qemu.git
3 months agohw/block/nvme: expose 'bootindex' property
Joelle van Dyne [Mon, 22 Mar 2021 08:24:44 +0000 (01:24 -0700)] 
hw/block/nvme: expose 'bootindex' property

The check for `n->namespace.blkconf.blk` always fails because
this is in the initialization function.

Signed-off-by: Joelle van Dyne <j@getutm.app>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
3 months agohw/block/nvme: remove description for zoned.append_size_limit
Niklas Cassel [Tue, 23 Mar 2021 11:18:25 +0000 (11:18 +0000)] 
hw/block/nvme: remove description for zoned.append_size_limit

The description was originally removed in commit 578d914b263c
("hw/block/nvme: align zoned.zasl with mdts") together with the removal
of the zoned.append_size_limit parameter itself.

However, it was (most likely accidentally), re-added in commit
f7dcd31885cb ("hw/block/nvme: add non-mdts command size limit for verify").

Remove the description again, since the parameter it describes,
zoned.append_size_limit, no longer exists.

Signed-off-by: Niklas Cassel <niklas.cassel@wdc.com>
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
3 months agoMerge remote-tracking branch 'remotes/xtensa/tags/20210403-xtensa' into staging 281285797 281529164
Peter Maydell [Sun, 4 Apr 2021 20:48:45 +0000 (21:48 +0100)] 
Merge remote-tracking branch 'remotes/xtensa/tags/20210403-xtensa' into staging

target/xtensa fixes for v6.0:

- make meson.build pick up all available xtensa core definitions;
- don't modify Makefile.objs in import_core.sh;
- add sed rule to import_core.sh to make xtensa_modules variable static.

# gpg: Signature made Sat 03 Apr 2021 17:08:41 BST
# gpg:                using RSA key 2B67854B98E5327DCDEB17D851F9CC91F83FA044
# gpg:                issuer "jcmvbkbc@gmail.com"
# gpg: Good signature from "Max Filippov <filippov@cadence.com>" [unknown]
# gpg:                 aka "Max Filippov <max.filippov@cogentembedded.com>" [full]
# gpg:                 aka "Max Filippov <jcmvbkbc@gmail.com>" [full]
# Primary key fingerprint: 2B67 854B 98E5 327D CDEB  17D8 51F9 CC91 F83F A044

* remotes/xtensa/tags/20210403-xtensa:
  target/xtensa: make xtensa_modules static on import
  target/xtensa: fix meson.build rule for xtensa cores

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotarget/xtensa: make xtensa_modules static on import
Max Filippov [Tue, 30 Mar 2021 06:59:49 +0000 (23:59 -0700)] 
target/xtensa: make xtensa_modules static on import

xtensa_modules variable defined in each xtensa-modules.c.inc is only
used locally by the including file. Make it static.

Reported-by: Yury Gribov <tetra2005@gmail.com>
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
3 months agotarget/xtensa: fix meson.build rule for xtensa cores
Max Filippov [Tue, 30 Mar 2021 07:25:24 +0000 (00:25 -0700)] 
target/xtensa: fix meson.build rule for xtensa cores

import_core.sh tries to change Makefile.objs when importing new xtensa
core, but that file no longer exists. Rewrite meson.build rule to pick
up all source files that match core-*.c pattern and drop commands that
change Makefile.objs.

Cc: qemu-stable@nongnu.org # v5.2.0
Signed-off-by: Max Filippov <jcmvbkbc@gmail.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging 280642269 281285718
Peter Maydell [Fri, 2 Apr 2021 10:53:18 +0000 (11:53 +0100)] 
Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into staging

pc,virtio,pci: bugfixes

Fixes all over the place.

Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Thu 01 Apr 2021 17:22:03 BST
# gpg:                using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg:                issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg:                 aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17  0970 C350 3912 AFBE 8E67
#      Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA  8A0D 281F 0DB8 D28D 5469

* remotes/mst/tags/for_upstream:
  pci: sprinkle assert in PCI pin number
  isa/v582c686: Reinitialize ACPI PM device on reset
  vt82c686.c: don't raise SCI when PCI_INTERRUPT_PIN isn't setup
  acpi/piix4: reinitialize acpi PM device on reset
  virtio-pci: remove explicit initialization of val
  virtio-pci: add check for vdev in virtio_pci_isr_read
  vhost-user-blk: add immediate cleanup on shutdown
  vhost-user-blk: perform immediate cleanup if disconnect on initialization
  vhost-user-blk: use different event handlers on initialization

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-04-01'... 280444121 280642147
Peter Maydell [Thu, 1 Apr 2021 22:34:16 +0000 (23:34 +0100)] 
Merge remote-tracking branch 'remotes/thuth-gitlab/tags/pull-request-2021-04-01' into staging

* Updates for the MAINTAINERS file
* Some small documentation updates
* Some small misc fixes

# gpg: Signature made Thu 01 Apr 2021 13:30:39 BST
# gpg:                using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg:                issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg:                 aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg:                 aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg:                 aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3  EAB9 2ED9 D774 FE70 2DB5

* remotes/thuth-gitlab/tags/pull-request-2021-04-01:
  device-crash-test: Ignore errors about a bus not being available
  docs: Fix typo in the default name of the qemu-system-x86_64 binary
  docs: Remove obsolete paragraph about config-target.mak
  util/compatfd.c: Fixed style issues
  qom: Fix default values in help
  MAINTAINERS: Mark SH-4 hardware emulation orphan
  MAINTAINERS: Mark RX hardware emulation orphan
  MAINTAINERS: add virtio-fs mailing list
  MAINTAINERS: Drop the line with Xiang Zheng
  MAINTAINERS: replace Huawei's email to personal one
  MAINTAINERS: Drop the lines with Sarah Harris
  MAINTAINERS: add/replace backups for some s390 areas
  MAINTAINERS: Fix tests/migration maintainers

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agopci: sprinkle assert in PCI pin number
Isaku Yamahata [Tue, 23 Mar 2021 20:52:27 +0000 (13:52 -0700)] 
pci: sprinkle assert in PCI pin number

If a device model
(a) doesn't set the value to a correct interrupt number and then
(b) triggers an interrupt for itself,
it's device model bug. Add assert on interrupt pin number to catch
this kind of bug more obviously.

Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <9cf8ac3b17e162daac0971d7be32deb6a33ae6ec.1616532563.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agoisa/v582c686: Reinitialize ACPI PM device on reset
Isaku Yamahata [Tue, 23 Mar 2021 20:52:26 +0000 (13:52 -0700)] 
isa/v582c686: Reinitialize ACPI PM device on reset

Commit 6be8cf56bc8b made sure that SCI is enabled in PM1.CNT
on reset in acpi_only mode by modifying acpi_pm1_cnt_reset() and
that worked for q35 as expected.

This patch adds reset ACPI PM related registers on vt82c686 reset time
and de-assert sci.
via_pm_realize() initializes acpi pm tmr, evt, cnt and gpe.
Reset them on device reset.

Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: Huacai Chen <chenhuacai@kernel.org>
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <0a3fe998525552860919a690ce83dab8f663ab99.1616532563.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agovt82c686.c: don't raise SCI when PCI_INTERRUPT_PIN isn't setup
Isaku Yamahata [Tue, 23 Mar 2021 20:52:25 +0000 (13:52 -0700)] 
vt82c686.c: don't raise SCI when PCI_INTERRUPT_PIN isn't setup

Without this patch, the following patch will triger clan runtime
sanitizer warnings as follows. This patch proactively works around it.
I leave a correct fix to v582c686.c maintainerfix as I'm not sure
about fuloong2e device model.

> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
> QTEST_QEMU_IMG=./qemu-img
> G_TEST_DBUS_DAEMON=/home/petmay01/linaro/qemu-for-merges/tests/dbus-vmstate-daemon.sh
> QTEST_QEMU_BINARY=./qemu-system-mips64el tests/qtest/qom-test --tap -k
> PASS 1 qtest-mips64el/qom-test /mips64el/qom/loongson3-virt
> PASS 2 qtest-mips64el/qom-test /mips64el/qom/none
> PASS 3 qtest-mips64el/qom-test /mips64el/qom/magnum
> PASS 4 qtest-mips64el/qom-test /mips64el/qom/mipssim
> PASS 5 qtest-mips64el/qom-test /mips64el/qom/malta
> ../../hw/pci/pci.c:252:30: runtime error: shift exponent -1 is negative
> PASS 6 qtest-mips64el/qom-test /mips64el/qom/fuloong2e
> PASS 7 qtest-mips64el/qom-test /mips64el/qom/boston
> PASS 8 qtest-mips64el/qom-test /mips64el/qom/pica61
>
> and similarly for eg
>
> MALLOC_PERTURB_=${MALLOC_PERTURB_:-$(( ${RANDOM:-0} % 255 + 1))}
> QTEST_QEMU_IMG=./qemu-img
> G_TEST_DBUS_DAEMON=/home/petmay01/linaro/qemu-for-merges/tests/dbus-vmstate-daemon.sh
> QTEST_QEMU_BINARY=./qemu-system-mips64el tests/qtest/endianness-test
> --tap -k
> ../../hw/pci/pci.c:252:30: runtime error: shift exponent -1 is negative
> PASS 1 qtest-mips64el/endianness-test /mips64el/endianness/fuloong2e
> ../../hw/pci/pci.c:252:30: runtime error: shift exponent -1 is negative
> PASS 2 qtest-mips64el/endianness-test /mips64el/endianness/split/fuloong2e
> ../../hw/pci/pci.c:252:30: runtime error: shift exponent -1 is negative
> PASS 3 qtest-mips64el/endianness-test /mips64el/endianness/combine/fuloong2e

Cc: BALATON Zoltan <balaton@eik.bme.hu>
Cc: Huacai Chen <chenhuacai@kernel.org>
Cc: "Philippe Mathieu-Daudé" <f4bug@amsat.org>
Cc: Jiaxun Yang <jiaxun.yang@flygoat.com>
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <62a5fc69e453fb848bfd4794bae1852a75af73c5.1616532563.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agoacpi/piix4: reinitialize acpi PM device on reset
Isaku Yamahata [Tue, 23 Mar 2021 20:52:24 +0000 (13:52 -0700)] 
acpi/piix4: reinitialize acpi PM device on reset

Commit 6be8cf56bc8b made sure that SCI is enabled in PM1.CNT
on reset in acpi_only mode by modifying acpi_pm1_cnt_reset() and
that worked for q35 as expected.

The function was introduced by commit
  eaba51c573a (acpi, acpi_piix, vt82c686: factor out PM1_CNT logic)
that forgot to actually call it at piix4 reset time and as result
SCI_EN wasn't set as was expected by 6be8cf56bc8b in acpi_only mode.

So Windows crashes when it notices that SCI_EN is not set and FADT is
not providing information about how to enable it anymore.
Reproducer:
   qemu-system-x86_64 -enable-kvm -M pc-i440fx-6.0,smm=off -cdrom any_windows_10x64.iso

Fix it by calling acpi_pm1_cnt_reset() at piix4 reset time.

Occasionally this patch adds reset acpi PM related registers on
piix4 reset time and de-assert sci.
piix4_pm_realize() initializes acpi pm tmr, evt, cnt and gpe.
Reset them on device reset. pm_reset() in ich9.c correctly calls
corresponding reset functions.

Fixes: 6be8cf56bc8b (acpi/core: always set SCI_EN when SMM isn't supported)
Reported-by: Reinoud Zandijk <reinoud@NetBSD.org>
Co-developed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <8a5bbd19727045ec863523830078dd4ca63f6a9a.1616532563.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agoMerge remote-tracking branch 'remotes/marcandre/tags/for-6.0-pull-request' into staging 280300147 280444060
Peter Maydell [Thu, 1 Apr 2021 16:08:48 +0000 (17:08 +0100)] 
Merge remote-tracking branch 'remotes/marcandre/tags/for-6.0-pull-request' into staging

For 6.0 misc patches under my radar.

V2:
 - "tests: Add tests for yank with the chardev-change case" updated
 - drop the readthedoc theme patch

# gpg: Signature made Thu 01 Apr 2021 12:54:52 BST
# gpg:                using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg:                issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg:                 aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276  F62D DAE8 E109 7596 9CE5

* remotes/marcandre/tags/for-6.0-pull-request:
  tests: Add tests for yank with the chardev-change case
  chardev: Fix yank with the chardev-change case
  chardev/char.c: Always pass id to chardev_new
  chardev/char.c: Move object_property_try_add_child out of chardev_new
  yank: Always link full yank code
  yank: Remove dependency on qiochannel
  docs: simplify each section title
  dbus-vmstate: Increase the size of input stream buffer used during load
  util: fix use-after-free in module_load_one

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agovirtio-pci: remove explicit initialization of val
Yuri Benditovich [Mon, 15 Mar 2021 11:59:37 +0000 (13:59 +0200)] 
virtio-pci: remove explicit initialization of val

The value is assigned later in this procedure.

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Message-Id: <20210315115937.14286-3-yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agovirtio-pci: add check for vdev in virtio_pci_isr_read
Yuri Benditovich [Mon, 15 Mar 2021 11:59:36 +0000 (13:59 +0200)] 
virtio-pci: add check for vdev in virtio_pci_isr_read

https://bugzilla.redhat.com/show_bug.cgi?id=1743098
This commit completes the solution of segfault in hot unplug flow
(by commit ccec7e9603f446fe75c6c563ba335c00cfda6a06).
Added missing check for vdev in virtio_pci_isr_read.
Typical stack of crash:
virtio_pci_isr_read ../hw/virtio/virtio-pci.c:1365 with proxy-vdev = 0
memory_region_read_accessor at ../softmmu/memory.c:442
access_with_adjusted_size at ../softmmu/memory.c:552
memory_region_dispatch_read1 at ../softmmu/memory.c:1420
memory_region_dispatch_read  at ../softmmu/memory.c:1449
flatview_read_continue at ../softmmu/physmem.c:2822
flatview_read at ../softmmu/physmem.c:2862
address_space_read_full at ../softmmu/physmem.c:2875

Signed-off-by: Yuri Benditovich <yuri.benditovich@daynix.com>
Message-Id: <20210315115937.14286-2-yuri.benditovich@daynix.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agovhost-user-blk: add immediate cleanup on shutdown
Denis Plotnikov [Thu, 25 Mar 2021 15:12:17 +0000 (18:12 +0300)] 
vhost-user-blk: add immediate cleanup on shutdown

Qemu crashes on shutdown if the chardev used by vhost-user-blk has been
finalized before the vhost-user-blk.

This happens with char-socket chardev operating in the listening mode (server).
The char-socket chardev emits "close" event at the end of finalizing when
its internal data is destroyed. This calls vhost-user-blk event handler
which in turn tries to manipulate with destroyed chardev by setting an empty
event handler for vhost-user-blk cleanup postponing.

This patch separates the shutdown case from the cleanup postponing removing
the need to set an event handler.

Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>
Message-Id: <20210325151217.262793-4-den-plotnikov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agovhost-user-blk: perform immediate cleanup if disconnect on initialization
Denis Plotnikov [Thu, 25 Mar 2021 15:12:16 +0000 (18:12 +0300)] 
vhost-user-blk: perform immediate cleanup if disconnect on initialization

Commit 4bcad76f4c39 ("vhost-user-blk: delay vhost_user_blk_disconnect")
introduced postponing vhost_dev cleanup aiming to eliminate qemu aborts
because of connection problems with vhost-blk daemon.

However, it introdues a new problem. Now, any communication errors
during execution of vhost_dev_init() called by vhost_user_blk_device_realize()
lead to qemu abort on assert in vhost_dev_get_config().

This happens because vhost_user_blk_disconnect() is postponed but
it should have dropped s->connected flag by the time
vhost_user_blk_device_realize() performs a new connection opening.
On the connection opening, vhost_dev initialization in
vhost_user_blk_connect() relies on s->connection flag and
if it's not dropped, it skips vhost_dev initialization and returns
with success. Then, vhost_user_blk_device_realize()'s execution flow
goes to vhost_dev_get_config() where it's aborted on the assert.

To fix the problem this patch adds immediate cleanup on device
initialization(in vhost_user_blk_device_realize()) using different
event handlers for initialization and operation introduced in the
previous patch.
On initialization (in vhost_user_blk_device_realize()) we fully
control the initialization process. At that point, nobody can use the
device since it isn't initialized and we don't need to postpone any
cleanups, so we can do cleaup right away when there is a communication
problem with the vhost-blk daemon.
On operation we leave it as is, since the disconnect may happen when
the device is in use, so the device users may want to use vhost_dev's data
to do rollback before vhost_dev is re-initialized (e.g. in vhost_dev_set_log()).

Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210325151217.262793-3-den-plotnikov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agovhost-user-blk: use different event handlers on initialization
Denis Plotnikov [Thu, 25 Mar 2021 15:12:15 +0000 (18:12 +0300)] 
vhost-user-blk: use different event handlers on initialization

It is useful to use different connect/disconnect event handlers
on device initialization and operation as seen from the further
commit fixing a bug on device initialization.

This patch refactors the code to make use of them: we don't rely any
more on the VM state for choosing how to cleanup the device, instead
we explicitly use the proper event handler depending on whether
the device has been initialized.

Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>
Reviewed-by: Raphael Norwitz <raphael.norwitz@nutanix.com>
Message-Id: <20210325151217.262793-2-den-plotnikov@yandex-team.ru>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
3 months agoMerge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging 280141040 280299928
Peter Maydell [Thu, 1 Apr 2021 12:35:36 +0000 (13:35 +0100)] 
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging

* Bugfixes
* Code of conduct and conflict resolution policy

# gpg: Signature made Thu 01 Apr 2021 12:21:10 BST
# gpg:                using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg:                issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg:                 aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4  E2F7 7E15 100C CD36 69B1
#      Subkey fingerprint: F133 3857 4B66 2389 866C  7682 BFFB D25F 78C7 AE83

* remotes/bonzini-gitlab/tags/for-upstream:
  docs: Add a QEMU Code of Conduct and Conflict Resolution Policy document
  hexagon: do not specify Python scripts as inputs
  hexagon: do not specify executables as inputs
  configure: Do not use default_feature for EXESUF
  target/openrisc: fix icount handling for timer instructions
  replay: notify CPU on event
  icount: get rid of static variable
  Revert "qom: use qemu_printf to print help for user-creatable objects"
  replay: fix recursive checkpoints
  qapi: qom: do not use target-specific conditionals
  target/i386: Verify memory operand for lcall and ljmp
  meson: Propagate gnutls dependency to migration

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agodevice-crash-test: Ignore errors about a bus not being available
Thomas Huth [Tue, 23 Mar 2021 16:47:18 +0000 (17:47 +0100)] 
device-crash-test: Ignore errors about a bus not being available

Recent QEMU versions now sometimes exit cleanly with an error message
that a bus is not available for a specified device. Don't flag those
as an error in the device-crash-test script.

Message-Id: <20210323164718.1393792-1-thuth@redhat.com>
Acked-by: John Snow <jsnow@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agodocs: Fix typo in the default name of the qemu-system-x86_64 binary
Thomas Huth [Thu, 1 Apr 2021 05:18:29 +0000 (07:18 +0200)] 
docs: Fix typo in the default name of the qemu-system-x86_64 binary

It's a '-' between 'qemu' and 'system', not a '_'.

Fixes: 324b2298fe ("docs/system: convert Texinfo documentation to rST")
Message-Id: <20210401051829.3169438-1-thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agodocs: Remove obsolete paragraph about config-target.mak
Thomas Huth [Tue, 16 Mar 2021 12:42:08 +0000 (13:42 +0100)] 
docs: Remove obsolete paragraph about config-target.mak

$TARGET-NAME/config-target.mak has been removed a while ago.
Remove it now from the documentation, too.

Fixes: fdb75aeff7 ("configure: remove target configuration")
Message-Id: <20210316124208.455456-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoutil/compatfd.c: Fixed style issues
Mahmoud Mandour [Mon, 15 Mar 2021 10:58:13 +0000 (12:58 +0200)] 
util/compatfd.c: Fixed style issues

Fixed two styling issues that caused checkpatch.pl errors.

Signed-off-by: Mahmoud Mandour <ma.mandourr@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210315105814.5188-2-ma.mandourr@gmail.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoqom: Fix default values in help
Markus Armbruster [Wed, 24 Mar 2021 08:41:30 +0000 (09:41 +0100)] 
qom: Fix default values in help

Output of default values in device help is broken:

    $ ./qemu-system-x86_64 -S -display none -monitor stdio
    QEMU 5.2.50 monitor - type 'help' for more information
    (qemu) device_add pvpanic,help
    pvpanic options:
      events=<uint8>         -  (default: (null))
      ioport=<uint16>        -  (default: (null))
      pvpanic[0]=<child<qemu:memory-region>>

The "(null)" is glibc printing a null pointer.  Other systems crash
instead.  Having a help request crash a running VM can really spoil
your day.

Root cause is a botched replacement of qstring_free() by
g_string_free(): to get the string back, we need to pass true to the
former, but false to the latter.  Fix the argument.

Fixes: eab3a4678b07267c39e7290a6e9e7690b1d2a521
Reported-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210324084130.3986072-1-armbru@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: Mark SH-4 hardware emulation orphan
Philippe Mathieu-Daudé [Fri, 12 Mar 2021 15:55:13 +0000 (16:55 +0100)] 
MAINTAINERS: Mark SH-4 hardware emulation orphan

Yoshinori Sato doesn't have time to manage QEMU reviews.

The code is in good shape and hasn't started to bitrot,
so mark the SH-4 hardware as orphan to give the possibility
to any contributor to step in and fill the gap.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
CC: Magnus Damm <magnus.damm@gmail.com>
Cc: Aurelien Jarno <aurelien@aurel32.net>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20210312155513.1849109-3-f4bug@amsat.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: Mark RX hardware emulation orphan
Philippe Mathieu-Daudé [Fri, 12 Mar 2021 15:55:12 +0000 (16:55 +0100)] 
MAINTAINERS: Mark RX hardware emulation orphan

Yoshinori Sato doesn't have time to manage QEMU reviews.

The code is in good shape and hasn't started to bitrot,
so mark the RX target and hardware as orphan to give the
possibility to any contributor to step in and fill the gap.

Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Yoshinori Sato <ysato@users.sourceforge.jp>
Message-Id: <20210312155513.1849109-2-f4bug@amsat.org>
Acked-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: add virtio-fs mailing list
Connor Kuehl [Thu, 18 Mar 2021 15:41:57 +0000 (10:41 -0500)] 
MAINTAINERS: add virtio-fs mailing list

General discussion and patch reviews take place on this list for both
virtiofsd (tools/virtiofsd/*) and the guest kernel module.

Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Vivek Goyal <vgoyal@redhat.com>
Message-Id: <20210318154157.1357224-1-ckuehl@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: Drop the line with Xiang Zheng
Thomas Huth [Thu, 1 Apr 2021 06:48:37 +0000 (08:48 +0200)] 
MAINTAINERS: Drop the line with Xiang Zheng

When sending a mail with CC: to zhengxiang9@huawei.com I got a mail
back saying:

 Your message couldn't be delivered

 The message you sent to zhengxiang9@huawei.com couldn't be delivered due to:
 Recipient email address is possibly incorrect.

 Further information

 5.1.1 <zhengxiang9@huawei.com>: Recipient address rejected: Failed recipient
 validation check.: host 127.0.0.1[127.0.0.1] said: 554 5.7.1 recipient verify
 from ldap failed (in reply to RCPT TO command)

Looks like this address does not exist anymore, thus drop it from the
MAINTAINERS file.

Message-Id: <20210401065343.3197791-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: replace Huawei's email to personal one
Dongjiu Geng [Thu, 11 Mar 2021 11:29:04 +0000 (19:29 +0800)] 
MAINTAINERS: replace Huawei's email to personal one

In order to conveniently receive email, replace the Huawei
email address with my personal one.

Signed-off-by: Dongjiu Geng <gengdongjiu1@gmail.com>
Message-Id: <1615462144-10864-1-git-send-email-gengdongjiu1@gmail.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: Drop the lines with Sarah Harris
Thomas Huth [Thu, 1 Apr 2021 06:24:26 +0000 (08:24 +0200)] 
MAINTAINERS: Drop the lines with Sarah Harris

In a mail to the qemu-devel mailing list, Sarah wrote:

"I was added as a reviewer (in MAINTAINERS) for the AVR target for the
 duration of my research work using it.
 The funding for my project expires in the middle of April, so I will not be
 able to provide time for reviewing patches from that point."

Thus let's remove the corresponding lines in the MAINTAINERS file.

Message-Id: <20210401062426.3192118-1-thuth@redhat.com>
Reviewed-by: Sarah Harris <S.E.Harris@kent.ac.uk>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agotests: Add tests for yank with the chardev-change case
Lukas Straub [Tue, 30 Mar 2021 18:13:35 +0000 (20:13 +0200)] 
tests: Add tests for yank with the chardev-change case

Add tests for yank with the chardev-change case.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Li Zhang <li.zhang@cloud.ionos.com>
Message-Id: <697ce111503a8bab011d21519ae0b6b07041ec9a.1617127849.git.lukasstraub2@web.de>

3 months agochardev: Fix yank with the chardev-change case
Lukas Straub [Tue, 30 Mar 2021 18:13:31 +0000 (20:13 +0200)] 
chardev: Fix yank with the chardev-change case

When changing from chardev-socket (which supports yank) to
chardev-socket again, it fails, because the new chardev attempts
to register a new yank instance. This in turn fails, as there
still is the yank instance from the current chardev. Also,
the old chardev shouldn't unregister the yank instance when it
is freed.

To fix this, now the new chardev only registers a yank instance if
the current chardev doesn't support yank and thus hasn't registered
one already. Also, when the old chardev is freed, it now only
unregisters the yank instance if the new chardev doesn't need it.

If the initialization of the new chardev fails, it still has
chr->handover_yank_instance set and won't unregister the yank
instance when it is freed.

s->registered_yank is always true here, as chardev-change only works
on user-visible chardevs and those are guraranteed to register a
yank instance as they are initialized via
chardev_new()
 qemu_char_open()
  cc->open() (qmp_chardev_open_socket()).

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Li Zhang <li.zhang@cloud.ionos.com>
Message-Id: <9637888d7591d2971975188478bb707299a1dc04.1617127849.git.lukasstraub2@web.de>

3 months agochardev/char.c: Always pass id to chardev_new
Lukas Straub [Tue, 30 Mar 2021 18:13:28 +0000 (20:13 +0200)] 
chardev/char.c: Always pass id to chardev_new

Always pass the id to chardev_new, since it is needed to register
the yank instance for the chardev. Also, after checking that
nothing calls chardev_new with id=NULL, assert() that id!=NULL.

This fixes a crash when using chardev-change to change a chardev
to chardev-socket, which attempts to register a yank instance.
This in turn tries to dereference the NULL-pointer.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Li Zhang <li.zhang@cloud.ionos.com>
Message-Id: <3e669b6c160aa7278e37c4d95e0445574f96c7b7.1617127849.git.lukasstraub2@web.de>

3 months agochardev/char.c: Move object_property_try_add_child out of chardev_new
Lukas Straub [Tue, 30 Mar 2021 18:13:25 +0000 (20:13 +0200)] 
chardev/char.c: Move object_property_try_add_child out of chardev_new

Move object_property_try_add_child out of chardev_new into it's
callers. This is a preparation for the next patches to fix yank
with the chardev-change case.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Tested-by: Li Zhang <li.zhang@cloud.ionos.com>
Message-Id: <b2a5092ec681737bc3a21ea16f3c00848b277521.1617127849.git.lukasstraub2@web.de>

3 months agoyank: Always link full yank code
Lukas Straub [Tue, 23 Mar 2021 17:52:46 +0000 (18:52 +0100)] 
yank: Always link full yank code

Yank now only depends on util and can be always linked in. Also remove
the stubs as they are not needed anymore.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <997aa12a28c555d8a3b7a363b3bda5c3cf1821ba.1616521341.git.lukasstraub2@web.de>

3 months agoyank: Remove dependency on qiochannel
Lukas Straub [Tue, 23 Mar 2021 17:52:42 +0000 (18:52 +0100)] 
yank: Remove dependency on qiochannel

Remove dependency on qiochannel by removing yank_generic_iochannel and
letting migration and chardev use their own yank function for
iochannel.

Signed-off-by: Lukas Straub <lukasstraub2@web.de>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20ff143fc2db23e27cd41d38043e481376c9cec1.1616521341.git.lukasstraub2@web.de>

3 months agodocs: simplify each section title
Marc-André Lureau [Tue, 23 Mar 2021 07:47:04 +0000 (11:47 +0400)] 
docs: simplify each section title

Now that we merged into one doc, it makes the nav looks nicer.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210323074704.4078381-1-marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
3 months agodbus-vmstate: Increase the size of input stream buffer used during load
Priyankar Jain [Tue, 2 Feb 2021 13:54:20 +0000 (13:54 +0000)] 
dbus-vmstate: Increase the size of input stream buffer used during load

This commit fixes an issue where migration is failing in the load phase
because of a false alarm about data unavailability.

Following is the error received when the amount of data to be transferred
exceeds the default buffer size setup by G_BUFFERED_INPUT_STREAM(4KiB),
even when the maximum data size supported by this backend is 1MiB
(DBUS_VMSTATE_SIZE_LIMIT):

  dbus_vmstate_post_load: Invalid vmstate size: 4364
  qemu-kvm: error while loading state for instance 0x0 of device 'dbus-vmstate/dbus-vmstate'

This commit sets the size of the input stream buffer used during load to
DBUS_VMSTATE_SIZE_LIMIT which is the maximum amount of data a helper can
send during save phase.
Secondly, this commit makes sure that the input stream buffer is loaded before
checking the size of the data available in it, rectifying the false alarm about
data unavailability.

Fixes: 5010cec2bc87 ("Add dbus-vmstate object")
Signed-off-by: Priyankar Jain <priyankar.jain@nutanix.com>
Message-Id: <cdaad4718e62bf22fd5e93ef3e252de20da5c17c.1612273156.git.priyankar.jain@nutanix.com>
[ Modified printf format for gsize ]
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
3 months agoutil: fix use-after-free in module_load_one
Marc-André Lureau [Tue, 16 Mar 2021 13:44:56 +0000 (17:44 +0400)] 
util: fix use-after-free in module_load_one

g_hash_table_add always retains ownership of the pointer passed in as
the key. Its return status merely indicates whether the added entry was
new, or replaced an existing entry. Thus key must never be freed after
this method returns.

Spotted by ASAN:

==2407186==ERROR: AddressSanitizer: heap-use-after-free on address 0x6020003ac4f0 at pc 0x7ffff766659c bp 0x7fffffffd1d0 sp 0x7fffffffc980
READ of size 1 at 0x6020003ac4f0 thread T0
    #0 0x7ffff766659b  (/lib64/libasan.so.6+0x8a59b)
    #1 0x7ffff6bfa843 in g_str_equal ../glib/ghash.c:2303
    #2 0x7ffff6bf8167 in g_hash_table_lookup_node ../glib/ghash.c:493
    #3 0x7ffff6bf9b78 in g_hash_table_insert_internal ../glib/ghash.c:1598
    #4 0x7ffff6bf9c32 in g_hash_table_add ../glib/ghash.c:1689
    #5 0x5555596caad4 in module_load_one ../util/module.c:233
    #6 0x5555596ca949 in module_load_one ../util/module.c:225
    #7 0x5555596ca949 in module_load_one ../util/module.c:225
    #8 0x5555596cbdf4 in module_load_qom_all ../util/module.c:349

Typical C bug...

Fixes: 90629122d2e ("module: use g_hash_table_add()")
Cc: qemu-stable@nongnu.org
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210316134456.3243102-1-marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
3 months agodocs: Add a QEMU Code of Conduct and Conflict Resolution Policy document
Paolo Bonzini [Wed, 31 Mar 2021 14:35:27 +0000 (16:35 +0200)] 
docs: Add a QEMU Code of Conduct and Conflict Resolution Policy document

In an ideal world, we would all get along together very well, always be
polite and never end up in huge conflicts. And even if there are conflicts,
we would always handle each other fair and respectfully. Unfortunately,
this is not an ideal world and sometimes people forget how to interact with
each other in a professional and respectful way. Fortunately, this seldom
happens in the QEMU community, but for such rare cases it is preferrable
to have a basic code of conduct document available to show to people
who are misbehaving.  In case that does not help yet, we should also have
a conflict resolution policy ready that can be applied in the worst case.

The Code of Conduct document tries to be short and to the point while
trying to remain friendly and welcoming; it is based on the Fedora Code
of Conduct[1] with extra detail added based on the Contributor Covenant
1.3.0[2].  Other proposals included the Contributor Covenant 1.3.0 itself
or the Django Code of Conduct[3] (which is also a derivative of Fedora's)
but, in any case, there was agreement on keeping the conflict resolution
policy separate from the CoC itself.

An important point is whether to apply the code of conduct to violations
that occur outside public spaces.  The text herein restricts that to
individuals acting as a representative or a member of the project or
its community.  This is intermediate between the Contributor Covenant
(which only mentions representatives of the community, for example using
an official project e-mail address or posting via an official social media
account), and the Django Code of Conduct, which says that violations of
this code outside these spaces "may" be considered but otherwise applies
no limit.

The conflict resolution policy is based on the Drupal Conflict Resolution
Policy[4] and its derivative, the Mozilla Consequence Ladder[5].

[1] https://www.fedoraproject.com/code-of-conduct/
[2] https://www.contributor-covenant.org/version/1/3/0/code-of-conduct/
[3] https://www.djangoproject.com/conduct/
[4] https://www.drupal.org/conflict-resolution
[5] https://github.com/mozilla/diversity/blob/master/code-of-conduct-enforcement/consequence-ladder.md

Co-developed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agohexagon: do not specify Python scripts as inputs
Paolo Bonzini [Tue, 9 Mar 2021 15:15:30 +0000 (16:15 +0100)] 
hexagon: do not specify Python scripts as inputs

Python scripts are not inputs, and putting them in @INPUT@.  This
puts requirements on the command line format, keeping all inputs
close to the name of the script.  Avoid that by not including the
script in the command and not in the inputs.

Also wrap "PYTHONPATH" usage with "env", since setting the environment
this way is not valid under Windows.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agohexagon: do not specify executables as inputs
Paolo Bonzini [Tue, 9 Mar 2021 15:15:30 +0000 (16:15 +0100)] 
hexagon: do not specify executables as inputs

gen_semantics is an executable, not an input.  Meson 0.57 special cases
the first argument and @INPUT@ is not expanded there.  Fix that by
not including it in the input, only in the command.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agoconfigure: Do not use default_feature for EXESUF
Miroslav Rezanina [Wed, 31 Mar 2021 08:18:45 +0000 (10:18 +0200)] 
configure: Do not use default_feature for EXESUF

Commit "c87ea11631 configure: add --without-default-features" use
default_feature to set default values for configure option. This value
is used for EXESUF too.

However, EXESUF is not option to be tested, it is just append to any
binary name so using --without-default-features set EXESUF to "n"o and
all binaries using it has form <name>no (e.g. qemu-imgno).

This is not expected behavior as disabling features should not cause
generating different binary names.

Reverting back to setting EXESUF to empty value unless needed otherwise.

Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-Id: <20210331081845.105089-1-mrezanin@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agotarget/openrisc: fix icount handling for timer instructions
Pavel Dovgalyuk [Mon, 29 Mar 2021 07:42:41 +0000 (10:42 +0300)] 
target/openrisc: fix icount handling for timer instructions

This patch adds icount handling to mfspr/mtspr instructions
that may deal with hardware timers.

Signed-off-by: Pavel Dovgalyuk <pavel.dovgalyuk@ispras.ru>
Message-Id: <161700376169.1135890.8707223959310729949.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Stafford Horne <shorne@gmail.com>
3 months agoreplay: notify CPU on event
Pavel Dovgalyuk [Thu, 1 Apr 2021 08:19:51 +0000 (11:19 +0300)] 
replay: notify CPU on event

This patch enables vCPU notification to wake it up
when new async event comes in replay mode.

The motivation of this patch is the following.
Consider recorded block async event. It is saved into the log
with one of the checkpoints. This checkpoint may be passed in
vCPU loop. In replay mode when this async event is read from
the log, and block thread task is not finished yet, vCPU thread
goes to sleep. That is why this patch adds waking up the vCPU
to process this finished event.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <161726519158.1476949.7614181684462079836.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agoicount: get rid of static variable
Pavel Dovgalyuk [Mon, 29 Mar 2021 10:22:30 +0000 (13:22 +0300)] 
icount: get rid of static variable

This patch moves static last_delta variable into timers_state
structure to allow correct vmstate operations with icount shift=auto enabled.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <161701335066.1180180.7104085247702343395.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agoRevert "qom: use qemu_printf to print help for user-creatable objects"
Thomas Huth [Sun, 28 Mar 2021 05:47:58 +0000 (07:47 +0200)] 
Revert "qom: use qemu_printf to print help for user-creatable objects"

This reverts commit 6d9abb6de9cc53a508823db0283061824f2f98a2.

The real code change had already been added by Kevin's commit da0a932bbf
("hmp: QAPIfy object_add") and commit 6d9abb6d just added a duplicated
include statement as a left-over of a rebase.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210328054758.2351461-1-thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agoreplay: fix recursive checkpoints
Pavel Dovgalyuk [Mon, 29 Mar 2021 07:59:25 +0000 (10:59 +0300)] 
replay: fix recursive checkpoints

Record/replay uses checkpoints to synchronize the execution
of the threads and timers. Hardware events such as BH are
processed at the checkpoints too.
Event processing can cause refreshing the virtual timers
and calling the icount-related functions, that also use checkpoints.
This patch prevents recursive processing of such checkpoints,
because they have their own records in the log and should be
processed later.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <161700476500.1140362.10108444973730452257.stgit@pasha-ThinkPad-X280>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agoqapi: qom: do not use target-specific conditionals
Paolo Bonzini [Fri, 26 Mar 2021 08:48:39 +0000 (04:48 -0400)] 
qapi: qom: do not use target-specific conditionals

ObjectType and ObjectOptions are defined in a target-independent file,
therefore they do not have access to target-specific configuration
symbols such as CONFIG_PSERIES or CONFIG_SEV.  For this reason,
pef-guest and sev-guest are currently omitted when compiling the
generated QAPI files.  In addition, this causes ObjectType to have
different definitions depending on the file that is including
qapi-types-qom.h (currently this is not causing any issues, but it
is wrong).

Define the two enum entries and the SevGuestProperties type
unconditionally to avoid the issue.  We do not expect to have
many target-dependent user-creatable classes, so it is not
particularly problematic.

Reported-by: Tom Lendacky <thomas.lendacky@amd.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agotarget/i386: Verify memory operand for lcall and ljmp
Richard Henderson [Wed, 24 Mar 2021 16:46:50 +0000 (10:46 -0600)] 
target/i386: Verify memory operand for lcall and ljmp

These two opcodes only allow a memory operand.

Lacking the check for a register operand, we used the A0 temp
without initialization, which led to a tcg abort.

Buglink: https://bugs.launchpad.net/qemu/+bug/1921138
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210324164650.128608-1-richard.henderson@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agomeson: Propagate gnutls dependency to migration
Jessica Clarke [Sat, 20 Mar 2021 17:12:21 +0000 (17:12 +0000)] 
meson: Propagate gnutls dependency to migration

Commit 3eacf70bb5a83e4775ad8003cbca63a40f70c8c2 neglected to fix this
for softmmu configs, which pull in migration's use of gnutls.

This fixes the following compilation failure on Arm-based Macs:

  In file included from migration/multifd.c:23:
  In file included from migration/tls.h:25:
  In file included from include/io/channel-tls.h:26:
  In file included from include/crypto/tlssession.h:24:
  include/crypto/tlscreds.h:28:10: fatal error: 'gnutls/gnutls.h' file not found
  #include <gnutls/gnutls.h>
           ^~~~~~~~~~~~~~~~~
  1 error generated.

(as well as for channel.c and tls.c)

Signed-off-by: Jessica Clarke <jrtc27@jrtc27.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Message-Id: <20210320171221.37437-1-jrtc27@jrtc27.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
3 months agoMAINTAINERS: add/replace backups for some s390 areas
Matthew Rosato [Thu, 25 Mar 2021 13:55:09 +0000 (09:55 -0400)] 
MAINTAINERS: add/replace backups for some s390 areas

S390 PCI currently has no backup, add one.  Add an additional backup
for vfio-ccw and refresh the backup for vfio-ap.

Signed-off-by: Matthew Rosato <mjrosato@linux.ibm.com>
Acked-by: Jason J. Herne <jjherne@linux.ibm.com>
Acked-by: Eric Farman <farman@linux.ibm.com>
Acked-by: Pierre Morel <pmorel@linux.ibm.com>
Acked-by: Christian Borntraeger <borntraeger@de.ibm.com>
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <1616680509-8339-1-git-send-email-mjrosato@linux.ibm.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMAINTAINERS: Fix tests/migration maintainers
Hyman Huang(黄勇) [Fri, 19 Mar 2021 08:07:57 +0000 (16:07 +0800)] 
MAINTAINERS: Fix tests/migration maintainers

when executing the following scripts, it throw error message:
$ ./scripts/get_maintainer.pl -f tests/migration/guestperf.py
get_maintainer.pl: No maintainers found, printing recent contributors.
get_maintainer.pl: Do not blindly cc: them on patches!  Use common sense.

add the tests/migration to the "Migration" section of MAINTAINERS

Signed-off-by: Hyman Huang(黄勇) <huangy81@chinatelecom.cn>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <91d5978357fb8709ef61d2030984f7142847037d.1616141556.git.huangy81@chinatelecom.cn>
Signed-off-by: Thomas Huth <thuth@redhat.com>
3 months agoMerge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into... 279596801 280140406
Peter Maydell [Wed, 31 Mar 2021 15:38:49 +0000 (16:38 +0100)] 
Merge remote-tracking branch 'remotes/stefanha-gitlab/tags/block-pull-request' into staging

Pull request

A fix for VDI image files and more generally for CoRwlock.

# gpg: Signature made Wed 31 Mar 2021 10:50:39 BST
# gpg:                using RSA key 8695A8BFD3F97CDAAC35775A9CA4ABB381AB73C8
# gpg: Good signature from "Stefan Hajnoczi <stefanha@redhat.com>" [full]
# gpg:                 aka "Stefan Hajnoczi <stefanha@gmail.com>" [full]
# Primary key fingerprint: 8695 A8BF D3F9 7CDA AC35  775A 9CA4 ABB3 81AB 73C8

* remotes/stefanha-gitlab/tags/block-pull-request:
  test-coroutine: Add rwlock downgrade test
  test-coroutine: Add rwlock upgrade test
  coroutine-lock: Reimplement CoRwlock to fix downgrade bug
  coroutine-lock: Store the coroutine in the CoWaitRecord only once
  block/vdi: Don't assume that blocks are larger than VdiHeader
  block/vdi: When writing new bmap entry fails, don't leak the buffer

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20210331' into staging 279596480
Peter Maydell [Wed, 31 Mar 2021 12:14:18 +0000 (13:14 +0100)] 
Merge remote-tracking branch 'remotes/dg-gitlab/tags/ppc-for-6.0-20210331' into staging

ppc patch queue for 2021-03-31

Here's another set of patches for the ppc target and associated
machine types.  I'd hoped to send this closer to the hard freeze, but
got caught up for some time chasing what looked like a strange
regression, before finally concluding it was due to unrelated failures
on the CI.

This is just a handful of fairly straightforward fixes, plus one
performance improvement that's simple and beneficial enough that I'm
considering it a "performance bug fix".

# gpg: Signature made Wed 31 Mar 2021 07:22:17 BST
# gpg:                using RSA key 75F46586AE61A66CC44E87DC6C38CACA20D9B392
# gpg: Good signature from "David Gibson <david@gibson.dropbear.id.au>" [full]
# gpg:                 aka "David Gibson (Red Hat) <dgibson@redhat.com>" [full]
# gpg:                 aka "David Gibson (ozlabs.org) <dgibson@ozlabs.org>" [full]
# gpg:                 aka "David Gibson (kernel.org) <dwg@kernel.org>" [unknown]
# Primary key fingerprint: 75F4 6586 AE61 A66C C44E  87DC 6C38 CACA 20D9 B392

* remotes/dg-gitlab/tags/ppc-for-6.0-20210331:
  hw/net: fsl_etsec: Tx padding length should exclude CRC
  spapr: Fix typo in the patb_entry comment
  spapr: Assert DIMM unplug state in spapr_memory_unplug()
  target/ppc/kvm: Cache timebase frequency
  hw/ppc: e500: Add missing #address-cells and #size-cells in the eTSEC node

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request...
Peter Maydell [Wed, 31 Mar 2021 09:44:43 +0000 (10:44 +0100)] 
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging

linux-user Pull request 20210330

Fix NETLINK_LIST_MEMBERSHIPS with NULL/invalid pointer and 0 length

# gpg: Signature made Tue 30 Mar 2021 15:38:35 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.0-pull-request:
  linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agotest-coroutine: Add rwlock downgrade test
David Edmondson [Thu, 25 Mar 2021 11:29:41 +0000 (12:29 +0100)] 
test-coroutine: Add rwlock downgrade test

Test that downgrading an rwlock does not result in a failure to
schedule coroutines queued on the rwlock.

The diagram associated with test_co_rwlock_downgrade() describes the
intended behaviour, but what was observed previously corresponds to:

| c1     | c2         | c3         | c4       |
|--------+------------+------------+----------|
| rdlock |            |            |          |
| yield  |            |            |          |
|        | wrlock     |            |          |
|        | <queued>   |            |          |
|        |            | rdlock     |          |
|        |            | <queued>   |          |
|        |            |            | wrlock   |
|        |            |            | <queued> |
| unlock |            |            |          |
| yield  |            |            |          |
|        | <dequeued> |            |          |
|        | downgrade  |            |          |
|        | ...        |            |          |
|        | unlock     |            |          |
|        |            | <dequeued> |          |
|        |            | <queued>   |          |

This results in a failure...

ERROR:../tests/test-coroutine.c:369:test_co_rwlock_downgrade: assertion failed: (c3_done)
Bail out! ERROR:../tests/test-coroutine.c:369:test_co_rwlock_downgrade: assertion failed: (c3_done)

...as a result of the c3 coroutine failing to run to completion.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210325112941.365238-7-pbonzini@redhat.com
Message-Id: <20210309144015.557477-5-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agotest-coroutine: Add rwlock upgrade test
Paolo Bonzini [Thu, 25 Mar 2021 11:29:40 +0000 (12:29 +0100)] 
test-coroutine: Add rwlock upgrade test

Test that rwlock upgrade is fair, and that readers go back to sleep if
a writer is in line.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210325112941.365238-6-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agocoroutine-lock: Reimplement CoRwlock to fix downgrade bug
Paolo Bonzini [Thu, 25 Mar 2021 11:29:39 +0000 (12:29 +0100)] 
coroutine-lock: Reimplement CoRwlock to fix downgrade bug

An invariant of the current rwlock is that if multiple coroutines hold a
reader lock, all must be runnable. The unlock implementation relies on
this, choosing to wake a single coroutine when the final read lock
holder exits the critical section, assuming that it will wake a
coroutine attempting to acquire a write lock.

The downgrade implementation violates this assumption by creating a
read lock owning coroutine that is exclusively runnable - any other
coroutines that are waiting to acquire a read lock are *not* made
runnable when the write lock holder converts its ownership to read
only.

More in general, the old implementation had lots of other fairness bugs.
The root cause of the bugs was that CoQueue would wake up readers even
if there were pending writers, and would wake up writers even if there
were readers.  In that case, the coroutine would go back to sleep *at
the end* of the CoQueue, losing its place at the head of the line.

To fix this, keep the queue of waiters explicitly in the CoRwlock
instead of using CoQueue, and store for each whether it is a
potential reader or a writer.  This way, downgrade can look at the
first queued coroutines and wake it only if it is a reader, causing
all other readers in line to be released in turn.

Reported-by: David Edmondson <david.edmondson@oracle.com>
Reviewed-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210325112941.365238-5-pbonzini@redhat.com
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agocoroutine-lock: Store the coroutine in the CoWaitRecord only once
David Edmondson [Thu, 25 Mar 2021 11:29:38 +0000 (12:29 +0100)] 
coroutine-lock: Store the coroutine in the CoWaitRecord only once

When taking the slow path for mutex acquisition, set the coroutine
value in the CoWaitRecord in push_waiter(), rather than both there and
in the caller.

Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-id: 20210325112941.365238-4-pbonzini@redhat.com
Message-Id: <20210309144015.557477-4-david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agoblock/vdi: Don't assume that blocks are larger than VdiHeader
David Edmondson [Thu, 25 Mar 2021 11:29:37 +0000 (12:29 +0100)] 
block/vdi: Don't assume that blocks are larger than VdiHeader

Given that the block size is read from the header of the VDI file, a
wide variety of sizes might be seen. Rather than re-using a block
sized memory region when writing the VDI header, allocate an
appropriately sized buffer.

Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Message-id: 20210325112941.365238-3-pbonzini@redhat.com
Message-Id: <20210309144015.557477-3-david.edmondson@oracle.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agoblock/vdi: When writing new bmap entry fails, don't leak the buffer
David Edmondson [Thu, 25 Mar 2021 11:29:36 +0000 (12:29 +0100)] 
block/vdi: When writing new bmap entry fails, don't leak the buffer

If a new bitmap entry is allocated, requiring the entire block to be
written, avoiding leaking the buffer allocated for the block should
the write fail.

Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: David Edmondson <david.edmondson@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Message-id: 20210325112941.365238-2-pbonzini@redhat.com
Message-Id: <20210309144015.557477-2-david.edmondson@oracle.com>
Acked-by: Max Reitz <mreitz@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
3 months agohw/net: fsl_etsec: Tx padding length should exclude CRC
Bin Meng [Tue, 16 Mar 2021 08:15:05 +0000 (16:15 +0800)] 
hw/net: fsl_etsec: Tx padding length should exclude CRC

As the comment of tx_padding_and_crc() says: "Never add CRC in QEMU",
min_frame_len should excluce CRC, so it should be 60 instead of 64.

Signed-off-by: Bin Meng <bmeng.cn@gmail.com>
Message-Id: <20210316081505.72898-1-bmeng.cn@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agospapr: Fix typo in the patb_entry comment
Alexey Kardashevskiy [Thu, 25 Feb 2021 03:23:35 +0000 (14:23 +1100)] 
spapr: Fix typo in the patb_entry comment

There is no H_REGISTER_PROCESS_TABLE, it is H_REGISTER_PROC_TBL handler
for which is still called h_register_process_table() though.

Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20210225032335.64245-1-aik@ozlabs.ru>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agospapr: Assert DIMM unplug state in spapr_memory_unplug()
Greg Kurz [Sat, 13 Mar 2021 07:23:31 +0000 (08:23 +0100)] 
spapr: Assert DIMM unplug state in spapr_memory_unplug()

spapr_memory_unplug() is the last step of the hot unplug sequence.
It is indirectly called by:

 spapr_lmb_release()
  hotplug_handler_unplug()

and spapr_lmb_release() already buys us that DIMM unplug state is
present : it gets restored with spapr_recover_pending_dimm_state()
if missing.

g_assert() that spapr_pending_dimm_unplugs_find() cannot return NULL
in spapr_memory_unplug() to make this clear and silence Coverity.

Fixes: Coverity CID 1450767
Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <161562021166.948373.15092876234470478331.stgit@bahia.lan>
Reviewed-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agotarget/ppc/kvm: Cache timebase frequency
Greg Kurz [Wed, 17 Mar 2021 17:57:07 +0000 (18:57 +0100)] 
target/ppc/kvm: Cache timebase frequency

Each vCPU core exposes its timebase frequency in the DT. When running
under KVM, this means parsing /proc/cpuinfo in order to get the timebase
frequency of the host CPU.

The parsing appears to slow down the boot quite a bit with higher number
of cores:

# of cores     seconds spent in spapr_dt_cpus()
      8                  0.550122
     16                  1.342375
     32                  2.850316
     64                  5.922505
     96                  9.109224
    128                 12.245504
    256                 24.957236
    384                 37.389113

The timebase frequency of the host CPU is identical for all
cores and it is an invariant for the VM lifetime. Cache it
instead of doing the same expensive parsing again and again.

Rename kvmppc_get_tbfreq() to kvmppc_get_tbfreq_procfs() and
rename the 'retval' variable to make it clear it is used as
fallback only. Come up with a new version of kvmppc_get_tbfreq()
that calls kvmppc_get_tbfreq_procfs() only once and keep the
value in a static.

Zero is certainly not a valid value for the timebase frequency.
Treat atoi() returning zero as another parsing error and return
the fallback value instead. This allows kvmppc_get_tbfreq() to
use zero as an indicator that kvmppc_get_tbfreq_procfs() hasn't
been called yet.

With this patch applied:

    384                 0.518382

Signed-off-by: Greg Kurz <groug@kaod.org>
Message-Id: <161600382766.1780699.6787739229984093959.stgit@bahia.lan>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agohw/ppc: e500: Add missing #address-cells and #size-cells in the eTSEC node
Bin Meng [Thu, 11 Mar 2021 08:16:08 +0000 (16:16 +0800)] 
hw/ppc: e500: Add missing #address-cells and #size-cells in the eTSEC node

Per devicetree spec v0.3 [1] chapter 2.3.5:

The #address-cells and #size-cells properties are not inherited
from ancestors in the devicetree. They shall be explicitly defined.
If missing, a client program should assume a default value of 2
for #address-cells, and a value of 1 for #size-cells.

These properties are currently missing, causing the <reg> property
of the queue-group subnode to be incorrectly parsed using default
values.

[1] https://github.com/devicetree-org/devicetree-specification/releases/download/v0.3/devicetree-specification-v0.3.pdf

Fixes: fdfb7f2cdb2d ("e500: Add support for eTSEC in device tree")
Signed-off-by: Bin Meng <bin.meng@windriver.com>
Message-Id: <20210311081608.66891-1-bmeng.cn@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
3 months agoUpdate version for v6.0.0-rc1 release 279022677 279022715 v6.0.0-rc1
Peter Maydell [Tue, 30 Mar 2021 17:19:07 +0000 (18:19 +0100)] 
Update version for v6.0.0-rc1 release

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210330' into... 278969271 279019987
Peter Maydell [Tue, 30 Mar 2021 15:37:15 +0000 (16:37 +0100)] 
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210330' into staging

 * net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set
 * hw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize()
 * hw/arm/smmuv3: Drop unused CDM_VALID() and is_cd_valid()
 * target/arm: Make number of counters in PMCR follow the CPU
 * hw/timer/renesas_tmr: Add default-case asserts in read_tcnt()

# gpg: Signature made Tue 30 Mar 2021 14:23:33 BST
# gpg:                using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg:                issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg:                 aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83  15CF 3C25 25ED 1436 0CDE

* remotes/pmaydell/tags/pull-target-arm-20210330:
  hw/timer/renesas_tmr: Add default-case asserts in read_tcnt()
  target/arm: Make number of counters in PMCR follow the CPU
  hw/arm/smmuv3: Drop unused CDM_VALID() and is_cd_valid()
  hw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize()
  net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoMerge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2021-03-30' into staging 278860505 278967271
Peter Maydell [Tue, 30 Mar 2021 13:06:54 +0000 (14:06 +0100)] 
Merge remote-tracking branch 'remotes/maxreitz/tags/pull-block-2021-03-30' into staging

Block patches for 6.0-rc1:
- Mark the qcow2 cache clean timer as external to fix record/replay
- Fix the mirror filter node's permissions so that an external process
  cannot grab an image while it is used as the mirror source
- Add documentation about FUSE exports to the storage daemon
- When creating a qcow2 image with the data-file-raw option, all
  metadata structures should be preallocated
- iotest fixes

# gpg: Signature made Tue 30 Mar 2021 13:38:40 BST
# gpg:                using RSA key 91BEB60A30DB3E8857D11829F407DB0061D5CF40
# gpg:                issuer "mreitz@redhat.com"
# gpg: Good signature from "Max Reitz <mreitz@redhat.com>" [full]
# Primary key fingerprint: 91BE B60A 30DB 3E88 57D1  1829 F407 DB00 61D5 CF40

* remotes/maxreitz/tags/pull-block-2021-03-30:
  iotests/244: Test preallocation for data-file-raw
  qcow2: Force preallocation with data-file-raw
  qsd: Document FUSE exports
  block/mirror: Fix mirror_top's permissions
  iotests/046: Filter request length
  qcow2: use external virtual timers
  iotests/116: Fix reference output
  iotests: fix 051.out expected output after error text touchups
  iotests: Fix typo in iotest 051

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/timer/renesas_tmr: Add default-case asserts in read_tcnt()
Peter Maydell [Tue, 30 Mar 2021 13:05:34 +0000 (14:05 +0100)] 
hw/timer/renesas_tmr: Add default-case asserts in read_tcnt()

In commit 81b3ddaf8772ec we fixed a use of uninitialized data
in read_tcnt(). However this change wasn't enough to placate
Coverity, which is not smart enough to see that if we read a
2 bit field and then handle cases 0, 1, 2 and 3 then there cannot
be a flow of execution through the switch default. Add explicit
default cases which assert that they can't be reached, which
should help silence Coverity.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210319162458.13760-1-peter.maydell@linaro.org

3 months agotarget/arm: Make number of counters in PMCR follow the CPU
Peter Maydell [Tue, 30 Mar 2021 13:05:33 +0000 (14:05 +0100)] 
target/arm: Make number of counters in PMCR follow the CPU

Currently we give all the v7-and-up CPUs a PMU with 4 counters.  This
means that we don't provide the 6 counters that are required by the
Arm BSA (Base System Architecture) specification if the CPU supports
the Virtualization extensions.

Instead of having a single PMCR_NUM_COUNTERS, make each CPU type
specify the PMCR reset value (obtained from the appropriate TRM), and
use the 'N' field of that value to define the number of counters
provided.

This means that we now supply 6 counters for Cortex-A53, A57, A72,
A15 and A9 as well as '-cpu max'; Cortex-A7 and A8 stay at 4; and
Cortex-R5 goes down to 3.

Note that because we now use the PMCR reset value of the specific
implementation, we no longer set the LC bit out of reset.  This has
an UNKNOWN value out of reset for all cores with any AArch32 support,
so guest software should be setting it anyway if it wants it.

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Marcin Juszkiewicz <marcin.juszkiewicz@linaro.org>
Message-id: 20210311165947.27470-1-peter.maydell@linaro.org
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
3 months agohw/arm/smmuv3: Drop unused CDM_VALID() and is_cd_valid()
Zenghui Yu [Tue, 30 Mar 2021 13:05:33 +0000 (14:05 +0100)] 
hw/arm/smmuv3: Drop unused CDM_VALID() and is_cd_valid()

They were introduced in commit 9bde7f0674fe ("hw/arm/smmuv3: Implement
translate callback") but never actually used. Drop them.

Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Acked-by: Eric Auger <eric.auger@redhat.com>
Message-id: 20210325142702.790-1-yuzenghui@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agohw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize()
Philippe Mathieu-Daudé [Tue, 30 Mar 2021 13:05:33 +0000 (14:05 +0100)] 
hw/display/xlnx_dp: Free FIFOs adding xlnx_dp_finalize()

When building with --enable-sanitizers we get:

  Direct leak of 16 byte(s) in 1 object(s) allocated from:
      #0 0x5618479ec7cf in malloc (qemu-system-aarch64+0x233b7cf)
      #1 0x7f675745f958 in g_malloc (/lib64/libglib-2.0.so.0+0x58958)
      #2 0x561847c2dcc9 in xlnx_dp_init hw/display/xlnx_dp.c:1259:5
      #3 0x56184a5bdab8 in object_init_with_type qom/object.c:375:9
      #4 0x56184a5a2bda in object_initialize_with_type qom/object.c:517:5
      #5 0x56184a5a24d5 in object_initialize qom/object.c:536:5
      #6 0x56184a5a2f6c in object_initialize_child_with_propsv qom/object.c:566:5
      #7 0x56184a5a2e60 in object_initialize_child_with_props qom/object.c:549:10
      #8 0x56184a5a3a1e in object_initialize_child_internal qom/object.c:603:5
      #9 0x5618495aa431 in xlnx_zynqmp_init hw/arm/xlnx-zynqmp.c:273:5

The RX/TX FIFOs are created in xlnx_dp_init(), add xlnx_dp_finalize()
to destroy them.

Fixes: 58ac482a66d ("introduce xlnx-dp")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210323182958.277654-1-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agonet/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set
Doug Evans [Tue, 30 Mar 2021 13:05:33 +0000 (14:05 +0100)] 
net/npcm7xx_emc.c: Fix handling of receiving packets when RSDR not set

Turning REG_MCMDR_RXON is enough to start receiving packets.

Signed-off-by: Doug Evans <dje@google.com>
Message-id: 20210319195044.741821-1-dje@google.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
3 months agoiotests/244: Test preallocation for data-file-raw
Max Reitz [Fri, 26 Mar 2021 14:55:09 +0000 (15:55 +0100)] 
iotests/244: Test preallocation for data-file-raw

Three test cases:
(1) Adding a qcow2 (metadata) file to an existing data file, see whether
    we can read the existing data through the qcow2 image.
(2) Append data to the data file, grow the qcow2 image accordingly, see
    whether we can read the new data through the qcow2 image.
(3) At runtime, add a backing image to a freshly created qcow2 image
    with an external data file (with data-file-raw).  Reading data from
    the qcow2 image must return the same result as reading data from the
    data file, so everything in the backing image must be ignored.
    (This did not use to be the case, because without the L2 tables
    preallocated, all clusters would appear as unallocated, and so the
    qcow2 driver would fall through to the backing file.)

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210326145509.163455-3-mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
3 months agoqcow2: Force preallocation with data-file-raw
Max Reitz [Fri, 26 Mar 2021 14:55:08 +0000 (15:55 +0100)] 
qcow2: Force preallocation with data-file-raw

Setting the qcow2 data-file-raw bit means that you can ignore the
qcow2 metadata when reading from the external data file.  It does not
mean that you have to ignore it, though.  Therefore, the data read must
be the same regardless of whether you interpret the metadata or whether
you ignore it, and thus the L1/L2 tables must all be present and give a
1:1 mapping.

This patch changes 244's output: First, the qcow2 file is larger right
after creation, because of metadata preallocation.  Second, the qemu-img
map output changes: Everything that was not explicitly discarded or
zeroed is now a data area.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210326145509.163455-2-mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
4 months agolinux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0
Frédéric Fortier [Sun, 28 Mar 2021 18:01:35 +0000 (14:01 -0400)] 
linux-user: NETLINK_LIST_MEMBERSHIPS: Allow bad ptr if its length is 0

getsockopt(fd, SOL_NETLINK, NETLINK_LIST_MEMBERSHIPS, *optval, *optlen)
syscall allows optval to be NULL/invalid if optlen points to a size of
zero. This allows userspace to query the length of the array they should
use to get the full membership list before allocating memory for said
list, then re-calling getsockopt with proper optval/optlen arguments.

Notable users of this pattern include systemd-networkd, which in the
(albeit old) version 237 tested, cannot start without this fix.

Signed-off-by: Frédéric Fortier <frf@ghgsat.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20210328180135.88449-1-frf@ghgsat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 months agoMerge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-for-6.0-pull-request'... 278385534 278823926
Peter Maydell [Mon, 29 Mar 2021 17:45:12 +0000 (18:45 +0100)] 
Merge remote-tracking branch 'remotes/nvme/tags/nvme-fixes-for-6.0-pull-request' into staging

emulated nvme fixes

# gpg: Signature made Mon 29 Mar 2021 18:03:30 BST
# gpg:                using RSA key 522833AA75E2DCE6A24766C04DE1AF316D4F0DE9
# gpg: Good signature from "Klaus Jensen <its@irrelevant.dk>" [unknown]
# gpg:                 aka "Klaus Jensen <k.jensen@samsung.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg:          There is no indication that the signature belongs to the owner.
# Primary key fingerprint: DDCA 4D9C 9EF9 31CC 3468  4272 63D5 6FC5 E55D A838
#      Subkey fingerprint: 5228 33AA 75E2 DCE6 A247  66C0 4DE1 AF31 6D4F 0DE9

* remotes/nvme/tags/nvme-fixes-for-6.0-pull-request:
  hw/block/nvme: fix ref counting in nvme_format_ns
  hw/block/nvme: fix resource leak in nvme_dif_rw

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 months agohw/block/nvme: fix ref counting in nvme_format_ns
Klaus Jensen [Mon, 22 Mar 2021 06:10:24 +0000 (07:10 +0100)] 
hw/block/nvme: fix ref counting in nvme_format_ns

Max noticed that since blk_aio_pwrite_zeroes() may invoke the callback
before returning, the callbacks will never see *count == 0 and thus
never free the count variable or decrement num_formats causing a CQE to
never be posted.

Coverity (CID 1451082) also picked up on the fact that count would not
be free'ed if the namespace was of zero size.

Fix both of these issues by explicitly checking *count and finalize for
the given namespace if --(*count) is zero. Enqueing a CQE if there are
no AIOs outstanding after this case is already handled by nvme_format()
by inspecting *num_formats.

Reported-by: Max Reitz <mreitz@redhat.com>
Reported-by: Coverity (CID 1451082)
Fixes: dc04d25e2f3f ("hw/block/nvme: add support for the format nvm command")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
4 months agohw/block/nvme: fix resource leak in nvme_dif_rw
Klaus Jensen [Mon, 22 Mar 2021 05:58:38 +0000 (06:58 +0100)] 
hw/block/nvme: fix resource leak in nvme_dif_rw

If nvme_map_dptr() fails, nvme_dif_rw() will leak the bounce context.
Fix this by using the same error handling as everywhere else in the
function.

Reported-by: Coverity (CID 1451080)
Fixes: 146f720c5563 ("hw/block/nvme: end-to-end data protection")
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
4 months agoqsd: Document FUSE exports
Max Reitz [Wed, 17 Feb 2021 11:58:44 +0000 (12:58 +0100)] 
qsd: Document FUSE exports

Implementing FUSE exports required no changes to the storage daemon, so
we forgot to document them there.  Considering that both NBD and
vhost-user-blk exports are documented in its man page (and NBD exports
in its --help text), we should probably do the same for FUSE.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210217115844.62661-1-mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
4 months agoblock/mirror: Fix mirror_top's permissions
Max Reitz [Thu, 11 Feb 2021 17:22:41 +0000 (18:22 +0100)] 
block/mirror: Fix mirror_top's permissions

mirror_top currently shares all permissions, and takes only the WRITE
permission (if some parent has taken that permission, too).

That is wrong, though; mirror_top is a filter, so it should take
permissions like any other filter does.  For example, if the parent
needs CONSISTENT_READ, we need to take that, too, and if it cannot share
the WRITE permission, we cannot share it either.

The exception is when mirror_top is used for active commit, where we
cannot take CONSISTENT_READ (because it is deliberately unshared above
the base node) and where we must share WRITE (so that it is shared for
all images in the backing chain, so the mirror job can take it for the
target BB).

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210211172242.146671-2-mreitz@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com>
4 months agoiotests/046: Filter request length
Max Reitz [Fri, 18 Sep 2020 15:33:23 +0000 (17:33 +0200)] 
iotests/046: Filter request length

For its concurrent requests, 046 has always filtered the offset,
probably because concurrent requests may settle in any order.  However,
it did not filter the request length, and so if requests with different
lengths settle in an unexpected order (notably the longer request before
the shorter request), the test fails (for no good reason).

Filter the length, too.

Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20200918153323.108932-1-mreitz@redhat.com>

4 months agoqcow2: use external virtual timers
Pavel Dovgalyuk [Mon, 29 Mar 2021 08:06:03 +0000 (11:06 +0300)] 
qcow2: use external virtual timers

Regular virtual timers are used to emulate timings
related to vCPU and peripheral states. QCOW2 uses timers
to clean the cache. These timers should have external
flag. In the opposite case they affect the execution
and it can't be recorded and replayed.
This patch adds external flag to the timer for qcow2
cache clean.

Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <161700516327.1141158.8366564693714562536.stgit@pasha-ThinkPad-X280>
Signed-off-by: Max Reitz <mreitz@redhat.com>
4 months agoiotests/116: Fix reference output
Max Reitz [Fri, 26 Mar 2021 14:14:19 +0000 (15:14 +0100)] 
iotests/116: Fix reference output

15ce94a68ca ("block/qed: bdrv_qed_do_open: deal with errp") has improved
the qed driver's error reporting, though sadly did not add a test for
it.
The good news are: There already is such a test, namely 116.
The bad news are: Its reference output was not adjusted, and so now it
fails.

Let's fix the reference output, which has the nice side effect of
demonstrating 15ce94a68ca's improvements.

Fixes: 15ce94a68ca6730466c565c3d29971aab3087bf1
       ("block/qed: bdrv_qed_do_open: deal with errp")
Signed-off-by: Max Reitz <mreitz@redhat.com>
Message-Id: <20210326141419.156831-1-mreitz@redhat.com>

4 months agoiotests: fix 051.out expected output after error text touchups
Connor Kuehl [Thu, 18 Mar 2021 20:09:49 +0000 (15:09 -0500)] 
iotests: fix 051.out expected output after error text touchups

A patch was recently applied that touched up some error messages that
pertained to key names like 'node-name'. The trouble is it only updated
tests/qemu-iotests/051.pc.out and not tests/qemu-iotests/051.out as
well.

Do that now.

Fixes: 785ec4b1b9 ("block: Clarify error messages pertaining to
'node-name'")
Signed-off-by: Connor Kuehl <ckuehl@redhat.com>
Message-Id: <20210318200949.1387703-2-ckuehl@redhat.com>
Tested-by: Christian Borntraeger <borntraeger@de.ibm.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
4 months agoiotests: Fix typo in iotest 051
Tao Xu [Wed, 24 Mar 2021 08:43:21 +0000 (16:43 +0800)] 
iotests: Fix typo in iotest 051

There is an typo in iotest 051, correct it.

Signed-off-by: Tao Xu <tao3.xu@intel.com>
Message-Id: <20210324084321.90952-1-tao3.xu@intel.com>
Signed-off-by: Max Reitz <mreitz@redhat.com>
4 months agoMerge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request... 277849398 278152007
Peter Maydell [Sun, 28 Mar 2021 18:49:57 +0000 (19:49 +0100)] 
Merge remote-tracking branch 'remotes/vivier2/tags/linux-user-for-6.0-pull-request' into staging

linux-user pull request 20210328

- Fix recvfrom with NULL msg
- Fix sigreturn address on s390x

# gpg: Signature made Sun 28 Mar 2021 17:05:45 BST
# gpg:                using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg:                issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg:                 aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg:                 aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F  5173 F30C 38BD 3F2F BE3C

* remotes/vivier2/tags/linux-user-for-6.0-pull-request:
  linux-user: allow NULL msg in recvfrom
  linux-user/s390x: Use the guest pointer for the sigreturn stub

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 months agolinux-user: allow NULL msg in recvfrom
Zach Reizner [Sat, 27 Mar 2021 02:11:16 +0000 (22:11 -0400)] 
linux-user: allow NULL msg in recvfrom

The kernel allows a NULL msg in recvfrom so that he size of the next
message may be queried before allocating a correctly sized buffer. This
change allows the syscall translator to pass along the NULL msg pointer
instead of returning early with EFAULT.

Signed-off-by: Zach Reizner <zachr@google.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <CAFNex=DvFCq=AQf+=19fTfw-T8eZZT=3NnFFm2JMFvVr5QgQyA@mail.gmail.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
4 months agoMerge remote-tracking branch 'remotes/kraxel/tags/fixes-20210326-pull-request' into... 277088067 277274524
Peter Maydell [Fri, 26 Mar 2021 12:58:58 +0000 (12:58 +0000)] 
Merge remote-tracking branch 'remotes/kraxel/tags/fixes-20210326-pull-request' into staging

fixes for usb, virtio-gpu and vhost-gpu

# gpg: Signature made Fri 26 Mar 2021 12:49:14 GMT
# gpg:                using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg:                 aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg:                 aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901  FE7D 4CB6 D8EE D3E8 7138

* remotes/kraxel/tags/fixes-20210326-pull-request:
  hw/usb/hcd-ehci: Fix crash when showing help of EHCI devices
  s390x: modularize virtio-gpu-ccw
  s390x: add have_virtio_ccw
  s390x: move S390_ADAPTER_SUPPRESSIBLE
  hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize()
  vhost-user-gpu: fix cursor move/update
  vhost-user-gpu: fix vugbm_device_init fallback
  vhost-user-gpu: glFlush before notifying clients
  usb: Remove "-usbdevice ccid"

Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
4 months agohw/usb/hcd-ehci: Fix crash when showing help of EHCI devices
Thomas Huth [Fri, 26 Mar 2021 09:51:55 +0000 (10:51 +0100)] 
hw/usb/hcd-ehci: Fix crash when showing help of EHCI devices

QEMU crashes with certain targets when trying to show the help
output of EHCI devices:

$ ./qemu-system-aarch64 -device ich9-usb-ehci1,help
qemu-system-aarch64: ../../devel/qemu/softmmu/physmem.c:1154: phys_section_add:
 Assertion `map->sections_nb < TARGET_PAGE_SIZE' failed.
Aborted (core dumped)

This happens because the device is doing things at "instance_init" time
that should be done at "realize" time instead. So move the related code
to the realize() function instead. (NB: This now also matches the
memory_region_del_subregion() calls which are done in usb_ehci_unrealize(),
and not during finalize()).

Suggested-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210326095155.1994604-1-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agos390x: modularize virtio-gpu-ccw
Gerd Hoffmann [Wed, 17 Mar 2021 09:56:22 +0000 (10:56 +0100)] 
s390x: modularize virtio-gpu-ccw

Since the virtio-gpu-ccw device depends on the hw-display-virtio-gpu
module, which provides the type virtio-gpu-device, packaging the
hw-display-virtio-gpu module as a separate package that may or may not
be installed along with the qemu package leads to problems. Namely if
the hw-display-virtio-gpu is absent, qemu continues to advertise
virtio-gpu-ccw, but it aborts not only when one attempts using
virtio-gpu-ccw, but also when libvirtd's capability probing tries
to instantiate the type to introspect it.

Let us thus introduce a module named hw-s390x-virtio-gpu-ccw that
is going to provide the virtio-gpu-ccw device. The hw-s390x prefix
was chosen because it is not a portable device.

With virtio-gpu-ccw built as a module, the correct way to package a
modularized qemu is to require that hw-display-virtio-gpu must be
installed whenever the module hw-s390x-virtio-gpu-ccw.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210317095622.2839895-4-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agos390x: add have_virtio_ccw
Gerd Hoffmann [Wed, 17 Mar 2021 09:56:21 +0000 (10:56 +0100)] 
s390x: add have_virtio_ccw

Introduce a symbol which can be used to prevent ccw modules
being loaded into system emulators without ccw support.

Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210317095622.2839895-3-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agos390x: move S390_ADAPTER_SUPPRESSIBLE
Gerd Hoffmann [Wed, 17 Mar 2021 09:56:20 +0000 (10:56 +0100)] 
s390x: move S390_ADAPTER_SUPPRESSIBLE

The definition S390_ADAPTER_SUPPRESSIBLE was moved to "cpu.h", per
suggestion of Thomas Huth. From interface design perspective, IMHO, not
a good thing as it belongs to the public interface of
css_register_io_adapters(). We did this because CONFIG_KVM requeires
NEED_CPU_H and Thomas, and other commenters did not like the
consequences of that.

Moving the interrupt related declarations to s390_flic.h was suggested
by Cornelia Huck.

Signed-off-by: Halil Pasic <pasic@linux.ibm.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Halil Pasic <pasic@linux.ibm.com>
Tested-by: Halil Pasic <pasic@linux.ibm.com>
Message-Id: <20210317095622.2839895-2-kraxel@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agohw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize()
Philippe Mathieu-Daudé [Tue, 23 Mar 2021 18:37:01 +0000 (19:37 +0100)] 
hw/usb/hcd-ehci-sysbus: Free USBPacket on instance finalize()

When building with --enable-sanitizers we get:

  Direct leak of 32 byte(s) in 2 object(s) allocated from:
      #0 0x5618479ec7cf in malloc (qemu-system-aarch64+0x233b7cf)
      #1 0x7f675745f958 in g_malloc (/lib64/libglib-2.0.so.0+0x58958)
      #2 0x561847f02ca2 in usb_packet_init hw/usb/core.c:531:5
      #3 0x561848df4df4 in usb_ehci_init hw/usb/hcd-ehci.c:2575:5
      #4 0x561847c119ac in ehci_sysbus_init hw/usb/hcd-ehci-sysbus.c:73:5
      #5 0x56184a5bdab8 in object_init_with_type qom/object.c:375:9
      #6 0x56184a5bd955 in object_init_with_type qom/object.c:371:9
      #7 0x56184a5a2bda in object_initialize_with_type qom/object.c:517:5
      #8 0x56184a5a24d5 in object_initialize qom/object.c:536:5
      #9 0x56184a5a2f6c in object_initialize_child_with_propsv qom/object.c:566:5
      #10 0x56184a5a2e60 in object_initialize_child_with_props qom/object.c:549:10
      #11 0x56184a5a3a1e in object_initialize_child_internal qom/object.c:603:5
      #12 0x561849542d18 in npcm7xx_init hw/arm/npcm7xx.c:427:5

Similarly to commit d710e1e7bd3 ("usb: ehci: fix memory leak in
ehci"), fix by calling usb_ehci_finalize() to free the USBPacket.

Fixes: 7341ea075c0
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210323183701.281152-1-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agovhost-user-gpu: fix cursor move/update
Marc-André Lureau [Fri, 12 Mar 2021 10:00:45 +0000 (14:00 +0400)] 
vhost-user-gpu: fix cursor move/update

"move" is incorrectly initialized.

Fix it by using a switch statement and also treating unknown commands
with a fallback.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210312100108.2706195-5-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agovhost-user-gpu: fix vugbm_device_init fallback
Marc-André Lureau [Fri, 12 Mar 2021 10:00:44 +0000 (14:00 +0400)] 
vhost-user-gpu: fix vugbm_device_init fallback

vugbm implements GBM device wrapping, udmabuf and memory fallback.
However, the fallback/detection logic is flawed, as if "/dev/udmabuf"
failed to be opened, it will not initialize vugbm and crash later.

Rework the vugbm_device_init() logic to initialize correctly in all
cases.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210312100108.2706195-4-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agovhost-user-gpu: glFlush before notifying clients
Marc-André Lureau [Fri, 12 Mar 2021 10:00:43 +0000 (14:00 +0400)] 
vhost-user-gpu: glFlush before notifying clients

For similar reasons as commit 3af1671852 ("spice: flush on GL update
before notifying client"), vhost-user-gpu must ensure the GL state is
flushed before sharing its rendering result.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20210312100108.2706195-3-marcandre.lureau@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agousb: Remove "-usbdevice ccid"
Thomas Huth [Thu, 11 Mar 2021 09:28:29 +0000 (10:28 +0100)] 
usb: Remove "-usbdevice ccid"

"-usbdevice ccid" was not documented and -usbdevice itself was marked
as deprecated before QEMU v6.0. And searching for "-usbdevice ccid"
in the internet does not show any useful results, so likely nobody
was using the ccid device via the -usbdevice option. Remove it now.

Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210311092829.1479051-1-thuth@redhat.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
4 months agolinux-user/s390x: Use the guest pointer for the sigreturn stub
Andreas Krebbel [Wed, 24 Mar 2021 18:51:28 +0000 (19:51 +0100)] 
linux-user/s390x: Use the guest pointer for the sigreturn stub

When setting up the pointer for the sigreturn stub in the return
address register (r14) we currently use the host frame address instead
of the guest frame address.

Note: This only caused problems if Qemu has been built with
--disable-pie (as it is in distros nowadays). Otherwise guest_base
defaults to 0 hiding the actual problem.

Signed-off-by: Andreas Krebbel <krebbel@linux.ibm.com>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20210324185128.63971-1-krebbel@linux.ibm.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>