-M none creates a guest without a vCPU, causing the following error:
$ ./qemu-system-x86_64 -qmp stdio -M none -accel kvm
{execute:qmp_capabilities}
{"return": {}}
{execute: query-stats-schemas}
Segmentation fault (core dumped)
Fix it by not querying the vCPU stats if first_cpu is NULL.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Several bugfixes, they all look very safe to me. Revert
seed support since we aren't any closer to a proper fix.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
-----BEGIN PGP SIGNATURE-----
iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmL9IIQPHG1zdEByZWRo
YXQuY29tAAoJECgfDbjSjVRpKCkH/2KjgmgG2BpeSm5WHm2ySMZ8aNactDhjc/zg
S2iFMPRx6at4fagErT0h4hdI2SunbWz+dH8v6wdPmiIX//HNRUiZPW6vItib3aaN
b6IxG+yWasRxFhLMZ41634vCUmnISkCsbMwJYTUMZjUV3iuEVnK8rQpIuGIkmvYK
nt3Y3TLospn19ZrTbV00flghHnmU4WIZkyJv7T64bvvlgxITIw/02XxAI5QvhWb9
qANmT+T9IPsZXdXOGj9W2d23Ejl9fRfvJSgRJsmxcOH24ozDUNGfia/ZDuq7J9rB
NZ+g29j27oU5hdazOZR5e9q5SaFfaNZ3uYsU/A+lZkt/9+7G1u0=
=soZc
-----END PGP SIGNATURE-----
Merge tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu into staging
pc,virtio: fixes
Several bugfixes, they all look very safe to me. Revert
seed support since we aren't any closer to a proper fix.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# -----BEGIN PGP SIGNATURE-----
#
# iQFDBAABCAAtFiEEXQn9CHHI+FuUyooNKB8NuNKNVGkFAmL9IIQPHG1zdEByZWRo
# YXQuY29tAAoJECgfDbjSjVRpKCkH/2KjgmgG2BpeSm5WHm2ySMZ8aNactDhjc/zg
# S2iFMPRx6at4fagErT0h4hdI2SunbWz+dH8v6wdPmiIX//HNRUiZPW6vItib3aaN
# b6IxG+yWasRxFhLMZ41634vCUmnISkCsbMwJYTUMZjUV3iuEVnK8rQpIuGIkmvYK
# nt3Y3TLospn19ZrTbV00flghHnmU4WIZkyJv7T64bvvlgxITIw/02XxAI5QvhWb9
# qANmT+T9IPsZXdXOGj9W2d23Ejl9fRfvJSgRJsmxcOH24ozDUNGfia/ZDuq7J9rB
# NZ+g29j27oU5hdazOZR5e9q5SaFfaNZ3uYsU/A+lZkt/9+7G1u0=
# =soZc
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 17 Aug 2022 10:08:20 AM PDT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [undefined]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* tag 'for_upstream' of git://git.kernel.org/pub/scm/virt/kvm/mst/qemu:
virtio-pci: don't touch pci on virtio reset
tests: acpi: silence applesmc warning about invalid key
hw/cxl: Correctly handle variable sized mailbox input payloads.
hw/cxl: Fix Get LSA input payload size which should be 8 bytes.
hw/cxl: Add stub write function for RO MemoryRegionOps entries.
hw/cxl: Fix wrong query of target ports
hw/cxl: Fix memory leak in error paths
x86: disable rng seeding via setup_data
hw/virtio: fix vhost_user_read tracepoint
hw/virtio: handle un-configured shutdown in virtio-pci
hw/virtio: gracefully handle unset vhost_dev vdev
virtio-scsi: fix race in virtio_scsi_dataplane_start()
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The display may be corrupted when changing screen colour depth in
qemu-system-ppc/MacOS since 7.0.
Do not short-cut qemu_console_resize() if the surface is backed by vga
vram. When the scanout isn't set, or it is already allocated, or opengl,
and the size is fitting, we still avoid the reallocation & replace path.
Fixes: commit cb8962c1 ("ui: do not create a surface when resizing a GL scanout")
Reported-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Tested-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20220725115815.2461322-1-marcandre.lureau@redhat.com>
The purpose of dbus_get_proxies to construct the proxies corresponding to the
IDs registered to dbus-vmstate.
Currenty, this function returns an error in case there is any failure
while instantiating proxy for "all" the names on dbus.
Ideally this function should error out only if it is not able to find and
validate the proxies registered to the backend otherwise any offending
process(for eg: the process purposefully may not export its Id property on
the dbus) may connect to the dbus and can lead to migration failures.
This commit ensures that dbus_get_proxies returns an error if it is not
able to find and validate the proxies of interest(the IDs registered
during the dbus-vmstate instantiation).
Signed-off-by: Priyankar Jain <priyankar.jain@nutanix.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <1637936117-37977-1-git-send-email-priyankar.jain@nutanix.com>
virtio level reset should not affect pci express
registers such as PM, error or link.
Fixes: 27ce0f3afc ("hw/virtio: fix Power Management Control Register for PCI Express virtio devices")
Fixes: d584f1b9ca ("hw/virtio: fix Link Control Register for PCI Express virtio devices")
Fixes: c2cabb3422 ("hw/virtio: fix error enabling flags in Device Control register")
Cc: "Marcel Apfelbaum" <marcel@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
OSK value is irrelevant for ACPI test case.
Supply fake OSK explicitly to prevent QEMU complaining about
invalid key when it fallbacks to default_osk.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20220728133713.1369596-1-imammedo@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
A placeholder of ~0 is used to indicate variable payload size.
Whilst the checks for output payload correctly took this into
account, those for input payload did not.
This results in failure of the Set LSA command.
Fixes: 464e14ac43 ("hw/cxl/device: Implement basic mailbox (8.2.8.4)")
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220817145759.32603-4-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
There is no checking on the availability of a write callback.
Hence QEMU crashes if a write does occur to one of these regions.
Discovered whilst chasing a Linux kernel bug that incorrectly
wrote into one of these regions.
Fixes: 6364adacdf ("hw/cxl/device: Implement the CAP array (8.2.8.1-2)")
Reported-by: Bobo WL <lmw.bobo@gmail.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220817145759.32603-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Two issues were present in this code:
1) Check on which register to look in was inverted.
2) Both branches use the _LO register.
Whilst here moved to extract32() rather than hand rolling
the field extraction as simpler and hopefully less error prone.
Fixes Coverity CID: 1488873
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220808122051.14822-3-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Use g_autofree to free the CXLFixedWindow structure if an
error occurs in configuration before we have added to
the list (via g_steal_pointer())
Fix Coverity CID: 1488872
Reported-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220808122051.14822-2-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
Causes regressions when doing direct kernel boots with OVMF.
At this point in the release cycle the only sensible action
is to just disable this for 7.1 and sort it properly in the
7.2 devel cycle.
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Eduardo Habkost <eduardo@habkost.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Message-Id: <20220817083940.3174933-1-kraxel@redhat.com>
Cc: Jason A. Donenfeld <Jason@zx2c4.com>
Cc: Marcel Apfelbaum <marcel.apfelbaum@gmail.com>
Cc: Paolo Bonzini <pbonzini@redhat.com>
Cc: Richard Henderson <richard.henderson@linaro.org>
Cc: Eduardo Habkost <eduardo@habkost.net>
Cc: Peter Maydell <peter.maydell@linaro.org>
Cc: Philippe Mathieu-Daudé <f4bug@amsat.org>
Cc: Laurent Vivier <laurent@vivier.eu>
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
As reads happen in the callback we were never seeing them. We only
really care about the header so move the tracepoint to when the header
is complete.
Fixes: 6ca6d8ee9d (hw/virtio: add vhost_user_[read|write] trace points)
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Jason Wang <jasowang@redhat.com>
Message-Id: <20220728135503.1060062-5-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
The assert() protecting against leakage is a little aggressive and
causes needless crashes if a device is shutdown without having been
configured. In this case no descriptors are lost because none have
been assigned.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220728135503.1060062-4-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
I've noticed asserts firing because we query the status of vdev after
a vhost connection is closed down. Rather than faulting on the NULL
indirect just quietly reply false.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220728135503.1060062-3-alex.bennee@linaro.org>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
As soon as virtio_scsi_data_plane_start() attaches host notifiers the
IOThread may start virtqueue processing. There is a race between
IOThread virtqueue processing and virtio_scsi_data_plane_start() because
it only assigns s->dataplane_started after attaching host notifiers.
When a virtqueue handler function in the IOThread calls
virtio_scsi_defer_to_dataplane() it may see !s->dataplane_started and
attempt to start dataplane even though we're already in the IOThread:
#0 0x00007f67b360857c __pthread_kill_implementation (libc.so.6 + 0xa257c)
#1 0x00007f67b35bbd56 raise (libc.so.6 + 0x55d56)
#2 0x00007f67b358e833 abort (libc.so.6 + 0x28833)
#3 0x00007f67b358e75b __assert_fail_base.cold (libc.so.6 + 0x2875b)
#4 0x00007f67b35b4cd6 __assert_fail (libc.so.6 + 0x4ecd6)
#5 0x000055ca87fd411b memory_region_transaction_commit (qemu-kvm + 0x67511b)
#6 0x000055ca87e17811 virtio_pci_ioeventfd_assign (qemu-kvm + 0x4b8811)
#7 0x000055ca87e14836 virtio_bus_set_host_notifier (qemu-kvm + 0x4b5836)
#8 0x000055ca87f8e14e virtio_scsi_set_host_notifier (qemu-kvm + 0x62f14e)
#9 0x000055ca87f8dd62 virtio_scsi_dataplane_start (qemu-kvm + 0x62ed62)
#10 0x000055ca87e14610 virtio_bus_start_ioeventfd (qemu-kvm + 0x4b5610)
#11 0x000055ca87f8c29a virtio_scsi_handle_ctrl (qemu-kvm + 0x62d29a)
#12 0x000055ca87fa5902 virtio_queue_host_notifier_read (qemu-kvm + 0x646902)
#13 0x000055ca882c099e aio_dispatch_handler (qemu-kvm + 0x96199e)
#14 0x000055ca882c1761 aio_poll (qemu-kvm + 0x962761)
#15 0x000055ca880e1052 iothread_run (qemu-kvm + 0x782052)
#16 0x000055ca882c562a qemu_thread_start (qemu-kvm + 0x96662a)
This patch assigns s->dataplane_started before attaching host notifiers
so that virtqueue handler functions that run in the IOThread before
virtio_scsi_data_plane_start() returns correctly identify that dataplane
does not need to be started. This fix is taken from the virtio-blk
dataplane code and it's worth adding a comment in virtio-blk as well to
explain why it works.
Note that s->dataplane_started does not need the AioContext lock because
it is set before attaching host notifiers and cleared after detaching
host notifiers. In other words, the IOThread always sees the value true
and the main loop thread does not modify it while the IOThread is
active.
Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=2099541
Reported-by: Qing Wang <qinwang@redhat.com>
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Message-Id: <20220808162134.240405-1-stefanha@redhat.com>
Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
- properly un-parent OBJECT(cpu) when closing -user thread
- add missing timeout to aspeed tests
- reduce raciness of login: prompt handling for aspeed tests
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmL7XG0ACgkQ+9DbCVqe
KkRDAAf9EfolGONaDKRaBkzdASuIadVGDr3EUDFe+Ho7cyJjnrOu8XjbOuB9Ayc4
Vg4ccTSWYtCQdh4HhPOuCSmCoDmvCgnzze+eLS1E/PDNAMH0puPYikacpdp09Nng
qtPqb9QfaJNy7imrtg43kXWDbUHU21YlgGIguBYCJV5EKBFlNH84iyf5wYjXjQkp
OXpSGcSdNBJ569g1tksrBZrrSMEMMFHnpDmMxRbNnDlJ/yDKbLI8t0CXLR1hU6le
IjKWV7ZChEYiTRn+tlVrRdiFJjqhKtOoc9VXlVG67MW9orEQwk0gYVrnhxmC+N0t
hMcbncw8CgxS270cEqccxxYDF5Uxng==
=9IHQ
-----END PGP SIGNATURE-----
Merge tag 'pull-for-7.1-fixes-160822-1' of https://github.com/stsquad/qemu into staging
A few small fixes:
- properly un-parent OBJECT(cpu) when closing -user thread
- add missing timeout to aspeed tests
- reduce raciness of login: prompt handling for aspeed tests
# -----BEGIN PGP SIGNATURE-----
#
# iQEzBAABCgAdFiEEZoWumedRZ7yvyN81+9DbCVqeKkQFAmL7XG0ACgkQ+9DbCVqe
# KkRDAAf9EfolGONaDKRaBkzdASuIadVGDr3EUDFe+Ho7cyJjnrOu8XjbOuB9Ayc4
# Vg4ccTSWYtCQdh4HhPOuCSmCoDmvCgnzze+eLS1E/PDNAMH0puPYikacpdp09Nng
# qtPqb9QfaJNy7imrtg43kXWDbUHU21YlgGIguBYCJV5EKBFlNH84iyf5wYjXjQkp
# OXpSGcSdNBJ569g1tksrBZrrSMEMMFHnpDmMxRbNnDlJ/yDKbLI8t0CXLR1hU6le
# IjKWV7ZChEYiTRn+tlVrRdiFJjqhKtOoc9VXlVG67MW9orEQwk0gYVrnhxmC+N0t
# hMcbncw8CgxS270cEqccxxYDF5Uxng==
# =9IHQ
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 16 Aug 2022 03:59:25 AM CDT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* tag 'pull-for-7.1-fixes-160822-1' of https://github.com/stsquad/qemu:
tests/avocado: apply a band aid to aspeed-evb login
tests/avocado: add timeout to the aspeed tests
linux-user: un-parent OBJECT(cpu) when closing thread
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The loop condition in xhci_ring_chain_length() is under control of
the guest, and additionally the code does not check for failed DMA
transfers (e.g. if reaching the end of the RAM), so the loop there
could run for a very long time or even forever. Fix it by checking
the return value of dma_memory_read() and by introducing a maximum
loop length.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/646
Message-Id: <20220804131300.96368-1-thuth@redhat.com>
Reviewed-by: Mauro Matteo Cascella <mcascell@redhat.com>
Acked-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
The property name parameter is ignored when visiting a top
level type, but the obvious typo should be fixed to avoid
confusion. A few indentation issues were tidied up. We
can break out of the loop when finding the RNG device.
Finally, close the temp FD immediately when no longer
needed.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220809093854.168438-1-berrange@redhat.com>
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Thomas Huth <thuth@redhat.com>
This is really a limitation of the underlying console code which
doesn't allow us to detect the login: and following "#" prompts
because it reads input line wise. By adding a small delay we ensure
that the login prompt has appeared so we don't accidentally spaff the
shell commands to a confused getty in the guest.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Acked-by: John Snow <jsnow@redhat.com>
Message-Id: <20220811151413.3350684-8-alex.bennee@linaro.org>
On some systems the test can hang. At least defining a timeout stops
it from hanging forever.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220811151413.3350684-7-alex.bennee@linaro.org>
While forcing the CPU to unrealize by hand does trigger the clean-up
code we never fully free resources because refcount never reaches
zero. This is because QOM automatically added objects without an
explicit parent to /unattached/, incrementing the refcount.
Instead of manually triggering unrealization just unparent the object
and let the device machinery deal with that for us.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/866
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Laurent Vivier <laurent@vivier.eu>
Message-Id: <20220811151413.3350684-2-alex.bennee@linaro.org>
1. Add some information about how to boot the LoongArch virt
machine by uefi bios and linux kernel and how to access the
source code or binary file.
2. Move the explanation of LoongArch system emulation in the
target/loongarch/README to docs/system/loongarch/loongson3.rst
Signed-off-by: Xiaojuan Yang <yangxiaojuan@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Message-Id: <20220812091957.3338126-1-yangxiaojuan@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Commit 06680b15b4 moved qemu_*_exec_dir() to cutils but forgot
to move the macOS dyld(3) include, resulting in the following
error (when building with Homebrew GCC on macOS Monterey 12.4):
[313/1197] Compiling C object libqemuutil.a.p/util_cutils.c.o
FAILED: libqemuutil.a.p/util_cutils.c.o
../../util/cutils.c:1039:13: error: implicit declaration of function '_NSGetExecutablePath' [-Werror=implicit-function-declaration]
1039 | if (_NSGetExecutablePath(fpath, &len) == 0) {
| ^~~~~~~~~~~~~~~~~~~~
../../util/cutils.c:1039:13: error: nested extern declaration of '_NSGetExecutablePath' [-Werror=nested-externs]
Fix by moving the include line to cutils.
Fixes: 06680b15b4 ("include: move qemu_*_exec_dir() to cutils")
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20220809222046.30812-1-f4bug@amsat.org
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
With the introduction of the new TCG GICv4, build_madt() is badly broken
as we do not present any GIC Redistributor structure in MADT for GICv4
guests, so that they have no idea about where the Redistributor
register frames are. This fixes a Linux guest crash at boot time with
ACPI enabled and '-machine gic-version=4'.
While at it, let's convert the remaining hard coded gic_version into
enumeration VIRT_GIC_VERSION_2 for consistency.
Signed-off-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20220812022018.1069-1-yuzenghui@huawei.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
../tests/test-qobject-input-visitor.c: In function ‘test_visitor_in_list’:
../tests/test-qobject-input-visitor.c:454:49: warning: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 6 [-Wformat-truncation=]
454 | snprintf(string, sizeof(string), "string%d", i);
| ^~
../tests/test-qobject-input-visitor.c:454:42: note: directive argument in the range [0, 2147483606]
454 | snprintf(string, sizeof(string), "string%d", i);
| ^~~~~~~~~~
../tests/test-qobject-input-visitor.c:454:9: note: ‘snprintf’ output between 8 and 17 bytes into a destination of size 12
454 | snprintf(string, sizeof(string), "string%d", i);
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Rather than trying to be clever, since this is called 3 times during
tests, let's simply use g_strdup_printf().
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Message-id: 20220810121513.1356081-1-marcandre.lureau@redhat.com
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
[PMM: fixed commit message typos]
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Stefan Weil <sw@weilnetz.de>
Reviewed-by: Hongren (Zenithal) Zheng <i@zenithal.me>
Message-id: 20220812075642.1200578-1-sw@weilnetz.de
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The newly added neoverse-n1 CPU has ID register values which indicate
the presence of the Statistical Profiling Extension, because the real
hardware has this feature. QEMU's TCG emulation does not yet
implement SPE, though (not even as a minimal stub implementation), so
guests will crash if they try to use it because the SPE system
registers don't exist.
Force ID_AA64DFR0_EL1.PMSVer to 0 in CPU realize for TCG, so that
we don't advertise to the guest a feature that doesn't exist.
(We could alternatively do this by editing the value that
aarch64_neoverse_n1_initfn() sets for this ID register, but
suppressing the field in realize means we won't re-introduce this bug
when we add other CPUs that have SPE in hardware, such as the
Neoverse-V1.)
An example of a non-booting guest is current mainline Linux (5.19),
when booting in EL2 on the virt board (ie with -machine
virtualization=on).
Reported-by: Zenghui Yu <yuzenghui@huawei.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Zenghui Yu <yuzenghui@huawei.com>
Message-id: 20220811131127.947334-1-peter.maydell@linaro.org
aarch64 stores MTE tags in target_date, and they should be reset by
MADV_DONTNEED.
Signed-off-by: Vitaly Buka <vitalybuka@google.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220711220028.2467290-1-vitalybuka@google.com>
[lv: fix code style issues]
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
The latest glibc 2.36 has extended sys/mount.h so that it
defines the FSCONFIG_* enum constants. These are historically
defined in linux/mount.h, and thus if you include both headers
the compiler complains:
In file included from /usr/include/linux/fs.h:19,
from ../linux-user/syscall.c:98:
/usr/include/linux/mount.h:95:6: error: redeclaration of 'enum fsconfig_command'
95 | enum fsconfig_command {
| ^~~~~~~~~~~~~~~~
In file included from ../linux-user/syscall.c:31:
/usr/include/sys/mount.h:189:6: note: originally defined here
189 | enum fsconfig_command
| ^~~~~~~~~~~~~~~~
/usr/include/linux/mount.h:96:9: error: redeclaration of enumerator 'FSCONFIG_SET_FLAG'
96 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
| ^~~~~~~~~~~~~~~~~
/usr/include/sys/mount.h:191:3: note: previous definition of 'FSCONFIG_SET_FLAG' with type 'enum fsconfig_command'
191 | FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
| ^~~~~~~~~~~~~~~~~
...snip...
QEMU doesn't include linux/mount.h, but it does use
linux/fs.h and thus gets linux/mount.h indirectly.
glibc acknowledges this problem but does not appear to
be intending to fix it in the forseeable future, simply
documenting it as a known incompatibility with no
workaround:
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3Ehttps://sourceware.org/glibc/wiki/Synchronizing_Headers
To address this requires either removing use of sys/mount.h
or linux/fs.h, despite QEMU needing declarations from
both.
This patch removes linux/fs.h, meaning we have to define
various FS_IOC constants that are now unavailable.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Tested-by: Richard W.M. Jones <rjones@redhat.com>
Message-Id: <20220802164134.1851910-1-berrange@redhat.com>
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Version: GnuPG v1
iQEcBAABAgAGBQJi8iLAAAoJEO8Ells5jWIRrdMIAI1T5lgOhv2DfHXA6bElokIx
10NQ0dG5IBhO6l56p6Um95+tMDMfYBDjc8YOI1qv3L1PZOXdeHjs2ldUg8f0cmFP
asvY1EJJW4SlCI0hk/Jb6oXf8BoVnNEnMmNGg8qRmVyEw2sFYkNhhA9dXH+537GN
K0ZFOmfsYpn3EzKyqooln8XLT9lPsXX9LC1Oh0Jz1YmRn6y8/rngR1DWAEyr6MnL
5iGIyv5VEdeU1sQJRrH9DyCCGLlILCCUa2yo1RkV+Ac/qPdKWfkyE6K6kUelzGbp
qqP9+rDpF3LwokqAI+8tJCwc6WqLL3Y/Ddb1J6gzydh8WcszjlXPjcBn8FeKXzk=
=hAhp
-----END PGP SIGNATURE-----
Merge tag 'net-pull-request' of https://github.com/jasowang/qemu into staging
# -----BEGIN PGP SIGNATURE-----
# Version: GnuPG v1
#
# iQEcBAABAgAGBQJi8iLAAAoJEO8Ells5jWIRrdMIAI1T5lgOhv2DfHXA6bElokIx
# 10NQ0dG5IBhO6l56p6Um95+tMDMfYBDjc8YOI1qv3L1PZOXdeHjs2ldUg8f0cmFP
# asvY1EJJW4SlCI0hk/Jb6oXf8BoVnNEnMmNGg8qRmVyEw2sFYkNhhA9dXH+537GN
# K0ZFOmfsYpn3EzKyqooln8XLT9lPsXX9LC1Oh0Jz1YmRn6y8/rngR1DWAEyr6MnL
# 5iGIyv5VEdeU1sQJRrH9DyCCGLlILCCUa2yo1RkV+Ac/qPdKWfkyE6K6kUelzGbp
# qqP9+rDpF3LwokqAI+8tJCwc6WqLL3Y/Ddb1J6gzydh8WcszjlXPjcBn8FeKXzk=
# =hAhp
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 09 Aug 2022 02:02:56 AM PDT
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* tag 'net-pull-request' of https://github.com/jasowang/qemu:
hw/net/rocker: Avoid undefined shifts with more than 31 ports
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The function icount_prepare_for_run() is called with the iothread
unlocked, but it can call icount_notify_aio_contexts() which will
run qemu timer handlers. Those are supposed to be run only with
the iothread lock held, so take the lock while we do that.
Since icount mode runs everything on a single thread anyway,
not holding the lock is likely mostly not going to introduce
races, but it can cause us to trip over assertions that we
do hold the lock, such as the one reported in issue 1130.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1130
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Tested-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-id: 20220801164527.3134765-1-peter.maydell@linaro.org
In rocker_port_phys_link_status() and rocker_port_phys_enable_read()
we construct a 64-bit value with one bit per front-panel port.
However we accidentally do the shift as 32-bit arithmetic, which
means that if there are more than 31 front-panel ports this is
undefined behaviour.
Fix the problem by ensuring we use 64-bit arithmetic for the whole
calculation. (We won't ever shift off the 64-bit value because
ROCKER_FP_PORTS_MAX is 62.)
Resolves: Coverity CID 1487121, 1487160
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Jason Wang <jasowang@redhat.com>
All of the fpu operations are defined with TCG_CALL_NO_WG, but they
all modify FCSR0. The most efficient way to fix this is to remove
cpu_fcsr0, and instead use explicit load and store operations for the
two instructions that manipulate that value.
Acked-by: Qi Hu <huqi@loongson.cn>
Reviewed-by: Song Gao <gaosong@loongson.cn>
Reported-by: Feiyang Chen <chenfeiyang@loongson.cn>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
- target/mips: Handle lock_user failure in UHI_plog semihosting (Peter Maydell)
- hw/mips/malta: Turn off x86 specific features of PIIX4 PM (Igor Mammedov)
- hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses (Peter Maydell)
-----BEGIN PGP SIGNATURE-----
iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmLxjkMACgkQ4+MsLN6t
wN4DhQ/+L/lcVmz/hoIDsjyqMBpBYMYEftlytyuXUDqp9+1CGQpXXzf6cmXwiMK5
DDP/q0PR508tevljDuc7A01ThkN5Vx8FcEpCaD54AjZ5n0BxSLl0Yw9Leftq8doD
Nk0YonVEY1tNXYV/KGWsiA7Xhkm3pL66Jzc0fyotNhzsI/dGxTVO9vLTgLl4/Hxv
iMj0AxPIOrKEsom61k6QKLgE5ZC3yIPZb+6upSwrQfx6oMtIac5NofEjNCuR0Uy5
PgM6ZJKAM376JlP4hdJ91K04Wg8ql+ze/x2jpjbR0S3QRz4TbH57hJ00nNRLxDep
5hHE7FIg6xf7sJv8ukwLK31zOiT46Azkr1wG97mZ7NyxxT7VTXtKgje6IENLGCgy
sCMWIEnrOh03seMShaCRqPcguYUR+XaMc+Hpv9XCu3ZvniI2CUpmVlm8M0t3hqVK
XCMwSsXJZ2w4522lUAJio2a10dsHJDg8U81n1KozTRUEZ8QBVlkqNLAIsROKl1Fr
LMsv9408nQLkAhYCBeZArw8ayITLTPqlE/S7fiLwwa6e8lPpkMyz/RlN16QsCSHr
zQO0iwY4kldn7QekKPTMQE73sW5ziBIOe7P6F5jtexbeaY0vJ5ph8Kfrq6hUVuqN
ieQVSi4psz43fpIjNodTk0nnsqAJXZ/7vy0sS38DvwQjBZojWIk=
=RIZd
-----END PGP SIGNATURE-----
Merge tag 'mips-20220809' of https://github.com/philmd/qemu into staging
MIPS/SPARC patches queue
- target/mips: Handle lock_user failure in UHI_plog semihosting (Peter Maydell)
- hw/mips/malta: Turn off x86 specific features of PIIX4 PM (Igor Mammedov)
- hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses (Peter Maydell)
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmLxjkMACgkQ4+MsLN6t
# wN4DhQ/+L/lcVmz/hoIDsjyqMBpBYMYEftlytyuXUDqp9+1CGQpXXzf6cmXwiMK5
# DDP/q0PR508tevljDuc7A01ThkN5Vx8FcEpCaD54AjZ5n0BxSLl0Yw9Leftq8doD
# Nk0YonVEY1tNXYV/KGWsiA7Xhkm3pL66Jzc0fyotNhzsI/dGxTVO9vLTgLl4/Hxv
# iMj0AxPIOrKEsom61k6QKLgE5ZC3yIPZb+6upSwrQfx6oMtIac5NofEjNCuR0Uy5
# PgM6ZJKAM376JlP4hdJ91K04Wg8ql+ze/x2jpjbR0S3QRz4TbH57hJ00nNRLxDep
# 5hHE7FIg6xf7sJv8ukwLK31zOiT46Azkr1wG97mZ7NyxxT7VTXtKgje6IENLGCgy
# sCMWIEnrOh03seMShaCRqPcguYUR+XaMc+Hpv9XCu3ZvniI2CUpmVlm8M0t3hqVK
# XCMwSsXJZ2w4522lUAJio2a10dsHJDg8U81n1KozTRUEZ8QBVlkqNLAIsROKl1Fr
# LMsv9408nQLkAhYCBeZArw8ayITLTPqlE/S7fiLwwa6e8lPpkMyz/RlN16QsCSHr
# zQO0iwY4kldn7QekKPTMQE73sW5ziBIOe7P6F5jtexbeaY0vJ5ph8Kfrq6hUVuqN
# ieQVSi4psz43fpIjNodTk0nnsqAJXZ/7vy0sS38DvwQjBZojWIk=
# =RIZd
# -----END PGP SIGNATURE-----
# gpg: Signature made Mon 08 Aug 2022 03:29:23 PM PDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
* tag 'mips-20220809' of https://github.com/philmd/qemu:
hw/misc/grlib_ahb_apb_pnp: Support 8 and 16 bit accesses
hw/mips/malta: turn off x86 specific features of PIIX4_PM
target/mips: Handle lock_user() failure in UHI_plog semihosting call
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
In real hardware, the APB and AHB PNP data tables can be accessed
with byte and halfword reads as well as word reads. Our
implementation currently only handles word reads. Add support for
the 8 and 16 bit accesses. Note that we only need to handle aligned
accesses -- unaligned accesses should continue to trap, as happens on
hardware.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1132
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Frederic Konrad <fkonrad@amd.com>
Message-Id: <20220802131925.3380923-1-peter.maydell@linaro.org>
Tested-by: Tomasz Martyniak <gitlab.com/tom4r>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
QEMU crashes trying to save VMSTATE when only MIPS target are compiled in
$ qemu-system-mips -monitor stdio
(qemu) migrate "exec:gzip -c > STATEFILE.gz"
Segmentation fault (core dumped)
It happens due to PIIX4_PM trying to parse hotplug vmstate structures
which are valid only for x86 and not for MIPS (as it requires ACPI
tables support which is not existent for ithe later)
Issue was probably exposed by trying to cleanup/compile out unused
ACPI bits from MIPS target (but forgetting about migration bits).
Disable compiled out features using compat properties as the least
risky way to deal with issue.
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/995
Reviewed-by: Ani Sinha <ani@anisinha.ca>
Acked-by: Michael S. Tsirkin <mst@redhat.com>
Message-Id: <20220728115034.1327988-1-imammedo@redhat.com>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Coverity notes that we forgot to check the error return from
lock_user() in one place in the handling of the UHI_plog semihosting
call. Add the missing error handling.
report_fault() is rather brutal in that it will call abort(), but
this is the same error-handling used in the rest of this file.
Resolves: Coverity CID 1490684
Fixes: ea4210600d ("target/mips: Avoid qemu_semihosting_log_out for UHI_plog")
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220719191737.384744-1-peter.maydell@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Paolo Bonzini
Richard Henderson
Marc-André Lureau
Priyankar Jain
Michael S. Tsirkin
Igor Mammedov
Jonathan Cameron
Gerd Hoffmann
Alex Bennée
Stefan Hajnoczi
Thomas Huth
Daniel P. Berrangé
Xiaojuan Yang
Philippe Mathieu-Daudé
Zenghui Yu
Stefan Weil
Peter Maydell
Vitaly Buka