aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)AuthorFilesLines
2020-12-08hw: add compat machines for 6.0Cornelia Huck7-6/+65
Add 6.0 machine types for arm/i440fx/q35/s390x/spapr. Signed-off-by: Cornelia Huck <cohuck@redhat.com> Message-Id: <20201109173928.1001764-1-cohuck@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Remove primary_dev memberJuan Quintela1-31/+24
Only three uses remained, and we can remove them on that case. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-28-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: simplify failover_unplug_primaryJuan Quintela1-15/+10
We can calculate device just once. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-27-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Caller of this two functions already have primary_devJuan Quintela1-13/+14
Pass it as an argument. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-26-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: We don't need to cache primary_device_id anymoreJuan Quintela1-10/+10
Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-25-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: split failover_find_primary_device_id()Juan Quintela1-16/+47
So we can calculate the device id when we need it. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-24-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: remove failover_find_primary_device() error parameterJuan Quintela1-6/+3
It can never give one error. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-23-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: make sure that id always existJuan Quintela1-3/+0
We check that it exist at device creation time, so we don't have to check anywhere else. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-22-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Rename to failover_find_primary_device()Juan Quintela1-3/+9
This commit: * Rename them to failover_find_primary_devices() so - it starts with failover_ - it don't connect anything, just find the primary device * Create documentation for the function Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-19-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: virtio_net_connect_failover_devices() does nothingJuan Quintela1-15/+2
It just calls virtio_net_find_primary(), so just update the callers. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-18-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Rename function to hide_device()Juan Quintela2-6/+5
You should not use pasive. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-17-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: should_be_hidden() should take a boolJuan Quintela2-34/+12
We didn't use at all the -1 value, and we don't really care. It was only used for the cases when this is not the device that we are searching for. And in that case we should not hide the device. Once there, simplify virtio-Snet_primary_should_be_hidden. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-16-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: simplify virtio_net_find_primary()Juan Quintela1-15/+3
a - is_my_primary() never sets one error b - If we return 1, primary_device_id is always set Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-15-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Remove memory leakJuan Quintela1-3/+1
Two things, at this point: * n->primary_device_id has to be set, otherwise virtio_net_find_primary don't work. So we have a leak here. * it has to be exactly the same that prim_dev->id because what qdev_find_recursive() does is just compare this two values. So remove the unneeded assignment and leaky bits. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-14-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Remove primary_device_dictJuan Quintela1-13/+4
It was only used once. And we have there opts->id, so no need for it. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-13-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: remove standby_id variableJuan Quintela1-8/+3
We can calculate it, and we only use it once anyways. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-12-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Remove primary_device_optsJuan Quintela1-16/+5
It was really only used once, in failover_add_primary(). Just search for it on global opts when it is needed. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-11-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: g_strcmp0() knows how to handle NULLJuan Quintela1-1/+1
Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-10-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Rename bool to failover_primary_hiddenJuan Quintela1-7/+7
You should not use passive naming variables. And once there, be able to search for them. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-9-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: qdev_device_add() returns err or dev setJuan Quintela1-7/+0
Never both. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-8-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Remove external partially_hotplugged propertyJuan Quintela1-4/+0
It was only set "once", and with the wrong value. As far as I can see, libvirt still don't use it. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-7-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Remove unused parameterJuan Quintela1-5/+3
Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-6-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: primary bus is only used once, and where it is setJuan Quintela1-4/+4
Just remove the struct member. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-5-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: Use always atomics for primary_should_be_hiddenJuan Quintela1-1/+1
Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-4-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08failover: fix indentantionJuan Quintela1-18/+15
Once there, remove not needed cast. Signed-off-by: Juan Quintela <quintela@redhat.com> Message-Id: <20201118083748.1328-3-quintela@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08acpi: Align the size to 128kYubo Miao1-0/+25
If table size is changed between virt_acpi_build and virt_acpi_build_update, the table size would not be updated to UEFI, therefore, just align the size to 128kb, which is enough and same with x86. It would warn if 64k is not enough and the align size should be updated. Signed-off-by: Yubo Miao <miaoyubo@huawei.com> Signed-off-by: Jiahui Cen <cenjiahui@huawei.com> Message-Id: <20201119014841.7298-7-cenjiahui@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08acpi/gpex: Build tables for pxbYubo Miao2-2/+58
The resources of pxbs are obtained by crs_build and the resources used by pxbs would be moved from the resources defined for host-bridge. The resources for pxb are composed of following two parts: 1. The bar space of the pci-bridge/pcie-root-port behined it 2. The config space of devices behind it. Signed-off-by: Yubo Miao <miaoyubo@huawei.com> Signed-off-by: Jiahui Cen <cenjiahui@huawei.com> Message-Id: <20201119014841.7298-6-cenjiahui@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08acpi: Extract crs build form acpi_build.cYubo Miao2-293/+285
Extract crs build form acpi_build.c, the function could also be used to build the crs for pxbs for arm. The resources are composed by two parts: 1. The bar space of pci-bridge/pcie-root-ports 2. The resources needed by devices behind PXBs. The base and limit of memory/io are obtained from the config via two APIs: pci_bridge_get_base and pci_bridge_get_limit Signed-off-by: Yubo Miao <miaoyubo@huawei.com> Signed-off-by: Jiahui Cen <cenjiahui@huawei.com> Message-Id: <20201119014841.7298-5-cenjiahui@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08hw/arm/virt: Write extra pci roots into fw_cfgJiahui Cen1-2/+5
Add bus property to virt machine for primary PCI root bus and use it to add extra pci roots behind it. Signed-off-by: Jiahui Cen <cenjiahui@huawei.com> Signed-off-by: Yubo Miao <miaoyubo@huawei.com> Message-Id: <20201119014841.7298-4-cenjiahui@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08fw_cfg: Refactor extra pci roots additionJiahui Cen2-17/+24
Extract extra pci roots addition from pc machine, which could be used by other machines. In order to make uefi get the extra roots, it is necessary to write extra roots into fw_cfg. And only if the uefi knows there are extra roots, the config spaces of devices behind the root could be obtained. Signed-off-by: Jiahui Cen <cenjiahui@huawei.com> Signed-off-by: Yubo Miao <miaoyubo@huawei.com> Message-Id: <20201119014841.7298-3-cenjiahui@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08acpi/gpex: Extract two APIs from acpi_dsdt_add_pciYubo Miao1-49/+63
Extract two APIs acpi_dsdt_add_pci_route_table and acpi_dsdt_add_pci_osc from acpi_dsdt_add_pci. The first API is used to specify the pci route table and the second API is used to declare the operation system capabilities. These two APIs would be used to specify the pxb-pcie in DSDT. Signed-off-by: Yubo Miao <miaoyubo@huawei.com> Signed-off-by: Jiahui Cen <cenjiahui@huawei.com> Message-Id: <20201119014841.7298-2-cenjiahui@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08virtio: reset device on bad guest index in virtio_load()John Levon1-6/+9
If we find a queue with an inconsistent guest index value, explicitly mark the device as needing a reset - and broken - via virtio_error(). There's at least one driver implementation - the virtio-win NetKVM driver - that is able to handle a VIRTIO_CONFIG_S_NEEDS_RESET notification and successfully restore the device to a working state. Other implementations do not correctly handle this, but as the VQ is not in a functional state anyway, this is still worth doing. Signed-off-by: John Levon <john.levon@nutanix.com> Message-Id: <20201120185103.GA442386@sent> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08intel_iommu: Skip page walking on device iotlb invalidationsEugenio Pérez1-0/+4
Although they didn't reach the notifier because of the filtering in memory_region_notify_iommu_one, the vt-d was still splitting huge memory invalidations in chunks. Skipping it. This improves performance in case of netperf with vhost-net: * TCP_STREAM: From 1923.6Mbit/s to 2175.13Mbit/s (13%) * TCP_RR: From 8464.73 trans/s to 8932.703333 trans/s (5.5%) * UDP_RR: From 8562.08 trans/s to 9005.62/s (5.1%) * UDP_STREAM: No change observed (insignificant 0.1% improvement) Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Message-Id: <20201116165506.31315-5-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08memory: Add IOMMU_NOTIFIER_DEVIOTLB_UNMAP IOMMUTLBNotificationTypeEugenio Pérez2-2/+2
This allows us to differentiate between regular IOMMU map/unmap events and DEVIOTLB unmap. Doing so, notifiers that only need device IOTLB invalidations will not receive regular IOMMU unmappings. Adapt intel and vhost to use it. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Message-Id: <20201116165506.31315-4-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-08memory: Add IOMMUTLBEventEugenio Pérez7-97/+121
This way we can tell between regular IOMMUTLBEntry (entry of IOMMU hardware) and notifications. In the notifications, we set explicitly if it is a MAPs or an UNMAP, instead of trusting in entry permissions to differentiate them. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Message-Id: <20201116165506.31315-3-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com> Acked-by: David Gibson <david@gibson.dropbear.id.au>
2020-12-08memory: Rename memory_region_notify_one to memory_region_notify_iommu_oneEugenio Pérez3-4/+4
Previous name didn't reflect the iommu operation. Signed-off-by: Eugenio Pérez <eperezma@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: David Gibson <david@gibson.dropbear.id.au> Reviewed-by: Juan Quintela <quintela@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Acked-by: Jason Wang <jasowang@redhat.com> Message-Id: <20201116165506.31315-2-eperezma@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2020-12-01ide: atapi: assert that the buffer pointer is in rangePaolo Bonzini1-0/+2
A case was reported where s->io_buffer_index can be out of range. The report skimped on the details but it seems to be triggered by s->lba == -1 on the READ/READ CD paths (e.g. by sending an ATAPI command with LBA = 0xFFFFFFFF). For now paper over it with assertions. The first one ensures that there is no overflow when incrementing s->io_buffer_index, the second checks for the buffer overrun. Note that the buffer overrun is only a read, so I am not sure if the assertion failure is actually less harmful than the overrun. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-id: 20201201120926.56559-1-pbonzini@redhat.com Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-12-01hw/net/dp8393x: fix integer underflow in dp8393x_do_transmit_packets()Mauro Matteo Cascella1-0/+4
An integer underflow could occur during packet transmission due to 'tx_len' not being updated if SONIC_TFC register is set to zero. Check for negative 'tx_len' when removing existing FCS. RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=1899722 Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> Reported-by: Gaoning Pan <pgn@zju.edu.cn> Acked-by: Jason Wang <jasowang@redhat.com> Message-id: 20201124092445.658647-1-mcascell@redhat.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-24Revert "hw/core/qdev-properties: Use qemu_strtoul() in set_pci_host_devaddr()"Michael S. Tsirkin1-12/+13
This reverts commit bccb20c49df1bd683248a366021973901c11982f as it introduced a regression blocking bus addresses > 0x1f or higher. Legal bus numbers go up to 0xff. Fixes: bccb20c49df ("Use qemu_strtoul() in set_pci_host_devaddr()") Reported-by: Klaus Herman <kherman@inbox.lv> Reported-by: Geoffrey McRae <geoff@hostfission.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Cc: "Philippe Mathieu-Daudé" <philmd@redhat.com> Message-Id: <20201120130409.956956-1-mst@redhat.com> Signed-off-by: Eduardo Habkost <ehabkost@redhat.com>
2020-11-24hw/net/e1000e: advance desc_offset in case of null descriptorPrasad J Pandit1-4/+4
While receiving packets via e1000e_write_packet_to_guest() routine, 'desc_offset' is advanced only when RX descriptor is processed. And RX descriptor is not processed if it has NULL buffer address. This may lead to an infinite loop condition. Increament 'desc_offset' to process next descriptor in the ring to avoid infinite loop. Reported-by: Cheol-woo Myung <330cjfdn@gmail.com> Signed-off-by: Prasad J Pandit <pjp@fedoraproject.org> Signed-off-by: Jason Wang <jasowang@redhat.com>
2020-11-23Merge remote-tracking branch 'remotes/awilliam/tags/vfio-update-20201123.0' ↵Peter Maydell3-5/+13
into staging VFIO update 2020-11-23 * Enable pre-copy dirty page tracking by default (Kirti Wankhede) * Mark migration as experimental (Alex Williamson) # gpg: Signature made Mon 23 Nov 2020 17:10:58 GMT # gpg: using RSA key 239B9B6E3BB08B22 # gpg: Good signature from "Alex Williamson <alex.williamson@redhat.com>" [full] # gpg: aka "Alex Williamson <alex@shazbot.org>" [full] # gpg: aka "Alex Williamson <alwillia@redhat.com>" [full] # gpg: aka "Alex Williamson <alex.l.williamson@gmail.com>" [full] # Primary key fingerprint: 42F6 C04E 540B D1A9 9E7B 8A90 239B 9B6E 3BB0 8B22 * remotes/awilliam/tags/vfio-update-20201123.0: vfio: Change default dirty pages tracking behavior during migration vfio: Make migration support experimental Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-23vfio: Change default dirty pages tracking behavior during migrationKirti Wankhede2-4/+10
By default dirty pages tracking is enabled during iterative phase (pre-copy phase). Added per device opt-out option 'x-pre-copy-dirty-page-tracking' to disable dirty pages tracking during iterative phase. If the option 'x-pre-copy-dirty-page-tracking=off' is set for any VFIO device, dirty pages tracking during iterative phase will be disabled. Signed-off-by: Kirti Wankhede <kwankhede@nvidia.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2020-11-23vfio: Make migration support experimentalAlex Williamson2-1/+3
Support for migration of vfio devices is still in flux. Developers are attempting to add support for new devices and new architectures, but none are yet readily available for validation. We have concerns whether we're transferring device resources at the right point in the migration, whether we're guaranteeing that updates during pre-copy are migrated, and whether we can provide bit-stream compatibility should any of this change. Even the question of whether devices should participate in dirty page tracking during pre-copy seems contentious. In short, migration support has not had enough soak time and it feels premature to mark it as supported. Create an experimental option such that we can continue to develop. [Retaining previous acks/reviews for a previously identical code change with different specifics in the commit log.] Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Acked-by: Cornelia Huck <cohuck@redhat.com> Signed-off-by: Alex Williamson <alex.williamson@redhat.com>
2020-11-23hw/intc: fix heap-buffer-overflow in rxicu_realize()Chen Qun1-10/+8
When 'j = icu->nr_sense – 1', the 'j < icu->nr_sense' condition is true, then 'j = icu->nr_sense', the'icu->init_sense[j]' has out-of-bounds access. The asan showed stack: ERROR: AddressSanitizer: heap-buffer-overflow on address 0x604000004d7d at pc 0x55852cd26a76 bp 0x7ffe39f26200 sp 0x7ffe39f261f0 READ of size 1 at 0x604000004d7d thread T0 #0 0x55852cd26a75 in rxicu_realize ../hw/intc/rx_icu.c:311 #1 0x55852cf075f7 in device_set_realized ../hw/core/qdev.c:886 #2 0x55852cd4a32f in property_set_bool ../qom/object.c:2251 #3 0x55852cd4f9bb in object_property_set ../qom/object.c:1398 #4 0x55852cd54f3f in object_property_set_qobject ../qom/qom-qobject.c:28 #5 0x55852cd4fc3f in object_property_set_bool ../qom/object.c:1465 #6 0x55852cbf0b27 in register_icu ../hw/rx/rx62n.c:156 #7 0x55852cbf12a6 in rx62n_realize ../hw/rx/rx62n.c:261 #8 0x55852cf075f7 in device_set_realized ../hw/core/qdev.c:886 #9 0x55852cd4a32f in property_set_bool ../qom/object.c:2251 #10 0x55852cd4f9bb in object_property_set ../qom/object.c:1398 #11 0x55852cd54f3f in object_property_set_qobject ../qom/qom-qobject.c:28 #12 0x55852cd4fc3f in object_property_set_bool ../qom/object.c:1465 #13 0x55852cbf1a85 in rx_gdbsim_init ../hw/rx/rx-gdbsim.c:109 #14 0x55852cd22de0 in qemu_init ../softmmu/vl.c:4380 #15 0x55852ca57088 in main ../softmmu/main.c:49 #16 0x7feefafa5d42 in __libc_start_main (/lib64/libc.so.6+0x26d42) Add the 'ice->src[i].sense' initialize to the default value, and then process init_sense array to identify which irqs should be level-triggered. Suggested-by: Peter Maydell <peter.maydell@linaro.org> Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Chen Qun <kuhn.chenqun@huawei.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20201111141733.2358800-1-kuhn.chenqun@huawei.com Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-23hw/arm: Fix bad print format specifiersAlexChen3-3/+3
We should use printf format specifier "%u" instead of "%i" for argument of type "unsigned int". Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: Alex Chen <alex.chen@huawei.com> Message-id: 5F9FD78B.8000300@huawei.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-22hw/display/tcx: add missing 64-bit access for framebuffer blitterMark Cave-Ayland1-1/+5
Commit ae5643ecc6 "hw/display/tcx: Allow 64-bit accesses to framebuffer stippler and blitter" enabled 64-bit access for the TCX framebuffer stippler and blitter but missed applying the change to one of the blitter MemoryRegions. Whilst the original change works for me on my local NetBSD test image, the latest NetBSD ISO panics on startup without this fix. Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Fixes: ae5643ecc6 ("hw/display/tcx: Allow 64-bit accesses to framebuffer stippler and blitter") Buglink: https://bugs.launchpad.net/bugs/1892540 Message-Id: <20201120081754.18250-1-mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
2020-11-20usb: fix kconfig for usb-xhci-sysbusPaolo Bonzini1-1/+0
Remove the "default y" for USB_XHCI_SYSBUS because sysbus devices are not user creatable; boards that use them will specify them manually with "imply" or "select" clauses. It would be nice to keep the ability to remove PCIe and USB from microvm, since thos can be disabled on the command line and therefore should not be included if QEMU is configured --without-default-devices. However it's too late for 5.2 to figure out a place for the DSDT creation code. Reported-by: Bruce Rogers <brogers@suse.com> Cc: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-11-19Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20201119' into stagingPeter Maydell4-13/+36
s390x fixes: - fix propagation and reset for the new diag318 call - fix hot-unplug for vfio-pci devices - fix endianness issues in zPCI (regression fix) # gpg: Signature made Thu 19 Nov 2020 10:15:58 GMT # gpg: using RSA key C3D0D66DC3624FF6A8C018CEDECF6B93C6F02FAF # gpg: issuer "cohuck@redhat.com" # gpg: Good signature from "Cornelia Huck <conny@cornelia-huck.de>" [unknown] # gpg: aka "Cornelia Huck <huckc@linux.vnet.ibm.com>" [full] # gpg: aka "Cornelia Huck <cornelia.huck@de.ibm.com>" [full] # gpg: aka "Cornelia Huck <cohuck@kernel.org>" [unknown] # gpg: aka "Cornelia Huck <cohuck@redhat.com>" [unknown] # Primary key fingerprint: C3D0 D66D C362 4FF6 A8C0 18CE DECF 6B93 C6F0 2FAF * remotes/cohuck/tags/s390x-20201119: s390x/pci: fix endianness issues s390x/pci: Unregister listeners before destroying IOMMU address space s390/kvm: fix diag318 propagation and reset functionality Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-11-18s390x/pci: fix endianness issuesCornelia Huck3-13/+25
The zPCI group and function structures are big endian. However, we do not consistently store them as big endian locally, and are missing some conversions. Let's just store the structures as host endian instead and convert to big endian when actually handling the instructions retrieving the data. Also fix the layout of ClpReqQueryPciGrp: g is actually only 8 bit. This also fixes accesses on little endian hosts, and makes accesses on big endian hosts consistent. Fixes: 28dc86a07299 ("s390x/pci: use a PCI Group structure") Fixes: 9670ee752727 ("s390x/pci: use a PCI Function structure") Fixes: 1e7552ff5c34 ("s390x/pci: get zPCI function info from host") Signed-off-by: Cornelia Huck <cohuck@redhat.com> Tested-by: Matthew Rosato <mjrosato@linux.ibm.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Matthew Rosato <mjrosato@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20201118104202.1301363-1-cohuck@redhat.com>
2020-11-18s390x/pci: Unregister listeners before destroying IOMMU address spaceMatthew Rosato1-0/+7
Hot-unplugging a vfio-pci device on s390x causes a QEMU crash: qemu-system-s390x: ../softmmu/memory.c:2772: do_address_space_destroy: Assertion `QTAILQ_EMPTY(&as->listeners)' failed. In s390, the IOMMU address space is freed during device unplug but the associated vfio-pci device may not yet be finalized and therefore may still have a listener registered to the IOMMU address space. Commit a2166410ad74 ("spapr_pci: Unregister listeners before destroying the IOMMU address space") previously resolved this issue for spapr_pci. We are now seeing this in s390x; it would seem the possibility for this issue was already present but based on a bisect commit 2d24a6466154 ("device-core: use RCU for list of children of a bus") has now changed the timing such that it is now readily reproducible. Add logic to ensure listeners are removed before destroying the address space. Reported-by: Niklas Schnelle <schnelle@linux.ibm.com> Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com> Tested-by: Niklas Schnelle <schnelle@linux.ibm.com> Reviewed-by: Pierre Morel <pmorel@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <1605562955-21152-1-git-send-email-mjrosato@linux.ibm.com> Signed-off-by: Cornelia Huck <cohuck@redhat.com>