aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)AuthorFilesLines
2020-06-24iotests: Fix 051 output after qdev_init_nofail() removalPhilippe Mathieu-Daudé1-2/+2
Commit 96927c744 replaced qdev_init_nofail() call by isa_realize_and_unref() which has a different error message. Update the test output accordingly. Gitlab CI error after merging b77b5b3dc7: https://gitlab.com/qemu-project/qemu/-/jobs/597414772#L4375 Reported-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200616154949.6586-1-philmd@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Max Reitz <mreitz@redhat.com>
2020-06-23Merge remote-tracking branch ↵Peter Maydell1-0/+68
'remotes/philmd-gitlab/tags/renesas-hw-20200622' into staging Renesas hardware patches - Add a common entry for Renesas hardware in MAINTAINERS - Trivial SH4 cleanups - Add RX GDB simulator from Yoshinori Sato The Renesas RX target emulation was added in commit c8c35e5f51, these patches complete the target by adding the hardware emulation. Tests included: $ avocado --show=app,console run -t arch:rx tests/acceptance/ Fetching asset from tests/acceptance/machine_rx_gdbsim.py:RxGdbSimMachine.test_uboot Fetching asset from tests/acceptance/machine_rx_gdbsim.py:RxGdbSimMachine.test_linux_sash (1/2) tests/acceptance/machine_rx_gdbsim.py:RxGdbSimMachine.test_uboot: console: U-Boot 2016.05-rc3-23705-ga1ef3c71cb-dirty (Feb 05 2019 - 21:56:06 +0900) PASS (0.26 s) (2/2) tests/acceptance/machine_rx_gdbsim.py:RxGdbSimMachine.test_linux_sash: console: Linux version 4.19.0+ (yo-satoh@yo-satoh-debian) (gcc version 9.0.0 20181105 (experimental) (GCC)) #137 Wed Feb 20 23:20:02 JST 2019 console: Built 1 zonelists, mobility grouping on. Total pages: 8128 console: Kernel command line: console: Dentry cache hash table entries: 4096 (order: 2, 16384 bytes) console: Inode-cache hash table entries: 2048 (order: 1, 8192 bytes) console: Memory: 14648K/32768K available (871K kernel code, 95K rwdata, 140K rodata, 96K init, 175K bss, 18120K reserved, 0K cma-reserved) console: NR_IRQS: 256 console: rx-cmt: used for periodic clock events console: clocksource: rx-tpu: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1274173631191 ns console: 96.00 BogoMIPS (lpj=480000) console: pid_max: default: 4096 minimum: 301 console: Mount-cache hash table entries: 1024 (order: 0, 4096 bytes) console: Mountpoint-cache hash table entries: 1024 (order: 0, 4096 bytes) console: clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns console: clocksource: Switched to clocksource rx-tpu console: workingset: timestamp_bits=30 max_order=12 bucket_order=0 console: SuperH (H)SCI(F) driver initialized console: 88240.serial: ttySC0 at MMIO 0x88240 (irq = 215, base_baud = 0) is a sci console: console [ttySC0] enabled console: 88248.serial: ttySC1 at MMIO 0x88248 (irq = 219, base_baud = 0) is a sci console: random: get_random_bytes called from 0x01002e48 with crng_init=0 console: Freeing unused kernel memory: 96K console: This architecture does not have kernel memory protection. console: Run /sbin/init as init process console: Run /etc/init as init process console: Run /bin/init as init process console: Run /bin/sh as init process console: Sash command shell (version 1.1.1) console: /> printenv console: HOME=/ console: TERM=linux PASS (0.73 s) RESULTS : PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0 JOB TIME : 1.47 s CI results: . https://cirrus-ci.com/build/6140199509950464 . https://travis-ci.org/github/philmd/qemu/builds/700954881 . https://app.shippable.com/github/philmd/qemu/runs/812/summary/console # gpg: Signature made Mon 22 Jun 2020 19:52:09 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/renesas-hw-20200622: docs: Document the RX target BootLinuxConsoleTest: Test the RX GDB simulator hw/rx: Add RX GDB simulator hw/rx: Register R5F562N7 and R5F562N8 MCUs hw/rx: Honor -accel qtest hw/rx: RX62N microcontroller (MCU) hw/char: RX62N serial communication interface (SCI) hw/timer: RX62N compare match timer (CMT) hw/timer: RX62N 8-Bit timer (TMR) hw/intc: RX62N interrupt controller (ICUa) hw/timer/sh_timer: Remove unused 'qemu/timer.h' include hw/sh4: Extract timer definitions to 'hw/timer/tmu012.h' hw/sh4: Use MemoryRegion typedef MAINTAINERS: Add an entry for common Renesas peripherals MAINTAINERS: Cover sh_intc files in the R2D/Shix machine sections Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-22BootLinuxConsoleTest: Test the RX GDB simulatorPhilippe Mathieu-Daudé1-0/+68
Add two tests for the rx-gdbsim machine, based on the recommended test setup from Yoshinori Sato: https://lists.gnu.org/archive/html/qemu-devel/2019-05/msg03586.html - U-Boot prompt - Linux kernel with Sash shell These are very quick tests: $ avocado run -t arch:rx tests/acceptance/machine_rx_gdbsim.py JOB ID : 84a6ef01c0b87975ecbfcb31a920afd735753ace JOB LOG : /home/phil/avocado/job-results/job-2019-05-24T05.02-84a6ef0/job.log (1/2) tests/acceptance/machine_rx_gdbsim.py:RxGdbSimMachine.test_uboot: PASS (0.11 s) (2/2) tests/acceptance/machine_rx_gdbsim.py:RxGdbSimMachine.test_linux_sash: PASS (0.45 s) RESULTS : PASS 2 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0 Tests can also be run with: $ avocado --show=console run -t arch:rx tests/acceptance/machine_rx_gdbsim.py console: U-Boot 2016.05-rc3-23705-ga1ef3c71cb-dirty (Feb 05 2019 - 21:56:06 +0900) console: Linux version 4.19.0+ (yo-satoh@yo-satoh-debian) (gcc version 9.0.0 20181105 (experimental) (GCC)) #137 Wed Feb 20 23:20:02 JST 2019 console: Built 1 zonelists, mobility grouping on. Total pages: 8128 ... console: SuperH (H)SCI(F) driver initialized console: 88240.serial: ttySC0 at MMIO 0x88240 (irq = 215, base_baud = 0) is a sci console: console [ttySC0] enabled console: 88248.serial: ttySC1 at MMIO 0x88248 (irq = 219, base_baud = 0) is a sci Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Yoshinori Sato <ysato@users.sourceforge.jp> Message-Id: <20200224141923.82118-22-ysato@users.sourceforge.jp> [PMD: Replace obsolete set_machine() by machine tag, and rename as gdbsim] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
2020-06-21tests/acceptance: record/replay tests with advcal imagesPavel Dovgalyuk1-0/+108
This patch adds more record/replay tests with kernel images. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Tested-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <159073592589.20809.5156301499042635614.stgit@pasha-ThinkPad-X280> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> [PMD: Use os.path.join(), add avocado 'cpu' tags] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-21tests/acceptance: add record/replay test for m68kPavel Dovgalyuk1-0/+18
This patch adds a test for record/replay of the kernel image boot for m68k platform. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Tested-by: Philippe Mathieu-Daude <philmd@redhat.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <159073592033.20809.1838967871297177313.stgit@pasha-ThinkPad-X280> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-21tests/acceptance: add record/replay test for ppc64Pavel Dovgalyuk1-0/+16
This patch adds a test for record/replay of the kernel image boot for ppc64 platform. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Tested-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <159073591363.20809.15658672985367330140.stgit@pasha-ThinkPad-X280> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-21tests/acceptance: add record/replay test for armPavel Dovgalyuk1-0/+48
This patch adds a test for record/replay of the kernel image boot for two different arm platforms. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Tested-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <159073590785.20809.17654573764167037499.stgit@pasha-ThinkPad-X280> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-21tests/acceptance: add record/replay test for aarch64Pavel Dovgalyuk1-0/+19
This patch adds a test for record/replay of the kernel image boot for aarch64 platform. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Tested-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <159073590231.20809.9842179251741585482.stgit@pasha-ThinkPad-X280> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-21tests/acceptance: add kernel record/replay test for x86_64Pavel Dovgalyuk1-0/+18
This patch adds a test for record/replay an execution of x86_64 machine. Execution scenario includes simple kernel boot, which allows testing basic hardware interaction in RR mode. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Tested-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <159073589656.20809.14010247947948822435.stgit@pasha-ThinkPad-X280> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> [PMD: Skip test_x86_64_pc on Travis-CI] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-21tests/acceptance: add base class record/replay kernel testsPavel Dovgalyuk1-0/+73
This patch adds a base for testing kernel boot recording and replaying. Each test has the phase of recording and phase of replaying. Virtual machines just boot the kernel and do not interact with the network. Structure and image links for the tests are borrowed from boot_linux_console.py Testing controls the message pattern at the end of the kernel boot for both record and replay modes. In replay mode QEMU is also intended to finish the execution automatically. Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgaluk@ispras.ru> Tested-by: Philippe Mathieu-Daude <philmd@redhat.com> Message-Id: <159073589099.20809.14078431743098373301.stgit@pasha-ThinkPad-X280> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> [PMD: Keep imports sorted alphabetically] Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2020-06-19qht: Fix threshold rate calculationRichard Henderson1-1/+2
tests/qht-bench.c:287:29: error: implicit conversion from 'unsigned long' to 'double' changes value from 18446744073709551615 to 18446744073709551616 [-Werror,-Wimplicit-int-float-conversion] *threshold = rate * UINT64_MAX; ~ ^~~~~~~~~~ Fix this by splitting the 64-bit constant into two halves, each of which is individually perfectly representable, the sum of which produces the correct arithmetic result. This is very likely just a sticking plaster over some underlying incorrect code, but it will suppress the warning for the moment. Cc: Emilio G. Cota <cota@braap.org> Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-18Merge remote-tracking branch ↵Peter Maydell1-27/+7
'remotes/dgilbert/tags/pull-migration-20200617a' into staging Migration (and HMP and virtiofs) pull 2020-06-17 Migration: HMP/migration and test changes from Mao Zhongyi multifd fix from Laurent Vivier HMP qom-set partial reversion/change from David Hildenbrand now you need -j to pass json format, but it's regained the old 100M type format. Memory leak fix from Pan Nengyuan Virtiofs fchmod seccomp fix from Max Reitz Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com> # gpg: Signature made Wed 17 Jun 2020 19:34:58 BST # gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7 # gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full] # Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7 * remotes/dgilbert/tags/pull-migration-20200617a: migration: fix multifd_send_pages() next channel docs/xbzrle: update 'cache miss rate' and 'encoding rate' to docs monitor/hmp-cmds: improvements for the 'info migrate' monitor/hmp-cmds: add 'goto end' to reduce duplicate code. monitor/hmp-cmds: delete redundant Error check before invoke hmp_handle_error() monitor/hmp-cmds: don't silently output when running 'migrate_set_downtime' fails monitor/hmp-cmds: add units for migrate_parameters tests/migration: fix unreachable path in stress test tests/migration: mem leak fix hmp: Make json format optional for qom-set qom-hmp-cmds: fix a memleak in hmp_qom_get virtiofsd: Whitelist fchmod Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-18Merge remote-tracking branch 'remotes/kevin/tags/for-upstream' into stagingPeter Maydell10-270/+302
Block layer patches: - enhance handling of size-related BlockConf properties - nvme: small fixes, refactoring and cleanups - virtio-blk: On restart, process queued requests in the proper context - icount: make dma reads deterministic - iotests: Some fixes for rarely run cases - .gitignore: Ignore storage-daemon files - Minor code cleanups # gpg: Signature made Wed 17 Jun 2020 15:47:19 BST # gpg: using RSA key DC3DEB159A9AF95D3D7456FE7F09B272C88F2FD6 # gpg: issuer "kwolf@redhat.com" # gpg: Good signature from "Kevin Wolf <kwolf@redhat.com>" [full] # Primary key fingerprint: DC3D EB15 9A9A F95D 3D74 56FE 7F09 B272 C88F 2FD6 * remotes/kevin/tags/for-upstream: (43 commits) iotests: Add copyright line in qcow2.py iotests/{190,291}: compat=0.10 is unsupported iotests/229: data_file is unsupported iotests/292: data_file is unsupported iotests/041: Skip test_small_target for qed iotests.py: Add skip_for_formats() decorator block: lift blocksize property limit to 2 MiB qdev-properties: add getter for size32 and blocksize block: make BlockConf size props 32bit and accept size suffixes qdev-properties: make blocksize accept size suffixes qdev-properties: add size32 property type qdev-properties: blocksize: use same limits in code and description block: consolidate blocksize properties consistency checks virtio-blk: store opt_io_size with correct size .gitignore: Ignore storage-daemon files hw/block/nvme: verify msix_init_exclusive_bar() return value hw/block/nvme: add msix_qsize parameter hw/block/nvme: Verify msix_vector_use() returned value hw/block/nvme: factor out controller identify setup hw/block/nvme: do cmb/pmr init as part of pci init ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-18configure: Add -Wno-psabiRichard Henderson1-1/+1
On aarch64, gcc 9.3 is generating qemu/exec.c: In function ‘address_space_translate_iommu’: qemu/exec.c:431:28: note: parameter passing for argument of type \ ‘MemTxAttrs’ {aka ‘struct MemTxAttrs’} changed in GCC 9.1 and many other repetitions. This structure, and the functions amongst which it is passed, are not part of a QEMU public API. Therefore we do not care how the compiler passes the argument, so long as the compiler is self-consistent. The only portion of QEMU which does have a public api, and so must have a stable abi, is "qemu/plugin.h". We test this by forcing -Wpsabi in tests/plugin/Makefile. Buglink: https://bugs.launchpad.net/qemu/+bug/1881552 Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-id: 20200617201309.1640952-6-richard.henderson@linaro.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-17tests/migration: fix unreachable path in stress testMao Zhongyi1-8/+5
If stressone() or stress() exits it's because of a failure because the test runs forever otherwise, so change stressone and stress type to void to make the exit_failure() as the exit function of main(). Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200603080904.997083-3-maozhongyi@cmss.chinamobile.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-06-17tests/migration: mem leak fixMao Zhongyi1-19/+2
‘data’ has the possibility of memory leaks, so use the glib macros g_autofree recommended by CODING_STYLE.rst to automatically release the memory that returned from g_malloc(). Signed-off-by: Mao Zhongyi <maozhongyi@cmss.chinamobile.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Laurent Vivier <laurent@vivier.eu> Message-Id: <20200603080904.997083-2-maozhongyi@cmss.chinamobile.com> Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
2020-06-17iotests: Add copyright line in qcow2.pyEric Blake2-0/+3
The file qcow2.py was originally contributed in 2012 by Kevin Wolf, but was not given traditional boilerplate headers at the time. The missing license was just rectified (commit 16306a7b39) using the project-default GPLv2+, but as Vladimir is not at Red Hat, he did not add a Copyright line. All earlier contributions have come from CC'd authors, where all but Stefan used a Red Hat address at the time of the contribution, and that copyright carries over to the split to qcow2_format.py (d5262c7124). CC: Kevin Wolf <kwolf@redhat.com> CC: Stefan Hajnoczi <stefanha@redhat.com> CC: Eduardo Habkost <ehabkost@redhat.com> CC: Max Reitz <mreitz@redhat.com> CC: Philippe Mathieu-Daudé <philmd@redhat.com> CC: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20200609205944.3549240-1-eblake@redhat.com> Acked-by: Stefan Hajnoczi <stefanha@redhat.com> Acked-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17iotests/{190,291}: compat=0.10 is unsupportedMax Reitz2-0/+4
Fixes: 5d72c68b49769c927e90b78af6d90f6a384b26ac Fixes: cf2d1203dcfc2bf964453d83a2302231ce77f2dc Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200617104822.27525-6-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17iotests/229: data_file is unsupportedMax Reitz1-0/+3
Fixes: d89ac3cf305b28c024a76805a84d75c0ee1e786f Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200617104822.27525-5-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17iotests/292: data_file is unsupportedMax Reitz1-0/+5
Fixes: e4d7019e1a81c61de6a925c3ac5bb6e62ea21b29 Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200617104822.27525-4-mreitz@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17iotests/041: Skip test_small_target for qedMax Reitz1-0/+2
qed does not support shrinking images, so the test_small_target method should be skipped to keep 041 passing. Fixes: 16cea4ee1c8e5a69a058e76f426b2e17974d8d7d Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200617104822.27525-3-mreitz@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17iotests.py: Add skip_for_formats() decoratorMax Reitz2-4/+19
Sometimes, we want to skip some test methods for certain formats. This decorator allows that. Signed-off-by: Max Reitz <mreitz@redhat.com> Message-Id: <20200617104822.27525-2-mreitz@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17qdev-properties: add getter for size32 and blocksizeRoman Kagan1-265/+265
Add getter for size32, and use it for blocksize, too. In its human-readable branch, it reports approximate size in human-readable units next to the exact byte value, like the getter for 64bit size does. Adjust the expected test output accordingly. Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20200528225516.1676602-8-rvkagan@yandex-team.ru> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-17block: consolidate blocksize properties consistency checksRoman Kagan1-1/+1
Several block device properties related to blocksize configuration must be in certain relationship WRT each other: physical block must be no smaller than logical block; min_io_size, opt_io_size, and discard_granularity must be a multiple of a logical block. To ensure these requirements are met, add corresponding consistency checks to blkconf_blocksizes, adjusting its signature to communicate possible error to the caller. Also remove the now redundant consistency checks from the specific devices. Signed-off-by: Roman Kagan <rvkagan@yandex-team.ru> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Paul Durrant <paul@xen.org> Message-Id: <20200528225516.1676602-3-rvkagan@yandex-team.ru> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2020-06-16Merge remote-tracking branch ↵Peter Maydell13-13/+499
'remotes/stsquad/tags/pull-testing-and-plugin-160620-2' into staging Testing and plugin updates - clear up dtc warnings - add support for --enable-tsan builds - re-enable shippable cross builds - serialise cirrus check steps - fix check-tcg plugin issues - add lockstep plugin # gpg: Signature made Tue 16 Jun 2020 14:50:09 BST # gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full] # Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44 * remotes/stsquad/tags/pull-testing-and-plugin-160620-2: (21 commits) plugins: new lockstep plugin for debugging TCG changes tests/tcg: ensure -cpu max also used for plugin run tests/tcg: build plugin list from contents of src directory cirrus.yml: serialise make check Revert ".shippable: temporaily disable some cross builds" tests: Disable select tests under TSan, which hit TSan issue. docs: Added details on TSan to testing.rst util: Added tsan annotate for thread name. include/qemu: Added tsan.h for annotations. tests/docker: Added docker build support for TSan. thread: add tsan annotations to QemuSpin translate-all: call qemu_spin_destroy for PageDesc tcg: call qemu_spin_destroy for tb->jmp_lock qht: call qemu_spin_destroy for head buckets cputlb: destroy CPUTLB with tlb_destroy thread: add qemu_spin_destroy cpu: convert queued work to a QSIMPLEQ configure: add --enable-tsan flag + fiber annotations for coroutine-ucontext Makefile: remove old compatibility gunks Makefile: dtc: update, build the libfdt target ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-16plugins: new lockstep plugin for debugging TCG changesAlex Bennée3-1/+343
When we make changes to the TCG we sometimes cause regressions that are deep into the execution cycle of the guest. Debugging this often requires comparing large volumes of trace information to figure out where behaviour has diverged. The lockstep plugin utilises a shared socket so two QEMU's running with the plugin will write their current execution position and wait to receive the position of their partner process. When execution diverges the plugins output where they were and the previous few blocks before unloading themselves and letting execution continue. Originally I planned for this to be most useful with -icount but it turns out you can get divergence pretty quickly due to asynchronous qemu_cpu_kick_rr_cpus() events causing one side to eventually run into a short block a few cycles before the other side. For this reason I've added a bit of tracking and I think the divergence reporting could be finessed to report only if we really start to diverge in execution. An example run would be: qemu-system-sparc -monitor none -parallel none -net none \ -M SS-20 -m 256 -kernel day11/zImage.elf \ -plugin ./tests/plugin/liblockstep.so,arg=lockstep-sparc.sock \ -d plugin,nochain with an identical command in another window in the same working directory. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Robert Foley <robert.foley@linaro.org> Tested-by: Robert Foley <robert.foley@linaro.org> Cc: Richard Henderson <richard.henderson@linaro.org> Cc: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Message-Id: <20200610155509.12850-3-alex.bennee@linaro.org>
2020-06-16tests/tcg: ensure -cpu max also used for plugin runAlex Bennée2-1/+3
The check-tcg plugins build was failing because some special case tests that needed -cpu max failed because the plugin variant hadn't carried across the QEMU_OPTS tweak. Guests which globally set QEMU_OPTS=-cpu FOO where unaffected. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200615141922.18829-3-alex.bennee@linaro.org>
2020-06-16tests/tcg: build plugin list from contents of src directoryAlex Bennée3-7/+8
If you jump back and forth between branches while developing plugins you end up debugging failures caused by plugins left in the build directory. Fix this by basing plugins on the source tree instead. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200615141922.18829-2-alex.bennee@linaro.org>
2020-06-16tests: Disable select tests under TSan, which hit TSan issue.Robert Foley2-4/+12
Disable a few tests under CONFIG_TSAN, which run into a known TSan issue that results in a hang. https://github.com/google/sanitizers/issues/1116 The disabled tests under TSan include all the qtests as well as the test-char, test-qga, and test-qdev-global-props. Signed-off-by: Robert Foley <robert.foley@linaro.org> Reviewed-by: Emilio G. Cota <cota@braap.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200609200738.445-14-robert.foley@linaro.org> Message-Id: <20200612190237.30436-17-alex.bennee@linaro.org>
2020-06-16tests/docker: Added docker build support for TSan.Robert Foley4-0/+133
Added a new docker for ubuntu 20.04. This docker has support for Thread Sanitizer including one patch we need in one of the header files. https://github.com/llvm/llvm-project/commit/a72dc86cd This command will build with tsan enabled: make docker-test-tsan-ubuntu2004 V=1 Also added the TSAN suppresion file to disable certain cases of TSAN warnings. Cc: Fam Zheng <fam@euphon.net> Cc: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Robert Foley <robert.foley@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200609200738.445-10-robert.foley@linaro.org> Message-Id: <20200612190237.30436-13-alex.bennee@linaro.org>
2020-06-16tests/docker: bump fedora to 32Alex Bennée1-1/+1
We should be keeping this up to date as Fedora goes out of support quite quickly. Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20200612190237.30436-2-alex.bennee@linaro.org>
2020-06-16Merge remote-tracking branch 'remotes/armbru/tags/pull-qom-2020-06-15' into ↵Peter Maydell1-4/+5
staging QOM patches for 2020-06-15 # gpg: Signature made Mon 15 Jun 2020 21:07:19 BST # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qom-2020-06-15: (84 commits) MAINTAINERS: Make section QOM cover hw/core/*bus.c as well qdev: qdev_init_nofail() is now unused, drop qdev: Convert bus-less devices to qdev_realize() with Coccinelle qdev: Use qdev_realize() in qdev_device_add() qdev: Make qdev_realize() support bus-less devices s390x/event-facility: Simplify creation of SCLP event devices microbit: Eliminate two local variables in microbit_init() sysbus: sysbus_init_child_obj() is now unused, drop sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 4 sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 3 sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 2 sysbus: Convert qdev_set_parent_bus() use with Coccinelle, part 1 qdev: Drop qdev_realize() support for null bus sysbus: Convert to sysbus_realize() etc. with Coccinelle sysbus: New sysbus_realize(), sysbus_realize_and_unref() sysbus: Tidy up sysbus_init_child_obj()'s @childsize arg, part 2 hw/arm/armsse: Pass correct child size to sysbus_init_child_obj() sysbus: Tidy up sysbus_init_child_obj()'s @childsize arg, part 1 microbit: Tidy up sysbus_init_child_obj() @child argument sysbus: Drop useless OBJECT() in sysbus_init_child_obj() calls ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-16Merge remote-tracking branch ↵Peter Maydell42-39/+346
'remotes/huth-gitlab/tags/pull-request-2020-06-16' into staging * Latest fuzzer patches from Alexander * Fixes for the qtest bios-tables-test * LGPL information cleanup in qtest code * sh4 acceptance test * Improved submodule handling for the s390x CI test # gpg: Signature made Tue 16 Jun 2020 08:56:10 BST # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * remotes/huth-gitlab/tags/pull-request-2020-06-16: configure: Let SLOF be initialized by ./scripts/git-submodule.sh tests/acceptance: Add boot tests for sh4 QEMU advent calendar image tests/qtest: Fix LGPL information in the file headers fuzz: add oss-fuzz build-script fuzz: Add support for logging QTest commands fuzz: skip QTest serialization bios-tables-test: Fix "-tpmdev: invalid option" Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-15qdev: Convert bus-less devices to qdev_realize() with CoccinelleMarkus Armbruster1-4/+5
All remaining conversions to qdev_realize() are for bus-less devices. Coccinelle script: // only correct for bus-less @dev! @@ expression errp; expression dev; @@ - qdev_init_nofail(dev); + qdev_realize(dev, NULL, &error_fatal); @ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@ expression errp; expression dev; symbol true; @@ - object_property_set_bool(OBJECT(dev), true, "realized", errp); + qdev_realize(DEVICE(dev), NULL, errp); @ depends on !(file in "hw/core/qdev.c") && !(file in "hw/core/bus.c")@ expression errp; expression dev; symbol true; @@ - object_property_set_bool(dev, true, "realized", errp); + qdev_realize(DEVICE(dev), NULL, errp); Note that Coccinelle chokes on ARMSSE typedef vs. macro in hw/arm/armsse.c. Worked around by temporarily renaming the macro for the spatch run. Signed-off-by: Markus Armbruster <armbru@redhat.com> Acked-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20200610053247.1583243-57-armbru@redhat.com>
2020-06-15tests/acceptance: Add boot tests for sh4 QEMU advent calendar imageThomas Huth1-2/+11
Now that we can select the second serial console in the acceptance tests (see commit 746f244d9720 "Allow to use other serial consoles than default"), we can also test the sh4 image from the QEMU advent calendar 2018. Message-Id: <20200515164337.4899-1-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-06-15tests/qtest: Fix LGPL information in the file headersThomas Huth36-36/+36
It's either "GNU *Library* General Public License version 2" or "GNU Lesser General Public License version *2.1*", but there was no "version 2.0" of the "Lesser" license. So assume that version 2.1 is meant here. Message-Id: <20200605100645.6506-1-thuth@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-06-15fuzz: Add support for logging QTest commandsAlexander Bulekov1-1/+8
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200529221450.26673-3-alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-06-15fuzz: skip QTest serializationAlexander Bulekov4-1/+288
The QTest server usually parses ASCII commands from clients. Since we fuzz within the QEMU process, skip the QTest serialization and server for most QTest commands. Leave the option to use the ASCII protocol, to generate readable traces for crash reproducers. Inspired-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200529221450.26673-2-alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-06-15bios-tables-test: Fix "-tpmdev: invalid option"Eric Auger1-0/+4
When configure is run with "--disable-tpm", the bios-tables-test q35/tis test fails with "-tpmdev: invalid option". Skip the test if CONFIG_TPM is unset. Signed-off-by: Eric Auger <eric.auger@redhat.com> Reported-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <20200615135051.2213-1-eric.auger@redhat.com> Tested-by: Stefan Berger <stefanb@linux.ibm.com> Fixes: 5da7c35e25 ("bios-tables-test: Add Q35/TPM-TIS test") Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2020-06-15test-crypto-secret: add 'secret_keyring' object tests.Alexey Krasikov2-0/+162
Add tests: test_secret_keyring_good; test_secret_keyring_revoked_key; test_secret_keyring_expired_key; test_secret_keyring_bad_serial_key; test_secret_keyring_bad_key_access_right; Added tests require libkeyutils. The absence of this library is not critical, because these tests will be skipped in this case. Signed-off-by: Alexey Krasikov <alex-krasikov@yandex-team.ru> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
2020-06-12Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell13-12/+1692
* Miscellaneous fixes and feature enablement (many) * SEV refactoring (David) * Hyper-V initial support (Jon) * i386 TCG fixes (x87 and SSE, Joseph) * vmport cleanup and improvements (Philippe, Liran) * Use-after-free with vCPU hot-unplug (Nengyuan) * run-coverity-scan improvements (myself) * Record/replay fixes (Pavel) * -machine kernel_irqchip=split improvements for INTx (Peter) * Code cleanups (Philippe) * Crash and security fixes (PJP) * HVF cleanups (Roman) # gpg: Signature made Fri 12 Jun 2020 16:57:04 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (116 commits) target/i386: Remove obsolete TODO file stubs: move Xen stubs to accel/ replay: fix replay shutdown for console mode exec/cpu-common: Move MUSB specific typedefs to 'hw/usb/hcd-musb.h' hw/usb: Move device-specific declarations to new 'hcd-musb.h' header exec/memory: Remove unused MemoryRegionMmio type checkpatch: reversed logic with acpi test checks target/i386: sev: Unify SEVState and SevGuestState target/i386: sev: Remove redundant handle field target/i386: sev: Remove redundant policy field target/i386: sev: Remove redundant cbitpos and reduced_phys_bits fields target/i386: sev: Partial cleanup to sev_state global target/i386: sev: Embed SEVState in SevGuestState target/i386: sev: Rename QSevGuestInfo target/i386: sev: Move local structure definitions into .c file target/i386: sev: Remove unused QSevGuestInfoClass xen: fix build without pci passthrough i386: hvf: Drop HVFX86EmulatorState i386: hvf: Move mmio_buf into CPUX86State i386: hvf: Move lazy_flags into CPUX86State ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org> # Conflicts: # hw/i386/acpi-build.c
2020-06-12target/i386: correct fix for pcmpxstrx substring searchJoseph Myers2-0/+36
This corrects a bug introduced in my previous fix for SSE4.2 pcmpestri / pcmpestrm / pcmpistri / pcmpistrm substring search, commit ae35eea7e4a9f21dd147406dfbcd0c4c6aaf2a60. That commit fixed a bug that showed up in four GCC tests with one libc implementation. The tests in question generate random inputs to the intrinsics and compare results to a C implementation, but they only test 1024 possible random inputs, and when the tests use the cases of those instructions that work with word rather than byte inputs, it's easy to have problematic cases that show up much less frequently than that. Thus, testing with a different libc implementation, and so a different random number generator, showed up a problem with the previous patch. When investigating the previous test failures, I found the description of these instructions in the Intel manuals (starting from computing a 16x16 or 8x8 set of comparison results) confusing and hard to match up with the more optimized implementation in QEMU, and referred to AMD manuals which described the instructions in a different way. Those AMD descriptions are very explicit that the whole of the string being searched for must be found in the other operand, not running off the end of that operand; they say "If the prototype and the SUT are equal in length, the two strings must be identical for the comparison to be TRUE.". However, that statement is incorrect. In my previous commit message, I noted: The operation in this case is a search for a string (argument d to the helper) in another string (argument s to the helper); if a copy of d at a particular position would run off the end of s, the resulting output bit should be 0 whether or not the strings match in the region where they overlap, but the QEMU implementation was wrongly comparing only up to the point where s ends and counting it as a match if an initial segment of d matched a terminal segment of s. Here, "run off the end of s" means that some byte of d would overlap some byte outside of s; thus, if d has zero length, it is considered to match everywhere, including after the end of s. The description "some byte of d would overlap some byte outside of s" is accurate only when understood to refer to overlapping some byte *within the 16-byte operand* but at or after the zero terminator; it is valid to run over the end of s if the end of s is the end of the 16-byte operand. So the fix in the previous patch for the case of d being empty was correct, but the other part of that patch was not correct (as it never allowed partial matches even at the end of the 16-byte operand). Nor was the code before the previous patch correct for the case of d nonempty, as it would always have allowed partial matches at the end of s. Fix with a partial revert of my previous change, combined with inserting a check for the special case of s having maximum length to determine where it is necessary to check for matches. In the added test, test 1 is for the case of empty strings, which failed before my 2017 patch, test 2 is for the bug introduced by my 2017 patch and test 3 deals with the case where a match of an initial segment at the end of the string is not valid when the string ends before the end of the 16-byte operand (that is, the case that would be broken by a simple revert of the non-empty-string part of my 2017 patch). Signed-off-by: Joseph Myers <joseph@codesourcery.com> Message-Id: <alpine.DEB.2.21.2006121344290.9881@digraph.polyomino.org.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-12Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell26-1/+62
virtio,acpi,pci: features, fixes, cleanups, tests Max slots negotiation for vhost-user. Free page reporting for balloon. Partial TPM2 ACPI support for ARM. Support for NVDIMMs having their own proximity domains. New vhost-user-vsock device. Fixes, cleanups in ACPI, PCI, virtio. New tests for TPM ACPI. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Fri 12 Jun 2020 15:18:04 BST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: (58 commits) virtio-pci: fix queue_enable write pci: Display PCI IRQ pin in "info pci" Fix parameter type in vhost migration log path acpi: ged: rename event memory region acpi: fadt: add hw-reduced sleep register support acpi: madt: skip pci override on pci-less systems. acpi: create acpi-common.c and move madt code acpi: make build_madt() more generic. virtio: add vhost-user-vsock-pci device virtio: add vhost-user-vsock base device vhost-vsock: add vhost-vsock-common abstraction hw/pci: Fix crash when running QEMU with "-nic model=rocker" libvhost-user: advertise vring features Lift max ram slots limit in libvhost-user Support individual region unmap in libvhost-user Support adding individual regions in libvhost-user Support ram slot configuration in libvhost-user Refactor out libvhost-user fault generation logic Lift max memory slots limit imposed by vhost-user Transmit vhost-user memory regions individually ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-11Merge remote-tracking branch 'remotes/ericb/tags/pull-nbd-2020-06-09-v2' ↵Peter Maydell4-0/+21
into staging NBD patches for 2020-06-09 - fix iotest 194 race - fix CVE-2020-10761: server DoS from assertion on long NBD error messages # gpg: Signature made Wed 10 Jun 2020 18:59:19 BST # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-nbd-2020-06-09-v2: block: Call attention to truncation of long NBD exports nbd/server: Avoid long error message assertions CVE-2020-10761 iotests: 194: wait for migration completion on target too Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-11Merge remote-tracking branch 'remotes/ericb/tags/pull-bitmaps-2020-06-09' ↵Peter Maydell7-192/+397
into staging bitmaps patches for 2020-06-09 - documenation fix - various improvements to qcow2.py program used in iotests # gpg: Signature made Tue 09 Jun 2020 21:50:35 BST # gpg: using RSA key 71C2CC22B1C4602927D2F3AAA7A16B4A2527436A # gpg: Good signature from "Eric Blake <eblake@redhat.com>" [full] # gpg: aka "Eric Blake (Free Software Programmer) <ebb9@byu.net>" [full] # gpg: aka "[jpeg image of size 6874]" [full] # Primary key fingerprint: 71C2 CC22 B1C4 6029 27D2 F3AA A7A1 6B4A 2527 436A * remotes/ericb/tags/pull-bitmaps-2020-06-09: iotests: Fix 291 across more file systems qcow2_format.py: dump bitmaps header extension qcow2: QcowHeaderExtension print names for extension magics qcow2_format: refactor QcowHeaderExtension as a subclass of Qcow2Struct qcow2_format.py: QcowHeaderExtension: add dump method qcow2_format.py: add field-formatting class qcow2_format.py: separate generic functionality of structure classes qcow2_format.py: use strings to specify c-type of struct fields qcow2_format.py: use modern string formatting qcow2_format.py: use tuples instead of lists for fields qcow2_format.py: drop new line printing at end of dump() qcow2.py: move qcow2 format classes to separate module qcow2.py: add licensing blurb qcow2.py: python style fixes qemu-img: Fix doc typo for 'bitmap' subcommand Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-11Merge remote-tracking branch 'remotes/rth/tags/pull-dt-20200609' into stagingPeter Maydell6-5/+63
Add non-overlapping groups # gpg: Signature made Tue 09 Jun 2020 17:22:17 BST # gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F # gpg: issuer "richard.henderson@linaro.org" # gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full] # Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F * remotes/rth/tags/pull-dt-20200609: target/arm: Use a non-overlapping group for misc control decodetree: Drop check for less than 2 patterns in a group tests/decode: Test non-overlapping groups decodetree: Implement non-overlapping groups decodetree: Move semantic propagation into classes decodetree: Allow group covering the entire insn space decodetree: Split out MultiPattern from IncMultiPattern decodetree: Rename MultiPattern to IncMultiPattern decodetree: Tidy error_with_file Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-06-10nbd/server: Avoid long error message assertions CVE-2020-10761Eric Blake2-0/+6
Ever since commit 36683283 (v2.8), the server code asserts that error strings sent to the client are well-formed per the protocol by not exceeding the maximum string length of 4096. At the time the server first started sending error messages, the assertion could not be triggered, because messages were completely under our control. However, over the years, we have added latent scenarios where a client could trigger the server to attempt an error message that would include the client's information if it passed other checks first: - requesting NBD_OPT_INFO/GO on an export name that is not present (commit 0cfae925 in v2.12 echoes the name) - requesting NBD_OPT_LIST/SET_META_CONTEXT on an export name that is not present (commit e7b1948d in v2.12 echoes the name) At the time, those were still safe because we flagged names larger than 256 bytes with a different message; but that changed in commit 93676c88 (v4.2) when we raised the name limit to 4096 to match the NBD string limit. (That commit also failed to change the magic number 4096 in nbd_negotiate_send_rep_err to the just-introduced named constant.) So with that commit, long client names appended to server text can now trigger the assertion, and thus be used as a denial of service attack against a server. As a mitigating factor, if the server requires TLS, the client cannot trigger the problematic paths unless it first supplies TLS credentials, and such trusted clients are less likely to try to intentionally crash the server. We may later want to further sanitize the user-supplied strings we place into our error messages, such as scrubbing out control characters, but that is less important to the CVE fix, so it can be a later patch to the new nbd_sanitize_name. Consideration was given to changing the assertion in nbd_negotiate_send_rep_verr to instead merely log a server error and truncate the message, to avoid leaving a latent path that could trigger a future CVE DoS on any new error message. However, this merely complicates the code for something that is already (correctly) flagging coding errors, and now that we are aware of the long message pitfall, we are less likely to introduce such errors in the future, which would make such error handling dead code. Reported-by: Xueqiang Wei <xuwei@redhat.com> CC: qemu-stable@nongnu.org Fixes: https://bugzilla.redhat.com/1843684 CVE-2020-10761 Fixes: 93676c88d7 Signed-off-by: Eric Blake <eblake@redhat.com> Message-Id: <20200610163741.3745251-2-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
2020-06-10target/i386: fix IEEE x87 floating-point exception raisingJoseph Myers1-0/+831
Most x87 instruction implementations fail to raise the expected IEEE floating-point exceptions because they do nothing to convert the exception state from the softfloat machinery into the exception flags in the x87 status word. There is special-case handling of division to raise the divide-by-zero exception, but that handling is itself buggy: it raises the exception in inappropriate cases (inf / 0 and nan / 0, which should not raise any exceptions, and 0 / 0, which should raise "invalid" instead). Fix this by converting the floating-point exceptions raised during an operation by the softfloat machinery into exceptions in the x87 status word (passing through the existing fpu_set_exception function for handling related to trapping exceptions). There are special cases where some functions convert to integer internally but exceptions from that conversion are not always correct exceptions for the instruction to raise. There might be scope for some simplification if the softfloat exception state either could always be assumed to be in sync with the state in the status word, or could always be ignored at the start of each instruction and just set to 0 then; I haven't looked into that in detail, and it might run into interactions with the various ways the emulation does not yet handle trapping exceptions properly. I think the approach taken here, of saving the softfloat state, setting exceptions there to 0 and then merging the old exceptions back in after carrying out the operation, is conservatively safe. Signed-off-by: Joseph Myers <joseph@codesourcery.com> Message-Id: <alpine.DEB.2.21.2005152120280.3469@digraph.polyomino.org.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10tests: machine-none-test: Enable MicroBlaze testingEdgar E. Iglesias1-6/+4
Enable MicroBlaze testing. Signed-off-by: Edgar E. Iglesias <edgar.iglesias@xilinx.com> Message-Id: <20200416193303.23674-2-edgar.iglesias@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-06-10target/i386: fix fisttpl, fisttpll handling of out-of-range valuesJoseph Myers1-0/+100
The fist / fistt family of instructions should all store the most negative integer in the destination format when the rounded / truncated integer result is out of range or the input is an invalid encoding, infinity or NaN. The fisttpl and fisttpll implementations (32-bit and 64-bit results, truncate towards zero) failed to do this, producing the most positive integer in some cases instead. Fix this by copying the code used to handle this issue for fistpl and fistpll, adjusted to use the _round_to_zero functions for the actual conversion (but without any other changes to that code). Signed-off-by: Joseph Myers <joseph@codesourcery.com> Message-Id: <alpine.DEB.2.21.2005152119160.3469@digraph.polyomino.org.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>