From 6a4fa294ebe56aa09cf65430305c80415a4d73d9 Mon Sep 17 00:00:00 2001 From: Pierrick Bouvier Date: Mon, 9 Dec 2024 10:30:59 -0800 Subject: docs/devel: remove dead video link for sourcehut submit process Reviewed-by: Thomas Huth Reviewed-by: Richard Henderson Signed-off-by: Pierrick Bouvier Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- docs/devel/submitting-a-patch.rst | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/docs/devel/submitting-a-patch.rst b/docs/devel/submitting-a-patch.rst index 10b062e..03b2ac2 100644 --- a/docs/devel/submitting-a-patch.rst +++ b/docs/devel/submitting-a-patch.rst @@ -252,10 +252,7 @@ patches to the QEMU mailing list by following these steps: #. Send your patches to the QEMU mailing list using the web-based ``git-send-email`` UI at https://git.sr.ht/~USERNAME/qemu/send-email -`This video -`__ -shows the web-based ``git-send-email`` workflow. Documentation is -available `here +Documentation for sourcehut is available `here `__. .. _cc_the_relevant_maintainer: -- cgit v1.1 From f2ccc4149363ed52444efc975ed838d6757c775c Mon Sep 17 00:00:00 2001 From: Zhao Liu Date: Wed, 27 Nov 2024 00:30:45 +0800 Subject: hw/timer/hpet: Fix comment about capabilities register HPETState.capability stores the emulated value for "general capabilities and id register" instead of "main counter register". Fix the comment to accurately reflect this. Signed-off-by: Zhao Liu Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- hw/timer/hpet.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/timer/hpet.c b/hw/timer/hpet.c index 2a45410..1c8c6c6 100644 --- a/hw/timer/hpet.c +++ b/hw/timer/hpet.c @@ -736,7 +736,7 @@ static void hpet_realize(DeviceState *dev, Error **errp) timer->state = s; } - /* 64-bit main counter; LegacyReplacementRoute. */ + /* 64-bit General Capabilities and ID Register; LegacyReplacementRoute. */ s->capability = 0x8086a001ULL; s->capability |= (s->num_timers - 1) << HPET_ID_NUM_TIM_SHIFT; s->capability |= ((uint64_t)(HPET_CLK_PERIOD * FS_PER_NS) << 32); -- cgit v1.1 From 11ea52fcbeebe2bbef24ef2eedcc64800f5eaa82 Mon Sep 17 00:00:00 2001 From: Zhao Liu Date: Wed, 27 Nov 2024 00:30:46 +0800 Subject: hw/timer/hpet: Drop the unused macro MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit HPET_TN_CFG_BITS_READONLY_OR_RESERVED is not used in any place since HPET_TN_CFG_WRITE_MASK has been already used to check and fix the writable bits in hpet_ram_write(). Drop this unused macro. Signed-off-by: Zhao Liu Reviewed-by: Philippe Mathieu-Daudé Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- include/hw/timer/hpet.h | 1 - 1 file changed, 1 deletion(-) diff --git a/include/hw/timer/hpet.h b/include/hw/timer/hpet.h index d17a8d4..71e8c62 100644 --- a/include/hw/timer/hpet.h +++ b/include/hw/timer/hpet.h @@ -58,7 +58,6 @@ #define HPET_TN_CFG_WRITE_MASK 0x7f4e #define HPET_TN_INT_ROUTE_SHIFT 9 #define HPET_TN_INT_ROUTE_CAP_SHIFT 32 -#define HPET_TN_CFG_BITS_READONLY_OR_RESERVED 0xffff80b1U struct hpet_fw_entry { -- cgit v1.1 From 0cb3ff7c22671aa1e1e227318799ccf6762c3bea Mon Sep 17 00:00:00 2001 From: Pierrick Bouvier Date: Wed, 4 Dec 2024 11:51:11 -0800 Subject: vvfat: fix ubsan issue in create_long_filename Found with test sbsaref introduced in [1]. [1] https://patchew.org/QEMU/20241203213629.2482806-1-pierrick.bouvier@linaro.org/ ../block/vvfat.c:433:24: runtime error: index 14 out of bounds for type 'uint8_t [11]' #0 0x56151a66b93a in create_long_filename ../block/vvfat.c:433 #1 0x56151a66f3d7 in create_short_and_long_name ../block/vvfat.c:725 #2 0x56151a670403 in read_directory ../block/vvfat.c:804 #3 0x56151a674432 in init_directories ../block/vvfat.c:964 #4 0x56151a67867b in vvfat_open ../block/vvfat.c:1258 #5 0x56151a3b8e19 in bdrv_open_driver ../block.c:1660 #6 0x56151a3bb666 in bdrv_open_common ../block.c:1985 #7 0x56151a3cadb9 in bdrv_open_inherit ../block.c:4153 #8 0x56151a3c8850 in bdrv_open_child_bs ../block.c:3731 #9 0x56151a3ca832 in bdrv_open_inherit ../block.c:4098 #10 0x56151a3cbe40 in bdrv_open ../block.c:4248 #11 0x56151a46344f in blk_new_open ../block/block-backend.c:457 #12 0x56151a388bd9 in blockdev_init ../blockdev.c:612 #13 0x56151a38ab2d in drive_new ../blockdev.c:1006 #14 0x5615190fca41 in drive_init_func ../system/vl.c:649 #15 0x56151aa796dd in qemu_opts_foreach ../util/qemu-option.c:1135 #16 0x5615190fd2b6 in configure_blockdev ../system/vl.c:708 #17 0x56151910a307 in qemu_create_early_backends ../system/vl.c:2004 #18 0x561519113fcf in qemu_init ../system/vl.c:3685 #19 0x56151a7e438e in main ../system/main.c:47 #20 0x7f72d1a46249 in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58 #21 0x7f72d1a46304 in __libc_start_main_impl ../csu/libc-start.c:360 #22 0x561517e98510 in _start (/home/user/.work/qemu/build/qemu-system-aarch64+0x3b9b510) The offset used can easily go beyond entry->name size. It's probably a bug, but I don't have the time to dive into vfat specifics for now. This change solves the ubsan issue, and is functionally equivalent, as anything written past the entry->name array would not be read anyway. Signed-off-by: Pierrick Bouvier Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- block/vvfat.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/block/vvfat.c b/block/vvfat.c index 8ffe8b3..f2eafaa 100644 --- a/block/vvfat.c +++ b/block/vvfat.c @@ -426,6 +426,10 @@ static direntry_t *create_long_filename(BDRVVVFATState *s, const char *filename) else if(offset<22) offset=14+offset-10; else offset=28+offset-22; entry=array_get(&(s->directory),s->directory.next-1-(i/26)); + /* ensure we don't write anything past entry->name */ + if (offset >= sizeof(entry->name)) { + continue; + } if (i >= 2 * length + 2) { entry->name[offset] = 0xff; } else if (i % 2 == 0) { -- cgit v1.1 From 916f50172baa91ddf0e669a9d6d2747055c0e610 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 19 Dec 2024 16:02:01 +0100 Subject: docs: Correct '-runas' and '-fsdev/-virtfs proxy' indentation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Use the same style for deprecated / removed commands. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alex Bennée Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- docs/about/deprecated.rst | 2 +- docs/about/removed-features.rst | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 267892b..d6809f9 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -75,7 +75,7 @@ marked deprecated since 9.0, users have to ensure that all the topology members described with -smp are supported by the target machine. ``-runas`` (since 9.1) ----------------------- +'''''''''''''''''''''' Use ``-run-with user=..`` instead. diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index 9bebee7..68fe0b4 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -518,7 +518,7 @@ and later do not support it because the virtio-scsi device was introduced for full SCSI support. Use virtio-scsi instead when SCSI passthrough is required. ``-fsdev proxy`` and ``-virtfs proxy`` (since 9.2) -^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +'''''''''''''''''''''''''''''''''''''''''''''''''' The 9p ``proxy`` filesystem backend driver was originally developed to enhance security by dispatching low level filesystem operations from 9p -- cgit v1.1 From b4859e8f33a7d9c793a60395f792c10190cb4f78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 19 Dec 2024 16:02:02 +0100 Subject: docs: Correct release of TCG trace-events removal MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit TCG trace-events were deprecated before the v6.2 release, and removed for v7.0. Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alex Bennée Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- docs/about/removed-features.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index 68fe0b4..e3a87f3 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -1087,8 +1087,8 @@ processor IP (see `Intel discontinuance notification`_). TCG introspection features -------------------------- -TCG trace-events (since 6.2) -'''''''''''''''''''''''''''' +TCG trace-events (removed in 7.0) +''''''''''''''''''''''''''''''''' The ability to add new TCG trace points had bit rotted and as the feature can be replicated with TCG plugins it was removed. If -- cgit v1.1 From 1dd1a36de5b8651506f653aa27ba936ceed54c6f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Philippe=20Mathieu-Daud=C3=A9?= Date: Thu, 19 Dec 2024 16:02:03 +0100 Subject: docs: Replace 'since' -> 'removed in' in removed-features.rst MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Philippe Mathieu-Daudé Reviewed-by: Alex Bennée Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- docs/about/removed-features.rst | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/about/removed-features.rst b/docs/about/removed-features.rst index e3a87f3..cb13880 100644 --- a/docs/about/removed-features.rst +++ b/docs/about/removed-features.rst @@ -403,13 +403,13 @@ Sound card devices should be created using ``-device`` or ``-audio``. The exception is ``pcspk`` which can be activated using ``-machine pcspk-audiodev=``. -``-watchdog`` (since 7.2) -''''''''''''''''''''''''' +``-watchdog`` (removed in 7.2) +'''''''''''''''''''''''''''''' Use ``-device`` instead. -Hexadecimal sizes with scaling multipliers (since 8.0) -'''''''''''''''''''''''''''''''''''''''''''''''''''''' +Hexadecimal sizes with scaling multipliers (removed in 8.0) +''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' Input parameters that take a size value should only use a size suffix (such as 'k' or 'M') when the base is written in decimal, and not when @@ -510,15 +510,15 @@ than zero. Removed along with the ``compression`` migration capability. -``-device virtio-blk,scsi=on|off`` (since 9.1) -'''''''''''''''''''''''''''''''''''''''''''''' +``-device virtio-blk,scsi=on|off`` (removed in 9.1) +''''''''''''''''''''''''''''''''''''''''''''''''''' The virtio-blk SCSI passthrough feature is a legacy VIRTIO feature. VIRTIO 1.0 and later do not support it because the virtio-scsi device was introduced for full SCSI support. Use virtio-scsi instead when SCSI passthrough is required. -``-fsdev proxy`` and ``-virtfs proxy`` (since 9.2) -'''''''''''''''''''''''''''''''''''''''''''''''''' +``-fsdev proxy`` and ``-virtfs proxy`` (removed in 9.2) +''''''''''''''''''''''''''''''''''''''''''''''''''''''' The 9p ``proxy`` filesystem backend driver was originally developed to enhance security by dispatching low level filesystem operations from 9p @@ -532,8 +532,8 @@ security model option, or switch to ``virtiofs``. The virtiofs daemon ``virtiofsd`` uses vhost to eliminate the high latency costs of the 9p ``proxy`` backend. -``-portrait`` and ``-rotate`` (since 9.2) -''''''''''''''''''''''''''''''''''''''''' +``-portrait`` and ``-rotate`` (removed in 9.2) +'''''''''''''''''''''''''''''''''''''''''''''' The ``-portrait`` and ``-rotate`` options were documented as only working with the PXA LCD device, and all the machine types using -- cgit v1.1 From 93dcc9390e5ad0696ae7e9b7b3a5b08c2d1b6de6 Mon Sep 17 00:00:00 2001 From: Han Han Date: Thu, 19 Dec 2024 16:51:38 +0800 Subject: target/i386/cpu: Fix notes for CPU models Fixes: 644e3c5d812 ("missing vmx features for Skylake-Server and Cascadelake-Server") Signed-off-by: Han Han Reviewed-by: Chenyi Qiang Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- target/i386/cpu.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/target/i386/cpu.c b/target/i386/cpu.c index 660ddaf..0b63984 100644 --- a/target/i386/cpu.c +++ b/target/i386/cpu.c @@ -3692,6 +3692,7 @@ static const X86CPUDefinition builtin_x86_defs[] = { }, { .version = 4, + .note = "IBRS, EPT switching, no TSX", .props = (PropValue[]) { { "vmx-eptp-switching", "on" }, { /* end of list */ } @@ -3826,7 +3827,7 @@ static const X86CPUDefinition builtin_x86_defs[] = { }, }, { .version = 4, - .note = "ARCH_CAPABILITIES, no TSX", + .note = "ARCH_CAPABILITIES, EPT switching, no TSX", .props = (PropValue[]) { { "vmx-eptp-switching", "on" }, { /* end of list */ } -- cgit v1.1 From a8743193ff1ed221f42c0341182cada3d67793cc Mon Sep 17 00:00:00 2001 From: Daniel Henrique Barboza Date: Sun, 22 Dec 2024 18:45:07 -0300 Subject: hw/riscv/riscv-iommu-sys.c: fix duplicated 'table_size' Trivial fix for the following ticket: CID 1568580: Incorrect expression (EVALUATION_ORDER) In "table_size = table_size = n_vectors * 16U", "table_size" is written twice with the same value. Cc: qemu-trivial@nongnu.org Cc: Peter Maydell Resolves: Coverity CID 1568580 Fixes: 01c1caa9d1 ("hw/riscv/virt.c, riscv-iommu-sys.c: add MSIx support") Signed-off-by: Daniel Henrique Barboza Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- hw/riscv/riscv-iommu-sys.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hw/riscv/riscv-iommu-sys.c b/hw/riscv/riscv-iommu-sys.c index 28153f3..65b24fb 100644 --- a/hw/riscv/riscv-iommu-sys.c +++ b/hw/riscv/riscv-iommu-sys.c @@ -121,7 +121,7 @@ static void riscv_iommu_sysdev_init_msi(RISCVIOMMUStateSys *s, uint32_t n_vectors) { RISCVIOMMUState *iommu = &s->iommu; - uint32_t table_size = table_size = n_vectors * PCI_MSIX_ENTRY_SIZE; + uint32_t table_size = n_vectors * PCI_MSIX_ENTRY_SIZE; uint32_t table_offset = RISCV_IOMMU_REG_MSI_CONFIG; uint32_t pba_size = QEMU_ALIGN_UP(n_vectors, 64) / 8; uint32_t pba_offset = RISCV_IOMMU_REG_MSI_CONFIG + 256; -- cgit v1.1 From 8ee904b3a4b5638a0046ee3e1948d89ecb2e2668 Mon Sep 17 00:00:00 2001 From: ckf104 <1900011634@pku.edu.cn> Date: Tue, 17 Dec 2024 22:24:15 +0800 Subject: contrib/plugins/bbv.c: Start bb index from 1 Standard simpoint tool reqeusts that index of basic block index starts from 1. Signed-off-by: ckf104 <1900011634@pku.edu.cn> Reviewed-by: Pierrick Bouvier Reviewed-by: Michael Tokarev Signed-off-by: Michael Tokarev --- contrib/plugins/bbv.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/contrib/plugins/bbv.c b/contrib/plugins/bbv.c index a525651..b9da6f8 100644 --- a/contrib/plugins/bbv.c +++ b/contrib/plugins/bbv.c @@ -109,7 +109,7 @@ static void vcpu_tb_trans(qemu_plugin_id_t id, struct qemu_plugin_tb *tb) bb = g_new(Bb, 1); bb->vaddr = vaddr; bb->count = qemu_plugin_scoreboard_new(sizeof(uint64_t)); - bb->index = g_hash_table_size(bbs); + bb->index = g_hash_table_size(bbs) + 1; g_hash_table_replace(bbs, &bb->vaddr, bb); } g_rw_lock_writer_unlock(&bbs_lock); -- cgit v1.1 From 1e3d4d9a1a32ac6835f0d295a5117851c421fb5d Mon Sep 17 00:00:00 2001 From: Laurent Vivier Date: Mon, 16 Dec 2024 18:09:14 +0100 Subject: qmp: update vhost-user protocol feature maps Add VHOST_USER_PROTOCOL_F_SHARED_OBJECT and VHOST_USER_PROTOCOL_F_DEVICE_STATE protocol feature maps to the virtio introspection. Cc: jonah.palmer@oracle.com Fixes: 160947666276 ("vhost-user: add shared_object msg") Cc: aesteve@redhat.com Fixes: cda83adc62b6 ("vhost-user: Interface for migration state transfer") Cc: hreitz@redhat.com Signed-off-by: Laurent Vivier Signed-off-by: Michael Tokarev --- hw/virtio/virtio-qmp.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/hw/virtio/virtio-qmp.c b/hw/virtio/virtio-qmp.c index cccc6fe..8a32a3b 100644 --- a/hw/virtio/virtio-qmp.c +++ b/hw/virtio/virtio-qmp.c @@ -121,6 +121,12 @@ static const qmp_virtio_feature_map_t vhost_user_protocol_map[] = { FEATURE_ENTRY(VHOST_USER_PROTOCOL_F_STATUS, \ "VHOST_USER_PROTOCOL_F_STATUS: Querying and notifying back-end " "device status supported"), + FEATURE_ENTRY(VHOST_USER_PROTOCOL_F_SHARED_OBJECT, \ + "VHOST_USER_PROTOCOL_F_SHARED_OBJECT: Backend shared object " + "supported"), + FEATURE_ENTRY(VHOST_USER_PROTOCOL_F_DEVICE_STATE, \ + "VHOST_USER_PROTOCOL_F_DEVICE_STATE: Backend device state transfer " + "supported"), { -1, "" } }; -- cgit v1.1