Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Suggested-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210902113551.461632-15-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
and drop custom function that were doing the job
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-14-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
follow up call with smbios options generates the same ACPI tables,
so there is no need to run smbios-less variant at all.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-13-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-11-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-10-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-8-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-7-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Set -smp 1,maxcpus=288 to test for ACPI code that
deal with CPUs with large APIC ID (>255).
PS:
Test requires KVM and in-kernel irqchip support,
so skip test if KVM is not available.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-5-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-4-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Currently it is not possible to create tests that have KVM as a hard
requirement on a host that doesn't support KVM for tested target
binary (modulo going through the trouble of compiling out
the offending test case).
Following scenario makes test fail when it's run on non x86 host:
qemu-system-x86_64 -enable-kvm -M q35,kernel-irqchip=on -smp 1,maxcpus=288
This patch introduces qtest_has_accel() to let users check if accel is
available in advance and avoid executing non run-able test-cases.
It implements detection of TCG and KVM only, the rest could be
added later on, when we actually start testing them in qtest.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-3-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210902113551.461632-2-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Cc: Alexander Oleinik <alxndr@bu.edu>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20211007130829.632254-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Meson 0.58.2 does not need b_staticpic=$pie anymore, and has
stabilized the keyval module. Remove the workaround and use a few
replacements for features deprecated in the 0.57.0 release cycle.
One feature that we would like to use is passing dependencies to
summary. However, that was broken in 0.59.0 and 0.59.1. Therefore,
use the embedded Meson if the host has anything older than 0.59.2,
but allow --meson= to use 0.58.2.
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Since commit 80d7835749 (qemu-options: rewrite help for -smp options),
the preference of sockets/cores in -smp parsing is considered liable
to change, and actually we are going to change it in a coming commit.
So it'll be more stable to use detailed -smp CLIs in the testcases
that have strong dependency on the parsing results.
Currently, test_def_cpu_split use "-smp 8" and will get 8 CPU sockets
based on current parsing rule. But if we change to prefer cores over
sockets we will get one CPU socket with 8 cores, and this testcase
will not get expected numa set by default on x86_64 (Ok on aarch64).
So now explicitly use "-smp 8,sockets=8" to avoid affect from parsing
logic change.
Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210929025816.21076-9-wangyanan55@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Since commit 80d7835749 (qemu-options: rewrite help for -smp options),
the preference of sockets/cores in -smp parsing is considered liable
to change, and actually we are going to change it in a coming commit.
So it'll be more stable to use detailed -smp CLIs in testing if we
have strong dependency on the parsing results.
pc_dynamic_cpu_cfg currently assumes/needs that there will be 2 CPU
sockets with "-smp 2". To avoid breaking the test because of parsing
logic change, now explicitly use "-smp 2,sockets=2".
Signed-off-by: Yanan Wang <wangyanan55@huawei.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210929025816.21076-8-wangyanan55@huawei.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Skip the test if bzip2 is not available, and run it after they are
uncompressed.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210923105529.3845741-2-pbonzini@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Libvirt can use query-sgx-capabilities to get the host
sgx capabilities to decide how to allocate SGX EPC size to VM.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210910102258.46648-3-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The QMP and HMP interfaces can be used by monitor or QMP tools to retrieve
the SGX information from VM side when SGX is enabled on Intel platform.
Signed-off-by: Yang Zhong <yang.zhong@intel.com>
Message-Id: <20210910102258.46648-2-yang.zhong@intel.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
g_setenv() can fail; check for it when starting a QEMU process
when we set the QEMU_AUDIO_DRV environment variable.
Because this happens after fork() reporting an exact message
via printf() is a bad idea; just exit(1), as we already do
for the case of execlp() failure.
Fixes: Coverity CID 1460117
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210820163750.9106-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE+tTiv4cTddY0BRfETmYd3lg6lk4FAmEvZwgACgkQTmYd3lg6
lk6nCw//X5wVWFBHDw+7nQ3lpu/rYTVTdqzdwgcOih5ima4ZeqmRbEMGhKYHcekZ
YQxAP3r4k11Fp2Jev4CS18c4TVE/jYE7d8RwS5ROGTT8IOhe3Ntgd6d5MNjIdm86
HwaTmmrxpL2cCWUgCGX8H+BXT0p+sjNpMTXfgu9CYlYEgVQKVRiTBTEsCku12FRM
kwqHaFzJZoFMd45NhbH2wHt/dmDVuVYp7UuCM/HzNFKLO8E25sBLQip97RRTgInB
iT9vadTYsgkrdRbIWiQbP8vWKL4D0SS7Sw6DYlxTCYhEEZffiiXPVqEwf+qr9LRX
sLui6vMyjLB4yhjsg5AEd0IMZSP4H431su6YEuP0XOXG5yh5nSNkGVim0ezt1UBF
DDvYDumVK0P4seCVhK87fEejW9+GAlTSf65LBcK07JSo5DLyRzfmwBXQM3EKzdCK
y58Jthkmlhe4zym40WNwM91QFaNuWAD0pdvB9fa9OcidvuLgkhdgN72LJVgZSoq9
7UuWSV6laTnTAIP1YL4R5fvq1r5gNE1cnzCFf6th87pmvOUhO43Y2dT6Me8UR0v8
B7tHxtAiZJkfWvOYL4Jy3vaBXuivZCtEYUUDc0Y0Cmzfd9DnvnkxrKirZ6ECoyDs
RsR6nUO1tbpe0ekdl8EvYG3PRt8iHIahZ25GnKcUSTRFydetPqE=
=ec6M
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/a1xndr/tags/fuzz-pull-2021-09-01' into staging
Fuzzing Patches for 2021-09-01
# gpg: Signature made Wed 01 Sep 2021 12:42:00 BST
# gpg: using RSA key FAD4E2BF871375D6340517C44E661DDE583A964E
# gpg: Good signature from "Alexander Bulekov <alxndr@bu.edu>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAD4 E2BF 8713 75D6 3405 17C4 4E66 1DDE 583A 964E
* remotes/a1xndr/tags/fuzz-pull-2021-09-01:
MAINTAINERS: add fuzzing reviewer
MAINTAINERS: Add myself as a reviewer for Device Fuzzing
fuzz: unblock SIGALRM so the timeout works
fuzz: use ITIMER_REAL for timeouts
fuzz: add an instrumentation filter
fuzz: make object-name matching case-insensitive
fuzz: adjust timeout to allow for longer inputs
fuzz: fix sparse memory access in the DMA callback
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
-----BEGIN PGP SIGNATURE-----
iQEzBAABCAAdFiEEuBi5yt+QicLVzsZrda1lgCoLQhEFAmEvbmcACgkQda1lgCoL
QhEmtggAgWR8p/4awhUoTscEkLBoilxJATTZBkxbN8NrRYmOIIn29QShhEDhvuG9
t6ch0DrJuSVMISTnMHtE5XJKBBD8vFS04SaD4Op8NgOyKTd2fQSXx6SyqgQVK0ui
zfZFjcjam9i+onIGVCSoUkGRL5GMOTougTh4SwMndR9sL9cn7lUQEJZbk7kS1II6
5r6uvKPtY4fyvxsi0wcHOYFSeajJfQOVZkav7JCnvuXiiCjQzZw2Aadsvrkmt3Y4
oaOTiOvYWJhNqFhWSuyY7gS4E4fjShwr3UuOcsmKUTu56Uf2GgdA9w4+AfZJQSxG
C1Vi+u5J8+oZzVHna9T1lRKQ5wLfCA==
=IprO
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/stefanberger/tags/pull-tpm-2021-09-01-1' into staging
Merge tpm 2021/09/01 v1
# gpg: Signature made Wed 01 Sep 2021 13:13:27 BST
# gpg: using RSA key B818B9CADF9089C2D5CEC66B75AD65802A0B4211
# gpg: Good signature from "Stefan Berger <stefanb@linux.vnet.ibm.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: B818 B9CA DF90 89C2 D5CE C66B 75AD 6580 2A0B 4211
* remotes/stefanberger/tags/pull-tpm-2021-09-01-1:
tests: acpi: tpm1.2: Add expected TPM 1.2 ACPI blobs
tests: acpi: Add test cases for TPM 1.2 with TCPA table
tests: Use QMP to check whether a TPM device model is available
tests: acpi: prepare for new TPM 1.2 related tables
tests: tpm: Create TPM 1.2 response in TPM emulator
tests: acpi: tpm2: Add the renamed ACPI files and drop old ones
tests: Add suffix 'tpm2' or 'tpm12' to ACPI table files
tests: acpi: Prepare for renaming of TPM2 related ACPI files
tests: Add tpm_version field to TPMTestState and fill it
tests: Rename TestState to TPMTestState
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The timeout mechanism won't work if SIGALRM is blocked. This changes
unmasks SIGALRM when the timer is installed. This doesn't completely
solve the problem, as the fuzzer could trigger some device activity that
re-masks SIGALRM. However, there are currently no inputs on OSS-Fuzz
that re-mask SIGALRM and timeout. If that turns out to be a real issue,
we could try to hook sigmask-type calls, or use a separate timer thread.
Based-on: <20210713150037.9297-1-alxndr@bu.edu>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Using ITIMER_VIRTUAL is a bad idea, if the fuzzer hits a blocking
syscall - e.g. ppoll with a NULL timespec. This causes timeout issues
while fuzzing some block-device code. Fix that by using wall-clock time.
This might cause inputs to timeout sometimes due to scheduling
effects/ambient load, but it is better than bringing the entire fuzzing
process to a halt.
Based-on: <20210713150037.9297-1-alxndr@bu.edu>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
We have some configs for devices such as the AC97 and ES1370 that were
not matching memory-regions correctly, because the configs provided
lowercase names. To resolve these problems and prevent them from
occurring again in the future, convert both the pattern and names to
lower-case, prior to checking for a match.
Suggested-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Using a custom timeout is useful to continue fuzzing complex devices,
even after we run into some slow code-path. However, simply adding a
fixed timeout to each input effectively caps the maximum input
length/number of operations at some artificial value. There are two
major problems with this:
1. Some code might only be reachable through long IO sequences.
2. Longer inputs can actually be _better_ for performance. While the
raw number of fuzzer executions decreases with larger inputs, the
number of MMIO/PIO/DMA operation/second actually increases, since
were are speding proportionately less time fork()ing.
With this change, we keep the custom-timeout, but we renew it, prior to
each MMIO/PIO/DMA operation. Thus, we time-out only when a specific
operation takes a long time.
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
The code mistakenly relied on address_space_translate to store the
length remaining until the next memory-region. We care about this
because when there is RAM or sparse-memory neighboring on an MMIO
region, we should only write up to the border, to prevent inadvertently
invoking MMIO handlers within the DMA callback.
However address_space_translate_internal only stores the length until
the end of the MemoryRegion if memory_region_is_ram(mr). Otherwise
the *len is left unmodified. This caused some false-positive issues,
where the fuzzer found a way to perform a nested MMIO write through a
DMA callback on an [address, length] that started within sparse memory
and spanned some device MMIO regions.
To fix this, write to sparse memory in small chunks of
memory_access_size (similar to the underlying address_space_write code),
which will prevent accidentally hitting MMIO handlers through large
writes.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Add tests that the A64FX CPU model exposes the expected features.
Signed-off-by: Shuuichirou Ishii <ishii.shuuichir@fujitsu.com>
Reviewed-by: Andrew Jones <drjones@redhat.com>
[PMM: added commit message body]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Commit 155e1c82ed deprecated the raspi2/raspi3 machine names.
Use the recommended new names: raspi2b and raspi3b.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Willian Rampazzo <willianr@redhat.com>
Message-id: 20210827060815.2384760-2-f4bug@amsat.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-10-stefanb@linux.ibm.com
Use QMP to check whether a given TPM device model is available and if it
is not the case then do not register the tests that require it.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-id: 20210802215246.1433175-9-stefanb@linux.ibm.com
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-8-stefanb@linux.ibm.com
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-6-stefanb@linux.ibm.com
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-5-stefanb@linux.ibm.com
Cc: Michael S. Tsirkin <mst@redhat.com>
Cc: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20210802215246.1433175-4-stefanb@linux.ibm.com
xlnx_dp_read allows an out-of-bounds read at its default branch because
of an improper index.
According to
https://www.xilinx.com/html_docs/registers/ug1087/ug1087-zynq-ultrascale-registers.html
(DP Module), registers 0x3A4/0x3A4/0x3AC are allowed.
DP_INT_MASK 0x000003A4 32 mixed 0xFFFFF03F Interrupt Mask Register for intrN.
DP_INT_EN 0x000003A8 32 mixed 0x00000000 Interrupt Enable Register.
DP_INT_DS 0x000003AC 32 mixed 0x00000000 Interrupt Disable Register.
In xlnx_dp_write, when the offset is 0x3A8 and 0x3AC, the virtual device
will write s->core_registers[0x3A4
>> 2]. That is to say, the maxize of s->core_registers could be ((0x3A4
>> 2) + 1). However, the current size of s->core_registers is (0x3AF >>
>> 2), that is ((0x3A4 >> 2) + 2), which is out of the range.
In xlxn_dp_read, the access to offset 0x3A8 or 0x3AC will be directed to
the offset 0x3A8 (incorrect functionality) or 0x3AC (out-of-bounds read)
rather than 0x3A4.
This patch enforces the read access to offset 0x3A8 and 0x3AC to 0x3A4,
but does not adjust the size of s->core_registers to avoid breaking
migration.
Fixes: 58ac482a66 ("introduce xlnx-dp")
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Acked-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <1628059910-12060-1-git-send-email-cyruscyliu@gmail.com>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Zero-initialize the sockaddr_in struct that we're about to fill in
and pass to bind(), to ensure we don't leave possible
implementation-defined extension fields as uninitialized garbage.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Corey Minyard <cminyard@mvista.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-id: 20210813150506.7768-4-peter.maydell@linaro.org
The vhost-user-blk-test currently hangs if QTEST_QEMU_STORAGE_DAEMON_BINARY
points to a non-existing binary. Let's improve this situation by checking
for the availability of the binary first, so we can fail gracefully if
it is not accessible.
Message-Id: <20210811095949.133462-1-thuth@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
vhost-user-blk-test needs the qemu-storage-daemon, otherwise it
currently hangs. So make sure that we build the daemon before running
the tests.
Message-Id: <20210811094705.131314-1-thuth@redhat.com>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Thomas Huth <thuth@redhat.com>
OSS-Fuzz found sending illegal addresses when querying the write
protection bits triggers the assertion added in commit 84816fb63e
("hw/sd/sdcard: Assert if accessing an illegal group"):
qemu-fuzz-i386-target-generic-fuzz-sdhci-v3: ../hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t):
Assertion `wpnum < sd->wpgrps_size' failed.
#3 0x7f62a8b22c91 in __assert_fail
#4 0x5569adcec405 in sd_wpbits hw/sd/sd.c:824:9
#5 0x5569adce5f6d in sd_normal_command hw/sd/sd.c:1389:38
#6 0x5569adce3870 in sd_do_command hw/sd/sd.c:1737:17
#7 0x5569adcf1566 in sdbus_do_command hw/sd/core.c💯16
#8 0x5569adcfc192 in sdhci_send_command hw/sd/sdhci.c:337:12
#9 0x5569adcfa3a3 in sdhci_write hw/sd/sdhci.c:1186:9
#10 0x5569adfb3447 in memory_region_write_accessor softmmu/memory.c:492:5
It is legal for the CMD30 to query for out-of-range addresses.
Such invalid addresses are simply ignored in the response (write
protection bits set to 0).
In commit 84816fb63e ("hw/sd/sdcard: Assert if accessing an illegal
group") we misplaced the assertion *before* we test the address is
in range. Move it *after*.
Include the qtest reproducer provided by Alexander Bulekov:
$ make check-qtest-i386
...
Running test qtest-i386/fuzz-sdcard-test
qemu-system-i386: ../hw/sd/sd.c:824: sd_wpbits: Assertion `wpnum < sd->wpgrps_size' failed.
Cc: qemu-stable@nongnu.org
Reported-by: OSS-Fuzz (Issue 29225)
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Fixes: 84816fb63e ("hw/sd/sdcard: Assert if accessing an illegal group")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/495
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210802235524.3417739-3-f4bug@amsat.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Even if <linux/kvm.h> seems to exist for all archs on linux, however including
it with __linux__ defined seems to be not working yet as it'll try to include
asm/kvm.h and that can be missing for archs that do not support kvm.
To fix this (instead of any attempt to fix linux headers..), we can mark the
header to be x86_64 only, because it's so far only service for adding the kvm
dirty ring test.
Fixes: 1f546b709d ("tests: migration-test: Add dirty ring test")
Reported-by: Richard Henderson <rth@twiddle.net>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20210728214128.206198-1-peterx@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Add a regression test for mmio read on big-endian hosts.
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
Reviewed-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
This will test the PMR functionality.
Signed-off-by: Gollu Appalanaidu <anaidu.gollu@samsung.com>
Reviewed-by: Klaus Jensen <k.jensen@samsung.com>
[k.jensen: replaced memory-backend-file with memory-backend-ram]
Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
OpenBSD doesn't like :0 as an address, switch to using 127.0.0.1
in baddest; it's really testing the :0 port number that isn't allowed
on anything.
(The test doesn't currently run anyway because of the userfault
problem that Peter noticed, but this gets us closer to being able to
reenable it)
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210719185217.122105-1-dgilbert@redhat.com>
Acked-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
OSS-Fuzz found sending illegal addresses when querying the write
protection bits triggers an assertion:
qemu-fuzz-i386: hw/sd/sd.c:824: uint32_t sd_wpbits(SDState *, uint64_t): Assertion `wpnum < sd->wpgrps_size' failed.
==11578== ERROR: libFuzzer: deadly signal
#8 0x7ffff628e091 in __assert_fail
#9 0x5555588f1a3c in sd_wpbits hw/sd/sd.c:824:9
#10 0x5555588dd271 in sd_normal_command hw/sd/sd.c:1383:38
#11 0x5555588d777c in sd_do_command hw/sd/sd.c
#12 0x555558cb25a0 in sdbus_do_command hw/sd/core.c💯16
#13 0x555558e02a9a in sdhci_send_command hw/sd/sdhci.c:337:12
#14 0x555558dffa46 in sdhci_write hw/sd/sdhci.c:1187:9
#15 0x5555598b9d76 in memory_region_write_accessor softmmu/memory.c:489:5
Similarly to commit 8573378e62 ("hw/sd: fix out-of-bounds check
for multi block reads"), check the address range before sending
the status of the write protection bits.
Include the qtest reproducer provided by Alexander Bulekov:
$ make check-qtest-i386
...
Running test qtest-i386/fuzz-sdcard-test
qemu-system-i386: ../hw/sd/sd.c:824: sd_wpbits: Assertion `wpnum < sd->wpgrps_size' failed.
Reported-by: OSS-Fuzz (Issue 29225)
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/450
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Bin Meng <bmeng.cn@gmail.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20210702155900.148665-4-f4bug@amsat.org>
Move some ADC file to where they belong and move some sensors to a
sensor directory, since with new BMCs coming in lots of different
sensors should be coming in. Keep from cluttering things up.
Add support for I2C PMBus devices.
Replace the confusing and error-prone i2c_send_recv and i2c_transfer with
specific send and receive functions. Several errors have already been
made with these, avoid any new errors.
Fix the watchdog_expired field in the IPMI watchdog, it's not a bool,
it's a u8. After a vmstate transfer, the new value could be wrong.
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEE/Q1c5nzg9ZpmiCaGYfOMkJGb/4EFAmDoeGAACgkQYfOMkJGb
/4HpkQ//YLAddy3Kqo5LbyI0BPxcx567htHH34XXp4Pz22DcAoPvZRyRlsGiAAcR
HRmqjSXNBan+KhlA82coczHUami8C+9NQAfnABf7Mv4CQnvf9Hziy9YR0riTAgEk
Xfc25eYYK5dzfOHVVbp2KJ2IWPo/sY3UqbIKu9MyYzriNpzIuT5NW1aGjIrhW7Js
2feeIHxH4fEXzhkkgMKMJfXdxkYyD78mB3IfnpVCnoODq3fMZXtMskRDHWjdMEnT
0u53zeQd5T0jElLZXlwDKAd9QpiPWVnfTJwND3fwWjSMIAVkd7kTqJbVtHpYJMWB
amOR9qsw72r/WIOow4lLbSjS57GbyEjB344dtlrzHhhW68y9SGbtaSXWD/imkAfB
NhLlMzNzsIb+dHZhAwdEgmg4Nz/1HZngiK4Awk2YFBVCn7G6BqAvpMwLGdYYr3Az
P4EPs0aVdGYBbcN5XxAwkKEqESrzF+iF7iZvNTocdSJSCV+ebFNLlZWIq/aXS1TA
IED1mBmyc/drWF+jA0D520uafT1m+zN4HhPvHpRyK65bqqiH2veDpK20kz0lwQe8
e2ZeDVG2oVTMIQ+mmyu7kD9xgxjmapoHz64K1VkUwsnXE3jp9yqfa17B9vHOjqkq
e/iaHiek8xeTWWyoShGk2zoAHBChkwSy/Y2JuZA6FXRnoU6kKsg=
=8708
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/cminyard/tags/for-qemu-6.1-2' into staging
Some qemu updates for IPMI and I2C
Move some ADC file to where they belong and move some sensors to a
sensor directory, since with new BMCs coming in lots of different
sensors should be coming in. Keep from cluttering things up.
Add support for I2C PMBus devices.
Replace the confusing and error-prone i2c_send_recv and i2c_transfer with
specific send and receive functions. Several errors have already been
made with these, avoid any new errors.
Fix the watchdog_expired field in the IPMI watchdog, it's not a bool,
it's a u8. After a vmstate transfer, the new value could be wrong.
# gpg: Signature made Fri 09 Jul 2021 17:25:04 BST
# gpg: using RSA key FD0D5CE67CE0F59A6688268661F38C90919BFF81
# gpg: Good signature from "Corey Minyard <cminyard@mvista.com>" [unknown]
# gpg: aka "Corey Minyard <minyard@acm.org>" [unknown]
# gpg: aka "Corey Minyard <corey@minyard.net>" [unknown]
# gpg: aka "Corey Minyard <minyard@mvista.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FD0D 5CE6 7CE0 F59A 6688 2686 61F3 8C90 919B FF81
* remotes/cminyard/tags/for-qemu-6.1-2: (24 commits)
tests/qtest: add tests for MAX34451 device model
hw/misc: add MAX34451 device
tests/qtest: add tests for ADM1272 device model
hw/misc: add ADM1272 device
hw/i2c: add support for PMBus
ipmi/sim: fix watchdog_expired data type error in IPMIBmcSim struct
hw/i2c: Introduce i2c_start_recv() and i2c_start_send()
hw/i2c: Extract i2c_do_start_transfer() from i2c_start_transfer()
hw/i2c: Make i2c_start_transfer() direction argument a boolean
hw/i2c: Rename i2c_set_slave_address() -> i2c_slave_set_address()
hw/i2c: Remove confusing i2c_send_recv()
hw/misc/auxbus: Replace i2c_send_recv() by i2c_recv() & i2c_send()
hw/misc/auxbus: Replace 'is_write' boolean by its value
hw/misc/auxbus: Explode READ_I2C / WRITE_I2C_MOT cases
hw/misc/auxbus: Fix MOT/classic I2C mode
hw/i2c/ppc4xx_i2c: Replace i2c_send_recv() by i2c_recv() & i2c_send()
hw/i2c/ppc4xx_i2c: Add reference to datasheet
hw/display/sm501: Replace i2c_send_recv() by i2c_recv() & i2c_send()
hw/display/sm501: Simplify sm501_i2c_write() logic
hw/input/lm832x: Define TYPE_LM8323 in public header
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
New mini-kernel test for STM32VLDISCOVERY USART1.
Signed-off-by: Alexandre Iooss <erdnaxe@crans.org>
Acked-by: Thomas Huth <thuth@redhat.com>
Acked-by: Alistair Francis <alistair.francis@wdc.com>
Message-id: 20210617165647.2575955-5-erdnaxe@crans.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The PAPR platform describes an OS environment that's presented by
a combination of a hypervisor and firmware. The features it specifies
require collaboration between the firmware and the hypervisor.
Since the beginning, the runtime component of the firmware (RTAS) has
been implemented as a 20 byte shim which simply forwards it to
a hypercall implemented in qemu. The boot time firmware component is
SLOF - but a build that's specific to qemu, and has always needed to be
updated in sync with it. Even though we've managed to limit the amount
of runtime communication we need between qemu and SLOF, there's some,
and it has become increasingly awkward to handle as we've implemented
new features.
This implements a boot time OF client interface (CI) which is
enabled by a new "x-vof" pseries machine option (stands for "Virtual Open
Firmware). When enabled, QEMU implements the custom H_OF_CLIENT hcall
which implements Open Firmware Client Interface (OF CI). This allows
using a smaller stateless firmware which does not have to manage
the device tree.
The new "vof.bin" firmware image is included with source code under
pc-bios/. It also includes RTAS blob.
This implements a handful of CI methods just to get -kernel/-initrd
working. In particular, this implements the device tree fetching and
simple memory allocator - "claim" (an OF CI memory allocator) and updates
"/memory@0/available" to report the client about available memory.
This implements changing some device tree properties which we know how
to deal with, the rest is ignored. To allow changes, this skips
fdt_pack() when x-vof=on as not packing the blob leaves some room for
appending.
In absence of SLOF, this assigns phandles to device tree nodes to make
device tree traversing work.
When x-vof=on, this adds "/chosen" every time QEMU (re)builds a tree.
This adds basic instances support which are managed by a hash map
ihandle -> [phandle].
Before the guest started, the used memory is:
0..e60 - the initial firmware
8000..10000 - stack
400000.. - kernel
3ea0000.. - initramdisk
This OF CI does not implement "interpret".
Unlike SLOF, this does not format uninitialized nvram. Instead, this
includes a disk image with pre-formatted nvram.
With this basic support, this can only boot into kernel directly.
However this is just enough for the petitboot kernel and initradmdisk to
boot from any possible source. Note this requires reasonably recent guest
kernel with:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=df5be5be8735
The immediate benefit is much faster booting time which especially
crucial with fully emulated early CPU bring up environments. Also this
may come handy when/if GRUB-in-the-userspace sees light of the day.
This separates VOF and sPAPR in a hope that VOF bits may be reused by
other POWERPC boards which do not support pSeries.
This assumes potential support for booting from QEMU backends
such as blockdev or netdev without devices/drivers used.
Signed-off-by: Alexey Kardashevskiy <aik@ozlabs.ru>
Message-Id: <20210625055155.2252896-1-aik@ozlabs.ru>
Reviewed-by: BALATON Zoltan <balaton@eik.bme.hu>
[dwg: Adjusted some includes which broke compile in some more obscure
compilation setups]
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Signed-off-by: Titus Rwantare <titusr@google.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-Id: <20210708172556.1868139-6-titusr@google.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Signed-off-by: Titus Rwantare <titusr@google.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-Id: <20210708172556.1868139-4-titusr@google.com>
Signed-off-by: Corey Minyard <cminyard@mvista.com>
* Generalize XSAVE area offset so that it matches AMD processors on KVM
* Improvements for -display and deprecation of -no-quit
* Enable SMP configuration as a compound machine property ("-M smp.cpus=...")
* Haiku compilation fix
* Add icon on Darwin
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmDkB7sUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroOISgf+Nn5BiXQRY52DK/2PoG330F6UeOcp
kWFAE4k4qEktDiCcd5xKekiUd7h+TiRS8bLeycmRtiSXvbzXioE2eCelui0SZDQl
zpIb8wV2WaxrD/zUYPV7r5n+VFAaTCm9lUEzzqnwaThBG/Oat45gnossZEIWv85g
KtQMsSh3pc+KpTjWbIA8V01ohzwFE2q7cA9CB/pDgR3h8M5p4K0ZdaPoAO2auhvu
2sbu9oBl1JwqpIhPme9JR6Je5fMCILBRlXTvPgJ/0iaGdxcNmZxoflO/TZVFB1pl
tUiCu0GB0yEasMO1E6+cP7ezhm15Lz3vKqjr/boV5Y9osfU36k9xkLTvAg==
=itIm
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
* More Meson test conversions and configure cleanups
* Generalize XSAVE area offset so that it matches AMD processors on KVM
* Improvements for -display and deprecation of -no-quit
* Enable SMP configuration as a compound machine property ("-M smp.cpus=...")
* Haiku compilation fix
* Add icon on Darwin
# gpg: Signature made Tue 06 Jul 2021 08:35:23 BST
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream: (40 commits)
config-host.mak: remove unused compiler-related lines
Set icon for QEMU binary on Mac OS
qemu-option: remove now-dead code
machine: add smp compound property
vl: switch -M parsing to keyval
keyval: introduce keyval_parse_into
keyval: introduce keyval_merge
qom: export more functions for use with non-UserCreatable objects
configure: convert compiler tests to meson, part 6
configure: convert compiler tests to meson, part 5
configure: convert compiler tests to meson, part 4
configure: convert compiler tests to meson, part 3
configure: convert compiler tests to meson, part 2
configure: convert compiler tests to meson, part 1
configure: convert HAVE_BROKEN_SIZE_MAX to meson
configure, meson: move CONFIG_IVSHMEM to meson
meson: store dependency('threads') in a variable
meson: sort existing compiler tests
configure, meson: convert libxml2 detection to meson
configure, meson: convert liburing detection to meson
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Make -smp syntactic sugar for a compound property "-machine
smp.{cores,threads,cpu,...}". machine_smp_parse is replaced by the
setter for the property.
numa-test will now cover the new syntax, while other tests
still use -smp.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
To lower the entry level for new developers, add a link to the 9p
developer docs (i.e. qemu wiki) to MAINTAINERS and to the beginning of
9p source files, that is to: https://wiki.qemu.org/Documentation/9p
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Acked-by: Greg Kurz <groug@kaod.org>
Message-Id: <E1leeDf-0008GZ-9q@lizzy.crudebyte.com>
Add dirty ring test if kernel supports it. Add the dirty ring parameter on
source should be mostly enough, but let's change the dest too to make them
match always.
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Peter Xu <peterx@redhat.com>
Message-Id: <20210615175523.439830-3-peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
The I/O sampling rate range is enforced to 5000 to 45000HZ according to
commit a2cd86a9. Setting I/O sampling rate with command 41h/42h, a guest
user can break this assumption and trigger an assertion in audio_calloc
via command 0xd4. This patch restricts the I/O sampling rate range for
command 41h/42h.
Fixes: 85571bc741 ("audio merge (malc)")
Signed-off-by: Qiang Liu <cyruscyliu@gmail.com>
Message-Id: <1624502687-5214-1-git-send-email-cyruscyliu@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Use memory_region_size() to get the MemoryRegion size,
and display it with the '0x' prefix.
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210612195842.1595999-1-f4bug@amsat.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Leading underscores followed by a capital letter or underscore are
reserved by the C standard.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/369
Signed-off-by: Ahmed Abouzied <email@aabouzied.com>
Message-Id: <20210605174938.13782-1-email@aabouzied.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Lots of this are expected to be coming in, create a directory for them.
Also move the tmp105.h file into the include directory where it
should be.
Cc: Cédric Le Goater <clg@kaod.org>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Andrew Jeffery <andrew@aj.id.au>
Cc: Joel Stanley <joel@jms.id.au>
Cc: Andrzej Zaborowski <balrogg@gmail.com>
Cc: qemu-arm@nongnu.org
Signed-off-by: Corey Minyard <cminyard@mvista.com>
Acked-by: Cédric Le Goater <clg@kaod.org>
While the SB16 seems to work up to 48000 Hz, the "Sound Blaster Series
Hardware Programming Guide" limit the sampling range from 4000 Hz to
44100 Hz (Section 3-9, 3-10: Digitized Sound I/O Programming, tables
3-2 and 3-3).
Later, section 6-15 (DSP Commands) is more specific regarding the 41h /
42h registers (Set digitized sound output sampling rate):
Valid sampling rates range from 5000 to 45000 Hz inclusive.
There is no comment regarding error handling if the register is filled
with an out-of-range value. (See also section 3-28 "8-bit or 16-bit
Auto-initialize Transfer"). Assume limits are enforced in hardware.
This fixes triggering an assertion in audio_calloc():
#1 abort
#2 audio_bug audio/audio.c:119:9
#3 audio_calloc audio/audio.c:154:9
#4 audio_pcm_sw_alloc_resources_out audio/audio_template.h:116:15
#5 audio_pcm_sw_init_out audio/audio_template.h:175:11
#6 audio_pcm_create_voice_pair_out audio/audio_template.h:410:9
#7 AUD_open_out audio/audio_template.h:503:14
#8 continue_dma8 hw/audio/sb16.c:216:20
#9 dma_cmd8 hw/audio/sb16.c:276:5
#10 command hw/audio/sb16.c:0
#11 dsp_write hw/audio/sb16.c:949:13
#12 portio_write softmmu/ioport.c:205:13
#13 memory_region_write_accessor softmmu/memory.c:491:5
#14 access_with_adjusted_size softmmu/memory.c:552:18
#15 memory_region_dispatch_write softmmu/memory.c:0:13
#16 flatview_write_continue softmmu/physmem.c:2759:23
#17 flatview_write softmmu/physmem.c:2799:14
#18 address_space_write softmmu/physmem.c:2891:18
#19 cpu_outw softmmu/ioport.c:70:5
[*] http://www.baudline.com/solutions/full_duplex/sb16_pci/index.html
OSS-Fuzz Report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=29174
Fixes: 85571bc741 ("audio merge (malc)")
Buglink: https://bugs.launchpad.net/bugs/1910603
Tested-by: Qiang Liu <cyruscyliu@gmail.com>
Reviewed-by: Qiang Liu <cyruscyliu@gmail.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210616104349.2398060-1-f4bug@amsat.org>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Add test for issue #345
Signed-off-by: Kit Westneat <kit.westneat@gmail.com>
Message-Id: <20210603142022.676395-1-kit.westneat@gmail.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Coverity points out that in tpm_test_swtpm_migration_test() we
assume that src_tpm_addr and dst_tpm_addr are non-NULL (we
pass them to tpm_util_migration_start_qemu() which will
unconditionally dereference them) but then later explicitly
check them for NULL. Remove the pointless checks.
Fixes: Coverity CID 1432367, 1432359
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Message-id: 20210525134458.6675-6-peter.maydell@linaro.org
Coverity points out that we calculate a 64-bit value using 32-bit
arithmetic; add the cast to force the multiply to be done as 64-bits.
(The overflow will never happen with the current test data.)
Fixes: Coverity CID 1432320
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Message-id: 20210525134458.6675-5-peter.maydell@linaro.org
Coverity notices that the checks against mkstemp() failing in
create_qcow2_with_mbr() are wrong: mkstemp returns -1 on failure but
the check is just "g_assert(fd)". Fix to use "g_assert(fd >= 0)",
matching the correct check in create_test_img().
Fixes: Coverity CID 1432274
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Message-id: 20210525134458.6675-4-peter.maydell@linaro.org
The e1000e_send_verify() test calls qemu_recv() but doesn't
check that the call succeeded, which annoys Coverity. Add
an explicit test check for the length of the data.
(This is a test check, not a "we assume this syscall always
succeeds", so we use g_assert_cmpint() rather than g_assert().)
Fixes: Coverity CID 1432324
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Message-id: 20210525134458.6675-3-peter.maydell@linaro.org
Coverity notes that we don't check for dup2() failing. Add some
assertions so that if it does ever happen we get some indication.
(This is similar to how we handle other "don't expect this syscall to
fail" checks in this test code.)
Fixes: Coverity CID 1432346
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Message-id: 20210525134458.6675-2-peter.maydell@linaro.org
On Fedora 32, using clang (version 10.0.1-3.fc32) we get:
tests/qtest/fuzz/fuzz.c:237:5: error: implicit declaration of function 'qemu_init' is invalid in C99 [-Werror,-Wimplicit-function-declaration]
qemu_init(result.we_wordc, result.we_wordv, NULL);
^
qemu_init() is declared in "sysemu/sysemu.h", include this
header to fix.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210513162008.3922223-1-philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Exercise input validation code paths in
block/export/vhost-user-blk-server.c.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210309094106.196911-5-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210322092327.150720-4-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210309094106.196911-4-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210322092327.150720-3-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
This test case has the same tests as tests/virtio-blk-test.c except for
tests have block_resize. Since the vhost-user-blk export only serves one
client one time, two exports are started by qemu-storage-daemon for the
hotplug test.
Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Coiby Xu <coiby.xu@gmail.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210309094106.196911-3-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210322092327.150720-2-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Coverity notices that several places in the migration-test code fail
to free memory in error-exit paths. This is pretty unimportant in
test case code, but we can avoid having to manually free the memory
entirely by using g_autofree.
The places where Coverity spotted a leak were relating to early exits
not freeing 'uri' in test_precopy_unix(), do_test_validate_uuid(),
migrate_postcopy_prepare() and test_migrate_auto_converge(). This
patch converts all the string-allocation in the test code to
g_autofree for consistency.
Fixes: Coverity CID 1432313, 1432315, 1432352, 1432364
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20210506185819.9010-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
For us, assertions are always enabled, but side-effect expressions
inside the argument to g_assert() are bad style anyway. Fix three
occurrences in IPMI related tests, which will silence some Coverity
nits.
Fixes: CID 1432322, CID 1432287, CID 1432291
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210503165525.26221-4-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
In rtc-test.c we know that s is non-NULL because qtest_start()
will return a non-NULL value, and we assume this when we
pass s to qtest_irq_intercept_in(). So we can drop the
initial assignment of NULL and the "if (s)" condition at
the end of the function.
Fixes: Coverity CID 1432353
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210503165525.26221-3-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
tpm_util_migration_start_qemu() allocates memory with g_strdup_printf()
but frees it with free() rather than g_free(), which provokes Coverity
complaints (CID 1432379, 1432350). Use the correct free function.
Fixes: Coverity CID 1432379, CID 1432350
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210503165525.26221-2-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Accidental use of "true" as a boolean; spotted by coverity
and Peter.
Fixes: b99784ef6c
Fixes: d795f47466
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Reported-by: Coverity (CID 1432373, 1432292, 1432288)
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210504100545.112213-1-dgilbert@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
In the glib API, the distinction between g_assert() and
g_assert_true() is that the former is for "bug, terminate the
application" and the latter is for "test check, on failure either
terminate or just mark the testcase as failed". For QEMU, g_assert()
is always fatal, so code can assume that if the assertion fails
execution does not proceed, but this is not true of g_assert_true().
In npcm7xx_pwm-test, the pwm_index() and pwm_module_index() functions
include some assertions that are just guarding against possible bugs
in the test code that might lead us to out-of-bounds array accesses.
These should use g_assert() because they aren't part of what the test
is testing and the code does not correctly handle the case where the
condition was false.
This fixes some Coverity issues where Coverity knows that
g_assert_true() can continue when the condition is false and
complains about the possible array overrun at various callsites.
Fixes: Coverity CID 1442340, 1442341, 1442343, 1442344, 1442345, 1442346
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Havard Skinnemoen <hskinnemoen@google.com>
Message-Id: <20210505135516.21097-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Coverity notes that when calculating the 64-bit iso_size value in
ahci_test_cdrom() we actually only do it with 32-bit arithmetic.
This doesn't matter for the current test code because nsectors is
always small; but adding the cast avoids the coverity complaints.
Fixes: Coverity CID 1432343
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-Id: <20210506194358.3925-1-peter.maydell@linaro.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Some downstreams rename the QEMU binary to "qemu-kvm". This breaks
qtest_get_arch(), which attempts to parse the target architecture from
the QTEST_QEMU_BINARY environment variable.
Print an error instead of returning the architecture "kvm". Things fail
in weird ways when the architecture string is bogus.
Arguably qtests should always be run in a build directory instead of
against an installed QEMU. In any case, printing a clear error when this
happens is helpful.
Since this is an error that is triggered by the user and not a test
failure, use exit(1) instead of abort(). Change the existing abort()
call in qtest_get_arch() to exit(1) too for the same reason and to be
consistent.
Reported-by: Qin Wang <qinwang@rehdat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Cc: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Message-Id: <20210412143050.725918-1-stefanha@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20210412143437.727560-2-stefanha@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Target unicore32 was deprecated in commit 8e4ff4a8d2, v5.2.0. See
there for rationale.
Cc: Guan Xuetao <gxt@mprc.pku.edu.cn>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210503084034.3804963-3-armbru@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Target lm32 was deprecated in commit d849800512, v5.2.0. See there
for rationale.
Some of its code lives on in device models derived from milkymist
ones: hw/char/digic-uart.c and hw/display/bcm2835_fb.c.
Cc: Michael Walle <michael@walle.cc>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210503084034.3804963-2-armbru@redhat.com>
Acked-by: Michael Walle <michael@walle.cc>
[Trivial conflicts resolved, reST markup fixed]
There are no known users of this CPU anymore, and there are no
binaries available online which could be used for regression tests,
so the code has likely completely bit-rotten already. It's been
marked as deprecated since two releases now and nobody spoke up
that there is still a need to keep it, thus let's remove it now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210430160355.698194-1-thuth@redhat.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
[Commit message typos fixed, trivial conflicts resolved]
Signed-off-by: Markus Armbruster <armbru@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQJGBAABCAAwFiEEzS913cjjpNwuT1Fz8ww4vT8vvjwFAmCPtbASHGxhdXJlbnRA
dml2aWVyLmV1AAoJEPMMOL0/L748I3wP/Al7yi77BMpts1t3lGMm7EBjKgkppnpr
wZYEM68bJonvvGiEKQjexn1CUfnDcq7f5SZkzcUNLI4oP57pyywb4/gshN0k/Zz8
uCDveMfnhbio2sqlXiMsH9TOhcv/4wtXAek/ghP7EOjkBvyXrAFIQ7eEPEB9cp+X
xxs9DxqfWmrGB6vt7Er78zjfUETSMa+UrheVLwbRMhJcc0Bg8hT2DCn9Lw6IjfOy
usWdrLTGc6qg1zdZzi8QR7jZ+bNx0h+aJLlm8M4cVitXq9v2wb3+6KdsOAeYioAE
AsnClw0m8j/xtMh3g4/hB4oCxMj0jRdZ9GIGs8Didw5ZwkXTRvFM1GK1PHxqX4pF
8xMW6Qq0bSUr4II6bPOukBUMUAnPYdkh+iHXsYSZG0I3u6VZLgMK3AXmKRukAYqe
kQ1lcRe3Lwsp2h+jMBBsbCWhwYdA3THFO4YO31cUaZ191A7z57905QMbqJG/H3HB
7IUBYBNbrhgysPsNBvY6Lr7yUJIocMgcfP36UHYcBPsDdZgjNCQZneJlkaRlQb8+
CtUSF8D614EguzGsWaIn3uBSm9THKKLd1rSXCyTSgrXDI285mXlKmEWZvm236ew0
OEmIz/Ach/R4268j76enYGa1aubsxnrphUfC3aePu0Wzd3QW4RxnCSq7wc4ARPw7
WTL7J00P578h
=aCeG
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/vivier2/tags/trivial-branch-for-6.1-pull-request' into staging
Trivial patches pull request 20210503
# gpg: Signature made Mon 03 May 2021 09:34:56 BST
# gpg: using RSA key CD2F75DDC8E3A4DC2E4F5173F30C38BD3F2FBE3C
# gpg: issuer "laurent@vivier.eu"
# gpg: Good signature from "Laurent Vivier <lvivier@redhat.com>" [full]
# gpg: aka "Laurent Vivier <laurent@vivier.eu>" [full]
# gpg: aka "Laurent Vivier (Red Hat) <lvivier@redhat.com>" [full]
# Primary key fingerprint: CD2F 75DD C8E3 A4DC 2E4F 5173 F30C 38BD 3F2F BE3C
* remotes/vivier2/tags/trivial-branch-for-6.1-pull-request: (23 commits)
hw/rx/rx-gdbsim: Do not accept invalid memory size
docs: More precisely describe memory-backend-*::id's user
scripts: fix generation update-binfmts templates
docs/system: Document the removal of "compat" property for POWER CPUs
mc146818rtc: put it into the 'misc' category
Do not include exec/address-spaces.h if it's not really necessary
Do not include cpu.h if it's not really necessary
Do not include hw/boards.h if it's not really necessary
Do not include sysemu/sysemu.h if it's not really necessary
hw: Do not include qemu/log.h if it is not necessary
hw: Do not include hw/irq.h if it is not necessary
hw: Do not include hw/sysbus.h if it is not necessary
hw: Remove superfluous includes of hw/hw.h
ui: Fix memory leak in qemu_xkeymap_mapping_table()
hw/usb: Constify VMStateDescription
hw/display/qxl: Constify VMStateDescription
hw/arm: Constify VMStateDescription
vmstate: Constify some VMStateDescriptions
Fix typo in CFI build documentation
hw/pcmcia: Do not register PCMCIA type if not required
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Stop including exec/address-spaces.h in files that don't need it.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210416171314.2074665-5-thuth@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Stop including sysemu/sysemu.h in files that don't need it.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20210416171314.2074665-2-thuth@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
The m25p80 test depends on the Aspeed SMC controller to test our
SPI-NOR flash support. Reflect this dependency by changing the name.
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Joel Stanley <joel@jms.id.au>
Message-Id: <20210407171637.777743-17-clg@kaod.org>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
This adds a test for the Aspeed Hash and Crypto (HACE) engine. It tests
the currently implemented behavior of the hash functionality.
The tests are similar, but are cut/pasted instead of broken out into a
common function so the assert machinery produces useful output when a
test fails.
Co-developed-by: Cédric Le Goater <clg@kaod.org>
Co-developed-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Klaus Heinrich Kiwi <klaus@linux.vnet.ibm.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Joel Stanley <joel@jms.id.au>
Message-Id: <20210409000253.1475587-4-joel@jms.id.au>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
Use the autogenerated fuzzer test cases as the basis for a set of am53c974
regression tests.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Tested-by: Alexander Bulekov <alxndr@bu.edu>
Message-Id: <20210407195801.685-13-mark.cave-ayland@ilande.co.uk>
Several issues has been reported for query-netdev series. Consider
it's late in the rc, this reverts commit
3c3b656885.
Signed-off-by: Jason Wang <jasowang@redhat.com>
After introducing non-scalar machine properties, it would be preferrable
to have a single acpitable property which includes both generic
information (such as the OEM ids) and custom tables currently
passed via -acpitable.
Do not saddle ourselves with legacy oem-id and oem-table-id
properties, instead mark them as experimental.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210402082128.13854-1-pbonzini@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The function flatview_for_each_range() calls a callback for each
range in a FlatView. Currently the callback gets the start and
length of the range and the MemoryRegion involved, but not the offset
within the MemoryRegion. Add this to the callback's arguments; we're
going to want it for a new use in the next commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210318174823.18066-4-peter.maydell@linaro.org
The return value of the flatview_cb callback passed to the
flatview_for_each_range() function is zero if the iteration through
the ranges should continue, or non-zero to break out of it. Use a
bool for this rather than int.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210318174823.18066-2-peter.maydell@linaro.org
Clean up the writes to the configuration space and the PM region, and
rename the test to lpc-ich9-test.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
qemu-fuzz-i386-target-generic-fuzz-sdhci-v3 uses -drive=sd where it
should use -drive if=none instead. This prints a deprecation warning:
$ ./build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-sdhci-v3 -runs=1 -seed=1
[ASan warnings snipped...]
--> i386: -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive: warning: bogus if=sd is deprecated, use if=none
INFO: Seed: 1
[More normal output snipped...]
Support for this usage will be gone soon. Adjust the test.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210319132008.1830950-1-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
The 'props' option has been deprecated in 5.0 in favour of a flattened
object-add command. Time to change our test cases to drop the deprecated
option.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
The newer 'query-cpus-fast' command avoids side effects on the guest
execution. Note that some of the field names are different in the
'query-cpus-fast' command.
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Tested-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The generic 'migrate_set_parameters' command handle all types of param.
Only the QMP commands were documented in the deprecations page, but the
rationale for deprecating applies equally to HMP, and the replacements
exist. Furthermore the HMP commands are just shims to the QMP commands,
so removing the latter breaks the former unless they get re-implemented.
Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
The generic-fuzzer often provides randomized DMA addresses to
virtual-devices. For a 64-bit address-space, the chance of these
randomized addresses coinciding with RAM regions, is fairly small. Even
though the fuzzer's instrumentation eventually finds valid addresses,
this can take some-time, and slows-down fuzzing progress (especially,
when multiple DMA buffers are involved). To work around this, create
"fake" sparse-memory that spans all of the 64-bit address-space. Adjust
the DMA call-back to populate this sparse memory, correspondingly
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
I noticed that with a sufficiently small timeout, the fuzzer fork-server
sometimes locks up. On closer inspection, the issue appeared to be
caused by entering our SIGALRM handler, while libfuzzer is in it's crash
handlers. Because libfuzzer relies on pipe communication with an
external child process to print out stack-traces, we shouldn't exit
early, and leave an orphan child. Check for children in the SIGALRM
handler to avoid this issue.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Darren Kenny <darren.kenny@oracle.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The device-type names for the pro100 network cards, are i8255.. We were
matching "eepro", which catches the PCI PIO/MMIO regions for those
devices, however misses the actual PCI device, which we use to map the
BARs, before fuzzing. Fix that
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This test fails when QEMU is built without the virtio-scsi device,
restrict it to its availability.
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This test fails when QEMU is built without the megasas device,
restrict it to its availability.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
A simply qtest that checks for correct number of netdevs in the response
of the query-netdev.
Signed-off-by: Alexey Kirillov <lekiravi@yandex-team.ru>
Acked-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
This patch adds testing of PWM fan RPMs in the existing npcm7xx pwm
test. It tests whether the MFT module can measure correct fan values
for a PWM fan in NPCM7XX boards.
Reviewed-by: Doug Evans <dje@google.com>
Reviewed-by: Tyrone Ting <kfting@nuvoton.com>
Signed-off-by: Hao Wu <wuhaotsh@google.com>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20210311180855.149764-6-wuhaotsh@google.com
[PMM: fixed format strings for printing uint64_t]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* Add new mps3-an547 board
* target/arm: Restrict v7A TCG cpus to TCG accel
* Implement a Xilinx CSU DMA model
* hw/timer/renesas_tmr: Fix use of uninitialized data in read_tcnt()
-----BEGIN PGP SIGNATURE-----
iQJMBAABCAA3FiEE4aXFk81BneKOgxXPPCUl7RQ2DN4FAmBI0AQZHHBldGVyLm1h
eWRlbGxAbGluYXJvLm9yZwAKCRA8JSXtFDYM3n1WD/iXrX/YMZDrBOzP5h6sE5W/
W5tiTJBCKskRW1HduJjObFFl29yuiTzYld7+zfOTQUFgecpCN8q7AHuN0y9Sg+9B
cyHNHwseOfkHE4CGe2ImjmpYSZUUEkQBtCN2OmJjsaiEoK/eZCIErPw4JMUcusLL
VPccPjXS92WtqQkGshNYribMOhZnuBcvX/LsT7IL8THDVPv8OECIeq8ewTZtLMe/
l/x3D3PJ56q69EFMnYt6TS1cd9OtD7pw3Jnbfv0iStE/TiJQB92ft8H07kpE6KVI
jhRkhyVBnrVI2deTFcFC+rZDQggzWGRVAbUzMikZOZycUML/zjJKEIGM2V6iCHmL
bQMUOTR4GLFbVyabJ/IH6YoCFS+8hUboyQXQL0gOKtcJiryoDI3AjyKNjxRbIY3b
qEV3xQYTtrS7mdrwQZqwH6Rs/54jDyX7eBNWfZwq4dOQKvnTQPQEj6iWmj4rOvma
McWbhu6bAfU6ZINOxkr8HcG/AxF3IYw9Gtb8KRg7/87JRvNvxj++kqqjSRRLU4Co
QUYuQnpd+ux7eSXKcRfnzd27iaZ++dKJMct4Gq8i0VASb+uk+xmkG2MiGEBVSJv8
kIK5NLzDGjWjrZd366uAUtHBnWktP/5J4DKq1XKx0mtrkt7tbU6Oh90a7rSiOgur
LtpGH4IPQDwp/YGXZD86
=Qu2a
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20210310' into staging
target-arm queue:
* Add new mps3-an547 board
* target/arm: Restrict v7A TCG cpus to TCG accel
* Implement a Xilinx CSU DMA model
* hw/timer/renesas_tmr: Fix use of uninitialized data in read_tcnt()
# gpg: Signature made Wed 10 Mar 2021 13:56:20 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20210310: (54 commits)
hw/timer/renesas_tmr: Fix use of uninitialized data in read_tcnt()
hw/timer/renesas_tmr: Prefix constants for CSS values with CSS_
hw/ssi: xilinx_spips: Remove DMA related dead codes from zynqmp_spips
hw/ssi: xilinx_spips: Clean up coding convention issues
hw/arm: xlnx-zynqmp: Connect a Xilinx CSU DMA module for QSPI
hw/arm: xlnx-zynqmp: Clean up coding convention issues
hw/dma: Implement a Xilinx CSU DMA model
target/arm: Restrict v7A TCG cpus to TCG accel
tests/qtest/sse-timer-test: Test counter scaling changes
tests/qtest/sse-timer-test: Test the system timer
tests/qtest/sse-timer-test: Add simple test of the SSE counter
docs/system/arm/mps2.rst: Document the new mps3-an547 board
hw/arm/mps2-tz: Add new mps3-an547 board
hw/arm/mps2-tz: Make initsvtor0 setting board-specific
hw/arm/mps2-tz: Support running APB peripherals on different clock
hw/misc/mps2-scc: Implement changes for AN547
hw/misc/mps2-fpgaio: Support AN547 DBGCTRL register
hw/misc/mps2-fpgaio: Fold counters subsection into main vmstate
hw/arm/mps2-tz: Make UART overflow IRQ board-specific
hw/arm/armsse: Add SSE-300 support
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
These flags cause the output to look strange for 'make check', and
they aren't needed to reproduce bugs, if they reappear.
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Message-Id: <20210216181316.794276-1-alxndr@bu.edu>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Change documentation style and fix minor typos in tests/qtest/libqos/qgraph.h
to automatically generate sphinx documentation in docs/devel/qgraph.rst
The mechanism explanation that once was in qgraph.h is now moved to qgraph.rst
There is no functional change intended.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Message-Id: <20210308073240.6363-1-eesposit@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
Test that when we change the scaling of the system counter that the
system timer responds appropriately.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Add a test which tests various parts of the functionality of the
SSE system timer.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Add a simple qtest to exercise the new system counter device in the
SSE-300.
We'll add tests of the system timer device here too, so this includes
scaffolding (register definitions, etc) for those.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Tested-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210219144617.4782-45-peter.maydell@linaro.org
Add a function to remove previously-added abrt handler functions.
Now that a symmetric pair of add/remove functions exists we can also
balance the SIGABRT handler installation. The signal handler was
installed each time qtest_add_abrt_handler() was called. Now it is
installed when the abrt handler list becomes non-empty and removed again
when the list becomes empty.
The qtest_remove_abrt_handler() function will be used by
vhost-user-blk-test.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Message-Id: <20210223144653.811468-5-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Tests that manage multiple processes may wish to kill QEMU before
destroying the QTestState. Expose a function to do that.
The vhost-user-blk-test testcase will need this.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Message-Id: <20210223144653.811468-4-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Add an API that returns a new UNIX domain socket in the listen state.
The code for this was already there but only used internally in
init_socket().
This new API will be used by vhost-user-blk-test.
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Message-Id: <20210223144653.811468-3-stefanha@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Adjust the timeouts for the benchmarks (Meson 0.57 allows 0 to mean
infinite) and for the longest running tests. These are the
times that I measured and the corresponding timeouts. For generic
qtests, the target that reported the longest runtime is included.
unit tests:
test-crypto-tlscredsx509 13.15s 45s
test-crypto-tlssession 14.12s 45s
qtests:
qos-test 21.26s 60s (i386)
ahci-test 22.18s 60s
pxe-test 26.51s 60s
boot-serial-test 28.02s 60s (sparc)
prom-env-test 28.86s 60s
bios-tables-test 50.17s 120s (aarch64)
test-hmp 57.15s 120s (aarch64)
npcm7xx_pwm-test 71.27s 150s
migration-test 97.09s 150s (aarch64)
qom-test 139.20s 240s (aarch64)
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* target/i386: Add bus lock debug exception support (Chenyi)
* update documentation for preferred boolean option syntax (Daniel)
* make SCSI io_timeout configurable (Hannes)
* fix handling of guest recoverable SCSI errors (myself)
* misc fixes (Pavel, Zheng Zhan Liang, Zihao)
* fix installation of binaries with entitlements (Akihiko)
-----BEGIN PGP SIGNATURE-----
iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmA3tzQUHHBib256aW5p
QHJlZGhhdC5jb20ACgkQv/vSX3jHroMsngf+OkbgTDouxq3qnn1K89n6j2wKlAj0
qPP+57o1sv5u5MjX0BkawXCMJfvTKJaOt/Cs8S0FaPTehfR5H0T2tL76KZBEdlEP
/+V3EC0Qmd1S47LKIOuDkV15szvnccyjpgwaL7Osjb0Eh0SxeXd4pBTc3yYtkacu
zb/srZ63U2iJZr93QwGmEJjuW57WNym6QWXF3Mrg9PFXybkXFTGumB2vZMlQc+MN
RWPTUKZKAiIr/HfdvpIETXY+HzJhylvIQ8OVWtM3XDorl48OWcOat/jyeNEVYgG3
o+gxIRnfvIL+42GkmUFbOKLzT5SV6p9EYYGLTuE1kU7nc6HWoD0CdPxA3A==
=UBVO
-----END PGP SIGNATURE-----
Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into staging
* fix --enable-fuzzing linker failures (Alexander)
* target/i386: Add bus lock debug exception support (Chenyi)
* update documentation for preferred boolean option syntax (Daniel)
* make SCSI io_timeout configurable (Hannes)
* fix handling of guest recoverable SCSI errors (myself)
* misc fixes (Pavel, Zheng Zhan Liang, Zihao)
* fix installation of binaries with entitlements (Akihiko)
# gpg: Signature made Thu 25 Feb 2021 14:41:56 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream: (29 commits)
tcg/i386: rdpmc: fix the the condtions
chardev: do not use short form boolean options in non-QemuOpts character device descriptions
vl: deprecate -writeconfig
target/i386: Add bus lock debug exception support
qom/object.c: Fix typo
target/i386: update to show preferred boolean syntax for -cpu
docs: update to show preferred boolean syntax for -cpu
docs: update to show preferred boolean syntax for -vnc
docs: update to show preferred boolean syntax for -chardev
qemu-options: update to show preferred boolean syntax for -vnc
qemu-options: update to show preferred boolean syntax for -incoming
qemu-options: update to show preferred boolean syntax for -netdev
qemu-options: update to show preferred boolean syntax for -spice
qemu-options: update to show preferred boolean syntax for -chardev
gdbstub: use preferred boolean option syntax
char: don't fail when client is not connected
scsi: drop 'result' argument from command_complete callback
scsi-disk: pass guest recoverable errors through even for rerror=stop
scsi-disk: pass SCSI status to scsi_handle_rw_error
scsi: introduce scsi_sense_from_errno()
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The preferred syntax is to use "foo=on|off", rather than a bare
"+foo" or "-foo"
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20210216191027.595031-11-berrange@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
update golden master acpi tables and empty
bios-tables-test-allowed-diff.h.
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <de5a7f88563d39ed0cec34ff1d4cd6a1bdc927f0.1613615732.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <5ef9a81e49793afb42ffd19bbf1f44e269c65e93.1613615732.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <22f774a51255af1608b07b00b257af426adcf4ab.1613615732.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The following tests will modify acpi tables.
prepare qtests to allow acpi table change.
add new tables for new tests.
- tests/data/acpi/pc/DSDT.nohpet
- tests/data/acpi/pc/FACP.nosmm
- tests/data/acpi/q35/DSDT.nohpet
- tests/data/acpi/q35/FACP.nosmm
Acked-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Isaku Yamahata <isaku.yamahata@intel.com>
Message-Id: <c8285f54deab362ed839d31f0fb5bb590ab71fdd.1613615732.git.isaku.yamahata@intel.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Jiahui Cen <cenjiahui@huawei.com>
Signed-off-by: Xingang Wang <wangxingang5@huawei.com>
Message-Id: <1612490205-48788-2-git-send-email-wangxingang5@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
The s390-ccw bios code panics if it can not boot successfully. In
this case, it does not make sense that we wait the full 600 seconds
for the boot sector test to finish and can signal the failure
immediately, thus let's check the status of the guest with the
"query-status" QMP command here, too.
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Message-Id: <20210212113141.854871-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
When using KVM, using a specific cpu type will only work if the
host CPU really is that exact CPU type.
During testing we can simply use the 'max' CPU which will select
all the features available from the host.
This allow running this test on a Cavium CN8890 (ThunderX cores).
Suggested-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20210205144345.2068758-4-f4bug@amsat.org>
Reviewed-by: Andrew Jones <drjones@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
If qtests are run in verbose mode (i.e. if --verbose CL argument
was provided) then print the assembled qemu command line for each
test.
Use qos_printf() instead of g_test_message() to avoid the latter
cluttering the output.
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <110bef3595cb841dfa1b86733c174ac9774eb37e.1611704181.git.qemu_oss@crudebyte.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If qtests are run in verbose mode (i.e. if --verbose CL argument
was provided) then print all environment variables to stdout
before running the individual tests.
It is common nowadays, at least being able to output all config
vectors in a build chain, especially if it is required to
investigate build- and test-issues on foreign/remote machines,
which includes environment variables. In the context of writing
new test cases this is also useful for finding out whether there
are already some existing options for common questions like is
there a preferred location for writing test files to? Is there
a maximum size for test data? Is there a deadline for running
tests?
Use qos_printf() instead of g_test_message() to avoid the latter
cluttering the output.
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <21d77b33c578d80b5bba1068e61fd3562958b3c2.1611704181.git.qemu_oss@crudebyte.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
If qtests were run in verbose mode (i.e. if --verbose CL argument was
provided) then dump the generated qos graph (all nodes and edges,
along with their current individual availability status) to stdout,
which allows to identify problems in the created qos graph e.g. when
writing new qos tests.
See API doc comment on function qos_dump_graph() for details.
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <6bffb6e38589fb2c06a2c1b5deed33f3e710fed1.1611704181.git.qemu_oss@crudebyte.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
These two are macros wrapping regular printf() call. They are intended
to be used instead of calling printf() directly in order to avoid
breaking TAP output format.
TAP output format is enabled by using --tap command line argument.
Starting with glib 2.62 it is enabled by default.
Unfortunately there is currently no public glib API available to check
whether TAP output format is enabled. For that reason qos_printf()
simply always prepends a '#' character for now.
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <653a5ef61c5e7d160e4d6294e542c57ea324cee4.1611704181.git.qemu_oss@crudebyte.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
So far the qos subsystem of the qtest framework had the limitation
that only one instance of the same official QEMU (QMP) driver name
could be created for qtests. That's because a) the created qos
node names must always be unique, b) the node name must match the
official QEMU driver name being instantiated and c) all nodes are
in a global space shared by all tests.
This patch removes this limitation by introducing a new function
qos_node_create_driver_named() which allows test case authors to
specify a node name being different from the actual associated
QEMU driver name. It fills the new 'qemu_name' field of
QOSGraphNode for that purpose.
Adjust build_driver_cmd_line() and qos_graph_node_set_availability()
to correctly deal with either accessing node name vs. node's
qemu_name correctly.
Signed-off-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Message-Id: <3be962ff38f3396f8040deaa5ffdab525c4e0b16.1611704181.git.qemu_oss@crudebyte.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>