm: New function allocation_tag_mem_probe()
target/arm: Define syndrome function for MOPS exceptions
target/arm: Pass unpriv bool to get_a64_user_mem_index()
target/arm: Implement FEAT_MOPS enable bits
target/arm: Don't skip MTE checks for LDRT/STRT at EL0
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
|
|
Upcoming additions to support NBD 64-bit effect lengths will add a new
command flag NBD_CMD_FLAG_PAYLOAD_LEN that needs to be considered in
our sanity checks of the client's messages (that is, more than just
CMD_WRITE have the potential to carry a client payload when extended
headers are in effect). But before we can start to support that, it
is easier to first refactor the existing set of various if statements
over open-coded combinations of request->type to instead be a single
switch statement over all command types that sets witnesses, then
straight-line processing based on the witnesses. No semantic change
is intended.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230829175826.377251-24-eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
|
|
Widen the length field of NBDRequest to 64-bits, although we can
assert that all current uses are still under 32 bits: either because
of NBD_MAX_BUFFER_SIZE which is even smaller (and where size_t can
still be appropriate, even on 32-bit platforms), or because nothing
ever puts us into NBD_MODE_EXTENDED yet (and while future patches will
allow larger transactions, the lengths in play here are still capped
at 32-bit). There are no semantic changes, other than a typo fix in a
couple of error messages.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20230829175826.377251-23-eblake@redhat.com>
[eblake: fix assertion bug in nbd_co_send_simple_reply]
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
|
|
This patch fixes the race condition in waiting for shutdown
of the replay linux test.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Suggested-by: John Snow <jsnow@redhat.com>
Message-ID: <20230811070608.3383343-4-pavel.dovgalyuk@ispras.ru>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
The for-loop does not make much sense here - it is always left after
the first iteration, so we can also check for nb_nics == 1 instead
which is way easier to understand.
Also, the checks for nd->model are superfluous since the code in
mips_jazz_init_net() calls qemu_check_nic_model() that already
takes care of this (i.e. initializing nd->model if it has not been
set yet, and checking whether it is the "help" option or the
supported NIC model).
Message-ID: <20230913160922.355640-3-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
The mips_jazz_init() function is already quite big, so moving
away some code here can help to make it more understandable.
Additionally, by moving this code into a separate function, the
next patch (that will refactor the for-loop around the NIC init
code) will be much shorter and easier to understand.
Message-ID: <20230913160922.355640-2-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
Do not run this test on Darwin, otherwise we get:
qemu-system-arm: -netdev dgram,id=st0,remote.type=inet,remote.host=230.0.0.1,remote.port=1234:
can't add socket to multicast group 230.0.0.1: Can't assign requested address
Broken pipe
../../tests/qtest/libqtest.c:191: kill_qemu() tried to terminate QEMU
process but encountered exit status 1 (expected 0)
Abort trap: 6
Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20230918062549.2363-1-philmd@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
