Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:42 +0000 (16:57 +0000)]
tests/functional: rewrite console handling to be bytewise
The console interaction that waits for predicted strings uses
readline(), and thus is only capable of waiting for strings
that are followed by a newline.
This is inconvenient when needing to match on some things,
particularly login prompts, or shell prompts, causing tests
to use time.sleep(...) instead, which is unreliable.
Switch to reading the console 1 byte at a time, comparing
against the success/failure messages until we see a match,
regardless of whether a newline is encountered.
The success/failure comparisons are done with the python bytes
type, rather than strings, to avoid the problem of needing to
decode partially received multibyte utf8 characters.
Heavily inspired by a patch proposed by Cédric, but written
again to work in bytes, rather than strings.
Co-developed-by: Cédric Le Goater <clg@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-16-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-16-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:41 +0000 (16:57 +0000)]
tests/functional: require non-NULL success_message for console wait
When waiting for expected output, the 'success_message' is a mandatory
parameter, with 'failure_message' defaulting to None.
The code has logic which indicates it was trying to cope with
'success_message' being None and 'failure_message' being non-None but
it does not appear able to actually do anything useful. The check for
'success_message is None' will break out of the loop before any check
for 'failure_message' has been performed.
IOW, for practcal purposes 'success_message' must be non-None unless
'send_string' is set. Assert this expectation and simplify the loop
logic.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-15-berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-15-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:40 +0000 (16:57 +0000)]
tests/functional: don't try to wait for the empty string
Telling exec_command_wand_wait_for_pattern to wait for the empty
string does not make any conceptual sense, as a check for empty
string will always succeed. It makes even less sense when followed
by a call to wait_for_console_pattern() with a real match.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-14-berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-14-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:39 +0000 (16:57 +0000)]
tests/functional: logs details of console interaction operations
When functional tests go wrong, it will often be related to the console
interaction wait state. By logging the messages that we're looking for,
and data we're about to be sending, it'll be easier to diagnose where
tests are getting stuck.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-13-berrange@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-13-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:38 +0000 (16:57 +0000)]
tests/functional: enable debug logging for QEMUMachine
Set the 'qemu.machine' logger to 'DEBUG' level, to ensure we see log
messages related to the QEMUMachine class. Most importantly this
ensures we capture the full QEMU command line args for instances we
spawn.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-12-berrange@redhat.com> Tested-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20241121165806.476008-12-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:37 +0000 (16:57 +0000)]
tests/functional: honour requested test VM name in QEMUMachine
The functional test case class is going to the trouble of passing
around a machine name, but then fails to give this QEMUMachine. As
a result, QEMUMachine will create a completely random name. Since
log file names match the machine name, this results in log files
accumulating over time.
Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-11-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-11-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:36 +0000 (16:57 +0000)]
tests/functional: put QEMUMachine logs in testcase log directory
We are not passing the 'log_dir' parameter to QEMUMachine, so the
QEMU stdout/err logs are being placed in a temp directory and thus
deleted after execution. This makes them inaccessible as gitlab
CI artifacts.
Pass the testcase log directory path into QEMUMachine to make the
logs persistent.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-10-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-10-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:35 +0000 (16:57 +0000)]
tests/functional: honour self.workdir in ACPI bits tests
The ACPI bits test sets up its own private temporary directory into it
creates scratch files. This is justified by a suggestion that we need
to be able to preserve the scratch files. We have the ability to
preserve the scratch dir with our functional harness, so there's no
reason to diverge from standard practice in file placement.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-9-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-9-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:34 +0000 (16:57 +0000)]
tests/functional: remove comments talking about avocado
The first comment is still relevant but should talk about our own test
harness instead. The second comment adds no value over reading the code
and can be removed.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-8-berrange@redhat.com> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-8-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:33 +0000 (16:57 +0000)]
tests/functional: remove obsolete reference to avocado bug
Historical bugs in avocado related to zstd support are not relevant to
the code now that it uses QEMU's native test harness.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-7-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-7-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:32 +0000 (16:57 +0000)]
tests/functional: remove leftover :avocado: tags
These tags are not honoured under the new functional test harness.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-6-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-6-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:31 +0000 (16:57 +0000)]
tests/functional: remove todo wrt avocado.utils.wait_for
We're not using avocado anymore, so while the TODO item is still
relevant, suggesting use of avocado.utils is not.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-5-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-5-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:30 +0000 (16:57 +0000)]
tests/functional: remove "AVOCADO" from env variable name
This env variable is a debugging flag to save screendumps in the
mips64el malta tests.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-4-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-4-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:29 +0000 (16:57 +0000)]
tests/functional: automatically clean up scratch files after tests
The build/tests/functional subdirectories are consuming huge amounts
of disk space.
Split the location for scratch files into a 'scratch' sub-directory,
separate from log files, and delete it upon completion of each test.
The new env variable QEMU_TEST_KEEP_SCRATCH can be set to preserve
this scratch dir for debugging access if required.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-3-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-3-alex.bennee@linaro.org>
Daniel P. Berrangé [Thu, 21 Nov 2024 16:57:28 +0000 (16:57 +0000)]
tests/functional: fix mips64el test to honour workdir
The missing directory separator resulted in the kernel file being
created 1 level higher than expected.
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20241121154218.1423005-2-berrange@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20241121165806.476008-2-alex.bennee@linaro.org>
Ilya Leoshkevich [Wed, 20 Nov 2024 21:26:44 +0000 (22:26 +0100)]
linux-user: Fix strace output for s390x mmap()
print_mmap() assumes that mmap() receives arguments via memory if
mmap2() is present. s390x (as opposed to s390) does not fit this
pattern: it does not have mmap2(), but mmap() still receives arguments
via memory.
Fix by sharing the detection logic between syscall.c and strace.c.
Cc: qemu-stable@nongnu.org Fixes: d971040c2d16 ("linux-user: Fix strace output for old_mmap") Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-ID: <20241120212717.246186-1-iii@linux.ibm.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
J. Neuschäfer [Wed, 20 Nov 2024 20:20:24 +0000 (14:20 -0600)]
linux-user: Print tid not pid with strace
This aligns with strace, and is very useful when tracing multi-threaded
programs. The result is the same in single-threaded programs.
Signed-off-by: J. Neuschäfer <j.neuschaefer@gmx.net>
Message-Id: 20241024-strace-v1-1-56c4161431cd@gmx.net
[rth: Use TaskState.ts_tid via get_task_state()] Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
scsi: fix allocation for s390x loadparm
hw/core/machine-smp: Fix error message parameter
hw/core/machine-smp: Initialize caches_bitmap before reading
hvf: remove unused but set variable
hw/i386/pc: Remove vmport value assertion
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Paolo Bonzini [Tue, 19 Nov 2024 21:31:22 +0000 (22:31 +0100)]
scsi: fix allocation for s390x loadparm
Coverity reports a possible buffer overrun due to a non-NUL-terminated
string in scsi_property_set_loadparm(). While things are not so easy,
because qdev_prop_sanitize_s390x_loadparm is designed to operate on a
buffer that is not NUL-terminated, in this case the string *does* have
to be NUL-terminated because it is read by scsi_property_get_loadparm
and s390_build_iplb.
Reviewed-by: jrossi@linux.ibm.com Cc: thuth@redhat.com Fixes: 429442e52d9 ("hw: Add "loadparm" property to scsi disk devices for booting on s390x", 2024-11-18) Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Cédric Le Goater [Mon, 18 Nov 2024 09:06:48 +0000 (10:06 +0100)]
docs: aspeed: Reorganize the "Boot options" section
Add subsubsections for possible boot methods and introduce a new
section on eMMC boot support for the ast2600-evb and rainier-emmc
machines, boot partitions assumptions and limitations.
Acked-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Jan Luebbe <jlu@pengutronix.de> Reviewed-by: Andrew Jeffery <andrew@codeconstruct.com.au> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Kamil Szczęk [Tue, 20 Aug 2024 23:11:24 +0000 (23:11 +0000)]
hw/i386/pc: Remove vmport value assertion
There is no need for this assertion here, as we only use vmport value
for equality/inequality checks. This was originally prompted by the
following Coverity report:
>>> CID 1559533: Integer handling issues (CONSTANT_EXPRESSION_RESULT)
>>> "pcms->vmport >= 0" is always true regardless of the values of
>>> its operands. This occurs as the logical first operand of "&&".
* tag 'pull-target-arm-20241119' of https://git.linaro.org/people/pmaydell/qemu-arm:
trace: Don't include trace-root.h in control.c or control-target.c
target/arm/hvf: Add trace.h header
system/dma-helpers.c: Move trace events to system/trace-events
hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() for s->isr
hw/intc/arm_gicv3: Use bitops.h uint32_t bit array functions
bitops.h: Define bit operations on 'uint32_t' arrays
arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors
arm/ptw: Make get_S1prot accept decoded AP
tests/qtest/cmsdk-apb-watchdog-test: Test INTEN as counter enable
tests/qtest/cmsdk-apb-watchdog-test: Don't abort on assertion failure
tests/qtest/cmsdk-apb-watchdog-test: Parameterize tests
hw/watchdog/cmsdk_apb_watchdog: Fix INTEN issues
hw/intc/openpic: Avoid taking address of out-of-bounds array index
hw/net/rocker/rocker_of_dpa.c: Remove superfluous error check
hw/timer/exynos4210_mct: fix possible int overflow
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 19 Nov 2024 13:02:08 +0000 (13:02 +0000)]
trace: Don't include trace-root.h in control.c or control-target.c
The trace-root.h file has the definitions of trace events for
the top-level trace-events file (i.e. for those events which are
used in source files in the root of the source tree). There's
no particular need for trace/control.c or trace/control-target.c
to include this.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108162909.4080314-4-peter.maydell@linaro.org
Peter Maydell [Tue, 19 Nov 2024 13:02:08 +0000 (13:02 +0000)]
target/arm/hvf: Add trace.h header
The documentation for trace events says that every subdirectory which
has trace events should have a trace.h header, whose only content is
an include of the trace/trace-<subdir>.h file.
When we added the trace events in target/arm/hvf/ we forgot to create
this file and instead hvf.c directly includes
trace/trace-target_arm_hvf.h.
Create the standard trace.h file to bring this into line with the
convention.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108162909.4080314-3-peter.maydell@linaro.org
Peter Maydell [Tue, 19 Nov 2024 13:02:07 +0000 (13:02 +0000)]
system/dma-helpers.c: Move trace events to system/trace-events
The dma-helpers.c file is in the system/ subdirectory, but it
defines its trace events in the root trace-events file. Move
them to the system/trace-events file where they more naturally
belong.
Fixes: 800d4deda0 ("softmmu: move more files to softmmu/") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108162909.4080314-2-peter.maydell@linaro.org
Peter Maydell [Tue, 19 Nov 2024 13:02:07 +0000 (13:02 +0000)]
hw/intc/loongarch_extioi: Use set_bit32() and clear_bit32() for s->isr
In extioi_setirq() we try to operate on a bit array stored as an
array of uint32_t using the set_bit() and clear_bit() functions
by casting the pointer to 'unsigned long *'.
This has two problems:
* the alignment of 'uint32_t' is less than that of 'unsigned long'
so we pass an insufficiently aligned pointer, which is
undefined behaviour
* on big-endian hosts the 64-bit 'unsigned long' will have
its two halves the wrong way around, and we will produce
incorrect results
The undefined behaviour is shown by the clang undefined-behaviour
sanitizer when running the loongarch64-virt functional test:
/mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/qemu/bitops.h:41:5: runtime error: store to misaligned address 0x555559745d9c for type 'unsigned long', which requires 8 byte alignment
0x555559745d9c: note: pointer points here
ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
^
#0 0x555556fb81c4 in set_bit /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/include/qemu/bitops.h:41:9
#1 0x555556fb81c4 in extioi_setirq /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/intc/loongarch_extioi.c:65:9
#2 0x555556fb6e90 in pch_pic_irq_handler /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/intc/loongarch_pch_pic.c:75:5
#3 0x555556710265 in serial_ioport_write /mnt/nvmedisk/linaro/qemu-from-laptop/qemu/build/clang/../../hw/char/serial.c
Fix these problems by using set_bit32() and clear_bit32(),
which work with bit arrays stored as an array of uint32_t.
Cc: qemu-stable@nongnu.org Fixes: cbff2db1e92f8759 ("hw/intc: Add LoongArch extioi interrupt controller(EIOINTC)") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Bibo Mao <maobibo@loongson.cn>
Message-id: 20241108135514.4006953-4-peter.maydell@linaro.org
Peter Maydell [Tue, 19 Nov 2024 13:02:07 +0000 (13:02 +0000)]
hw/intc/arm_gicv3: Use bitops.h uint32_t bit array functions
Now we have official uint32_t bit array functions in bitops.h, use
them instead of the hand-rolled local versions.
We retain gic_bmp_replace_bit() because bitops doesn't provide that
specific functionality.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108135514.4006953-3-peter.maydell@linaro.org
Peter Maydell [Tue, 19 Nov 2024 13:02:06 +0000 (13:02 +0000)]
bitops.h: Define bit operations on 'uint32_t' arrays
Currently bitops.h defines a set of operations that work on
arbitrary-length bit arrays. However (largely because they
originally came from the Linux kernel) the bit array storage is an
array of 'unsigned long'. This is OK for the kernel and even for
parts of QEMU where we don't really care about the underlying storage
format, but it is not good for devices, where we often want to expose
the storage to the guest and so need a type that is not
variably-sized between host OSes.
We already have a workaround for this in the GICv3 model:
arm_gicv3_common.h defines equivalents of the bit operations that
work on uint32_t. It turns out that we should also be using
something similar in hw/intc/loongarch_extioi.c, which currently
casts a pointer to a uint32_t array to 'unsigned long *' in
extio_setirq(), which is both undefined behaviour and not correct on
a big-endian host.
Define equivalents of the set_bit() function family which work
with a uint32_t array.
(Cc stable because we're about to provide a bugfix to
loongarch_extioi which will depend on this commit.)
Cc: qemu-stable@nongnu.org Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-id: 20241108135514.4006953-2-peter.maydell@linaro.org
Pavel Skripkin [Tue, 19 Nov 2024 13:02:06 +0000 (13:02 +0000)]
arm/ptw: Honour WXN/UWXN and SIF in short-format descriptors
Currently the handling of page protection in the short-format
descriptor is open-coded. This means that we forgot to update
it to handle some newer architectural features, including:
* handling of SCTLR.{UWXN,WXN}
* handling of SCR.SIF
Make the short-format descriptor code call the same get_S1prot()
that we already use for the LPAE descriptor format. This makes
the code simpler and means it now correctly honours the WXN/UWXN
and SIF bits.
Signed-off-by: Pavel Skripkin <paskripkin@gmail.com>
Message-id: 20241118152537.45277-1-paskripkin@gmail.com
[PMM: fixed a couple of checkpatch nits, tweaked commit message] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
The new tests have to target an MPS2 machine because the original
machine used by the test (stellaris) has a variation of the
cmsdk_apb_watchdog that locks INTEN when it is programmed to 1. The
stellaris machine also does not reproduce the problem of the counter
running out of cold reset due to the way the clocks are initialized.
Signed-off-by: Roque Arcudia Hernandez <roqueh@google.com> Reviewed-by: Stephen Longfield <slongfield@google.com>
Message-id: 20241115160328.1650269-6-roqueh@google.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
tests/qtest/cmsdk-apb-watchdog-test: Don't abort on assertion failure
Currently the watchdog test has a behavior in which the first test
assertion that fails will make the test abort making it impossible to
see the result of other tests:
Currently the CMSDK APB watchdog tests target an specialized version
of the device (luminaris using the lm3s811evb machine) that prevents
the development of tests for the more generic device documented in:
This patch allows the execution of the watchdog tests in an MPS2
machine (when applicable) which uses the generic version of the CMSDK
APB watchdog.
Finally the rules for compiling the test have to change because it is
possible not to have CONFIG_STELLARIS (required for the lm3s811evb
machine) while still having CONFIG_CMSDK_APB_WATCHDOG and the test
will fail. Due to the addition of the MPS2 machine CONFIG_MPS2
becomes also a dependency for the test compilation.
Signed-off-by: Roque Arcudia Hernandez <roqueh@google.com> Reviewed-by: Stephen Longfield <slongfield@google.com>
Message-id: 20241115160328.1650269-4-roqueh@google.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Current watchdog is free running out of reset, this combined with the
fact that current implementation also ensures the counter is running
when programing WDOGLOAD creates issues when the firmware defer the
programing of WDOGCONTROL.INTEN much later after WDOGLOAD. Arm
Programmer's Model documentation states that INTEN is also the
counter enable:
> INTEN
>
> Enable the interrupt event, WDOGINT. Set HIGH to enable the counter
> and the interrupt, or LOW to disable the counter and interrupt.
> Reloads the counter from the value in WDOGLOAD when the interrupt
> is enabled, after previously being disabled.
Peter Maydell [Tue, 19 Nov 2024 13:02:05 +0000 (13:02 +0000)]
hw/intc/openpic: Avoid taking address of out-of-bounds array index
The clang sanitizer complains about the code in the EOI handling
of openpic_cpu_write_internal():
UBSAN_OPTIONS=halt_on_error=1:abort_on_error=1 ./build/clang/qemu-system-ppc -M mac99,graphics=off -display none -kernel day15/invaders.elf
../../hw/intc/openpic.c:1034:16: runtime error: index -1 out of bounds for type 'IRQSource[264]' (aka 'struct IRQSource[264]')
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../hw/intc/openpic.c:1034:16 in
This is because we do
src = &opp->src[n_IRQ];
when n_IRQ may be -1. This is in practice harmless because if n_IRQ
is -1 then we don't do anything with the src pointer, but it is
undefined behaviour. (This has been present since this device
was first added to QEMU.)
Rearrange the code so we only do the array index when n_IRQ is not -1.
Cc: qemu-stable@nongnu.org Fixes: e9df014c0b ("Implement embedded IRQ controller for PowerPC 6xx/740 & 75") Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-id: 20241105180205.3074071-1-peter.maydell@linaro.org
of_dpa_cmd_add_acl_ip() is called from a single place, and despite the
fact that it always returns ROCKER_OK, its return value is still checked
by the caller.
Change of_dpa_cmd_add_acl_ip() to return void and remove the superfluous
check from of_dpa_cmd_add_acl().
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2471 Signed-off-by: Rodrigo Dias Correa <r@drigo.nl> Reviewed-by: Ján Tomko <jtomko@redhat.com>
Message-id: 20241114075051.404284-1-r@drigo.nl Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Tue, 19 Nov 2024 10:35:43 +0000 (10:35 +0000)]
Merge tag 'pull-9.2-rc-updates-181124-1' of https://gitlab.com/stsquad/qemu into staging
Misc fixes for 9.2
- fix remaining gdbstub test cases to exit cleanly
- update MAINTAINERS with qemu-rust mailing list details
- re-factor virtio-gpu and fix coverity warnings
* tag 'pull-9.2-rc-updates-181124-1' of https://gitlab.com/stsquad/qemu:
hw/display: check frame buffer can hold blob
hw/display: factor out the scanout blob to fb conversion
MAINTAINERS: CC rust/ patches to qemu-rust list
tests/tcg: Stop using exit() in the gdbstub testcases
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 18 Nov 2024 20:23:59 +0000 (20:23 +0000)]
Merge tag 'pull-request-2024-11-18' of https://gitlab.com/thuth/qemu into staging
* Fixes & doc updates for the new "boot order" s390x bios feature
* Provide a "loadparm" property for scsi-hd & scsi-cd devices on s390x
(required for the "boot order" feature)
* Fix the floating-point multiply-and-add NaN rules on s390x
* Raise timeout on cross-accel build jobs to 60m
* tag 'pull-request-2024-11-18' of https://gitlab.com/thuth/qemu:
.gitlab-ci.d: Raise timeout on cross-accel build jobs to 60m
pc-bios: Update the s390 bios images with the recent fixes
pc-bios/s390-ccw: Re-initialize receive queue index before each boot attempt
pc-bios/s390x: Initialize machine loadparm before probing IPL devices
pc-bios/s390x: Initialize cdrom type to false for each IPL device
hw: Add "loadparm" property to scsi disk devices for booting on s390x
hw/s390x: Restrict "loadparm" property to devices that can be used for booting
docs/system/bootindex: Make it clear that s390x can also boot from virtio-net
docs/system/s390x/bootdevices: Update loadparm documentation
tests/tcg/s390x: Add the floating-point multiply-and-add test
target/s390x: Fix the floating-point multiply-and-add NaN rules
hw/usb: Use __attribute__((packed)) vs __packed
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Mon, 18 Nov 2024 15:32:26 +0000 (15:32 +0000)]
.gitlab-ci.d: Raise timeout on cross-accel build jobs to 60m
The current 30 minute timeout on the cross_accel_build_job template
is a bit low: sometimes if the k8s runners are running slow the
can hit it, for example this cross-arm64-xen-only job hit the
30 minute timeout while still not quite finished with the compile:
https://gitlab.com/qemu-project/qemu/-/jobs/8401277985
This is partly a "runner performance can be unpredictable" issue:
https://gitlab.com/qemu-project/qemu/-/jobs/8391726482
is the same job from just a day earlier and it finished in
16 minutes. But we already have build jobs that are higher
timeouts than 30 minutes, so we have headroom to raise the
timeout here to something we're less likely to hit on a slow
runner.
Bump the cross_accel_build_job timeout to 60 mins.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20241118153226.1524542-1-peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Mon, 11 Nov 2024 13:11:20 +0000 (14:11 +0100)]
pc-bios/s390-ccw: Re-initialize receive queue index before each boot attempt
Now that we can boot from multiple boot devices, we have to make sure
to reinitialize static variables like rx_last_idx to avoid that they
contain garbage data during the second boot attempt (which can lead to
crashes when the code tries to access the wrong ring data).
Message-ID: <20241111131120.317796-1-thuth@redhat.com> Reviewed-by: Jared Rossi <jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Thu, 14 Nov 2024 16:19:52 +0000 (11:19 -0500)]
pc-bios/s390x: Initialize machine loadparm before probing IPL devices
Commit bb185de423 ("s390x: Add individual loadparm assignment to
CCW device") allowed boot devices to be assigned a loadparm value independent
of the machine value, however, when no boot devices are defined, the machine
loadparm becomes ignored. Therefore, let's check the machine loadparm
prior to probing the devices.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241114161952.3508554-1-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Jared Rossi [Fri, 8 Nov 2024 19:41:36 +0000 (14:41 -0500)]
pc-bios/s390x: Initialize cdrom type to false for each IPL device
Clear information about cdrom type so that current IPL device isn't tainted
by stale data from previous devices.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241108194136.2833932-1-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Thomas Huth [Fri, 15 Nov 2024 14:12:02 +0000 (15:12 +0100)]
hw: Add "loadparm" property to scsi disk devices for booting on s390x
While adding the new flexible boot order feature on s390x recently,
we missed to add the "loadparm" property to the scsi-hd and scsi-cd
devices. This property is required on s390x to pass the information
to the boot loader about which kernel should be started or whether
the boot menu should be shown. But even more serious: The missing
property is now causing trouble with the corresponding libvirt patches
that assume that the "loadparm" property is either settable for all
bootable devices (when the "boot order" feature is implemented in
QEMU), or none (meaning the behaviour of older QEMUs that only allowed
one "loadparm" at the machine level). To fix this broken situation,
let's implement the "loadparm" property in for the SCSI devices, too.
Message-ID: <20241115141202.1877294-1-thuth@redhat.com> Acked-by: Eric Farman <farman@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Alex Bennée [Mon, 11 Nov 2024 23:00:40 +0000 (23:00 +0000)]
hw/display: check frame buffer can hold blob
Coverity reports (CID 1564769, 1564770) that we potentially overflow
by doing some 32x32 multiplies for something that ends up in a 64 bit
value. Fix this by first using stride for all lines and casting input
to uint64_t to ensure a 64 bit multiply is used.
Alex Bennée [Mon, 11 Nov 2024 23:00:39 +0000 (23:00 +0000)]
hw/display: factor out the scanout blob to fb conversion
There are two identical sequences of a code doing the same thing that
raise warnings with Coverity. Before fixing those issues lets factor
out the common code into a helper function we can share.
Manos Pitsidianakis [Sat, 9 Nov 2024 19:29:36 +0000 (21:29 +0200)]
MAINTAINERS: CC rust/ patches to qemu-rust list
As of Nov 2024 [1], we have a new topical mailing list for Rust
related patches. Add a new MAINTAINERS entry to touch all files under
rust/ subdirectory and additionally add it to previous rust related
entries.
Use the GDB's own exit command, like it's already done in a couple
places, everywhere. This is the same fix as commit 93a3048dcf45
("tests: Gently exit from GDB when tests complete"), but applied to
more places.
Acked-by: Gustavo Romero <gustavo.romero@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20241022113939.19989-1-iii@linux.ibm.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Eric Blake [Fri, 15 Nov 2024 19:55:53 +0000 (13:55 -0600)]
nbd-server: Silence server warnings on port probes
While testing the use of qemu-nbd in a Pod of a Kubernetes cluster, I
got LOTS of log messages of the forms:
qemu-nbd: option negotiation failed: Failed to read flags: Unexpected end-of-file before all data were read
qemu-nbd: option negotiation failed: Failed to read flags: Unable to read from socket: Connection reset by peer
While it is nice to warn about clients that aren't following protocol
(in case it helps diagnosing bugs in those clients), a mere port probe
(where the client never write()s any bytes, and where we might even
hit EPIPE in trying to send our greeting to the client) is NOT
abnormal, but merely serves to pollute the log. And Kubernetes
_really_ likes to do port probes to determine whether a given Pod is
up and running.
Easy ways to demonstrate the above port probes:
$ qemu-nbd -r -f raw path/to/file &
$ nc localhost 10809 </dev/null
$ bash -c 'exec </dev/tcp/localhost/10809'
$ kill $!
Silence the noise by not capturing errors until after our first
successful read() from a client.
Signed-off-by: Eric Blake <eblake@redhat.com>
Message-ID: <20241115195638.1132007-2-eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru>
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu:
configure: Use -ef to compare paths
target/i386: hyperv: add stub for hyperv_syndbg_query_options
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* tag 'hw-misc-20241118' of https://github.com/philmd/qemu:
hw/watchdog/cmsdk_apb_watchdog: Fix broken link
net: mark struct ip_header as QEMU_PACKED
hw/net/virtio-net.c: Don't assume IP length field is aligned
hw/audio/hda: fix memory leak on audio setup
Revert "hw/audio/hda: fix memory leak on audio setup"
hw/misc/mos6522: Fix bad class definition of the MOS6522 device
hw/sd/sdhci: Fix coding style
tests/qtest/migration: Fix indentations
usb-hub: Fix handling port power control messages
MAINTAINERS: Update my email address for COLO
hw/display: check frame buffer can hold blob
hw/display: factor out the scanout blob to fb conversion
hw/i386/elfboot: allocate "header" in heap
hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT()
vl: fix qemu_validate_options() indention
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 14 Nov 2024 14:16:19 +0000 (14:16 +0000)]
net: mark struct ip_header as QEMU_PACKED
The ip_header is not actually guaranteed to be aligned. We attempt to
deal with this in some places such as net_checksum_calculate() by
using stw_be_p and so on to access the fields, but this is not
sufficient to be correct, because even accessing a byte member
within an unaligned struct is undefined behaviour. The clang
sanitizer will emit warnings like these if net_checksum_calculate()
is called:
Stopping network: ../../net/checksum.c:106:9: runtime error: member access within misaligned address 0x556aad9b502e for type 'struct ip_header', which requires 4 byte alignment
0x556aad9b502e: note: pointer points here
34 56 08 00 45 00 01 48 a5 09 40 00 40 11 7c 8b 0a 00 02 0f 0a 00 02 02 00 44 00 43 01 34 19 56
^
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../../net/checksum.c:106:9 in
../../net/checksum.c:106:9: runtime error: load of misaligned address 0x556aad9b502e for type 'uint8_t' (aka 'unsigned char'), which requires 4 byte alignment
0x556aad9b502e: note: pointer points here
34 56 08 00 45 00 01 48 a5 09 40 00 40 11 7c 8b 0a 00 02 0f 0a 00 02 02 00 44 00 43 01 34 19 56
^
Fix this by marking the ip_header struct as QEMU_PACKED, so that
the compiler knows that it might be unaligned and will generate
the right code for accessing fields.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241114141619.806652-3-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Thu, 14 Nov 2024 14:16:18 +0000 (14:16 +0000)]
hw/net/virtio-net.c: Don't assume IP length field is aligned
In virtio-net.c we assume that the IP length field in the packet is
aligned, and we copy its address into a uint16_t* in the
VirtioNetRscUnit struct which we then dereference later. This isn't
a safe assumption; it will also result in compilation failures if we
mark the ip_header struct as QEMU_PACKED because the compiler will
not let you take the address of an unaligned struct field.
Make the ip_plen field in VirtioNetRscUnit a void*, and make all the
places where we read or write through that pointer instead use some
new accessor functions read_unit_ip_len() and write_unit_ip_len()
which account for the pointer being potentially unaligned and also do
the network-byte-order conversion we were previously using htons() to
perform.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241114141619.806652-2-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Paolo Bonzini [Thu, 14 Nov 2024 12:53:18 +0000 (13:53 +0100)]
hw/audio/hda: fix memory leak on audio setup
When SET_STREAM_FORMAT is called, the st->buft timer is overwritten, thus
causing a memory leak. This was originally fixed in commit 816139ae6a5
("hw/audio/hda: fix memory leak on audio setup", 2024-11-14) but that
caused the audio to break in SPICE.
Fortunately, a simpler fix is possible. The timer only needs to be
reset, because the callback is always the same (st->output is set at
realize time in hda_audio_init); call to timer_new_ns overkill. Replace
it with timer_del and only initialize the timer once; for simplicity,
do it even if use_timer is false.
An even simpler fix would be to free the old time in hda_audio_setup().
However, it seems better to place the initialization of the timer close
to that of st->ouput.
Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20241114125318.1707590-3-pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Paolo Bonzini [Thu, 14 Nov 2024 12:53:17 +0000 (13:53 +0100)]
Revert "hw/audio/hda: fix memory leak on audio setup"
This reverts commit 6d03242a7e47815ed56687ecd13f683d8da3f2fe,
which causes SPICE audio to break. While arguably this is a SPICE bug,
it is possible to fix the leak in a less heavy-handed way.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2639 Cc: qemu-stable@nongnu.org Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Message-ID: <20241114125318.1707590-2-pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Thomas Huth [Thu, 14 Nov 2024 10:46:53 +0000 (11:46 +0100)]
hw/misc/mos6522: Fix bad class definition of the MOS6522 device
When compiling QEMU with --enable-cfi, the "q800" m68k machine
currently crashes very early, when the q800_machine_init() function
tries to wire the interrupts of the "via1" device.
This happens because TYPE_MOS6522_Q800_VIA1 is supposed to be a
proper SysBus device, but its parent (TYPE_MOS6522) has a mistake
in its class definition where it is only derived from DeviceClass,
and not from SysBusDeviceClass, so we end up in funny memory access
issues here. Using the right class hierarchy for the MOS6522 device
fixes the problem.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2675 Signed-off-by: Thomas Huth <thuth@redhat.com> Fixes: 51f233ec92 ("misc: introduce new mos6522 VIA device") Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-ID: <20241114104653.963812-1-thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Jamin Lin [Thu, 14 Nov 2024 09:48:37 +0000 (17:48 +0800)]
hw/sd/sdhci: Fix coding style
Fix coding style issues from checkpatch.pl
Signed-off-by: Jamin Lin <jamin_lin@aspeedtech.com> Reviewed-by: Cédric Le Goater <clg@redhat.com>
Message-ID: <20241114094839.4128404-2-jamin_lin@aspeedtech.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Akihiko Odaki [Mon, 11 Nov 2024 07:19:41 +0000 (16:19 +0900)]
configure: Use -ef to compare paths
configure checks if it is executed in the source directory by comparing
the literal paths, but there may be multiple representations of a
directory due to symbolic links. Use the -ef operator to tell if they
point to the same directory.
Paolo Bonzini [Thu, 14 Nov 2024 12:13:51 +0000 (13:13 +0100)]
target/i386: hyperv: add stub for hyperv_syndbg_query_options
Building without CONFIG_HYPERV is currently broken due to a missing
symbol 'hyperv_syndbg_query_options'. Add it to the stubs
that exist for that very reasons.
Reported-by: Michael Tokarev <mjt@tls.msk.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Fabiano Rosas [Wed, 13 Nov 2024 19:46:09 +0000 (16:46 -0300)]
tests/qtest/migration: Fix indentations
Select all the code and hit tab. I'll be moving functions around quite
a lot in the next patches, so make sure all indentation is correct
now.
Add parentheses around some expressions to preserve readability.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Fabiano Rosas <farosas@suse.de>
Message-ID: <20241113194630.3385-2-farosas@suse.de> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Guenter Roeck [Tue, 12 Nov 2024 17:01:52 +0000 (09:01 -0800)]
usb-hub: Fix handling port power control messages
The ClearPortFeature control message fails for PORT_POWER because there
is no break; at the end of the case statement, causing it to fall through
to the failure handler. Add the missing break; to solve the problem.
Fixes: 1cc403eb21 ("usb-hub: emulate per port power switching") Signed-off-by: Guenter Roeck <linux@roeck-us.net> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241112170152.217664-11-linux@roeck-us.net> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Alex Bennée [Mon, 11 Nov 2024 23:00:40 +0000 (23:00 +0000)]
hw/display: check frame buffer can hold blob
Coverity reports (CID 1564769, 1564770) that we potentially overflow
by doing some 32x32 multiplies for something that ends up in a 64 bit
value. Fix this by first using stride for all lines and casting input
to uint64_t to ensure a 64 bit multiply is used.
Alex Bennée [Mon, 11 Nov 2024 23:00:39 +0000 (23:00 +0000)]
hw/display: factor out the scanout blob to fb conversion
There are two identical sequences of a code doing the same thing that
raise warnings with Coverity. Before fixing those issues lets factor
out the common code into a helper function we can share.
Sergio Lopez [Sat, 9 Nov 2024 05:37:48 +0000 (06:37 +0100)]
hw/i386/elfboot: allocate "header" in heap
In x86_load_linux(), we were using a stack-allocated array as data for
fw_cfg_add_bytes(). Since the latter just takes a reference to the
pointer instead of copying the data, it can happen that the contents
have been overridden by the time the guest attempts to access them.
Instead of using the stack-allocated array, allocate some memory from
the heap, copy the contents of the array, and use it for fw_cfg.
Signed-off-by: Sergio Lopez <slp@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241109053748.13183-1-slp@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Peter Maydell [Fri, 8 Nov 2024 13:56:44 +0000 (13:56 +0000)]
hw/misc/nrf51_rng: Don't use BIT_MASK() when we mean BIT()
The BIT_MASK() macro from bitops.h provides the mask of a bit
within a particular word of a multi-word bit array; it is intended
to be used with its counterpart BIT_WORD() that gives the index
of the word in the array.
In nrf51_rng we are using it for cases where we have a bit number
that we know is the index of a bit within a single word (in fact, it
happens that all the bit numbers we pass to it are zero). This
happens to give the right answer, but the macro that actually
does the job we want here is BIT().
Use BIT() instead of BIT_MASK().
Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org>
Message-ID: <20241108135644.4007151-1-peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org>
* tag 'pull-vfio-20241118' of https://github.com/legoater/qemu:
vfio/container: Fix container object destruction
vfio/igd: fix calculation of graphics stolen memory
vfio/igd: add pci id for Coffee Lake
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Thomas Huth [Wed, 13 Nov 2024 11:47:41 +0000 (12:47 +0100)]
hw/s390x: Restrict "loadparm" property to devices that can be used for booting
Commit bb185de423 ("s390x: Add individual loadparm assignment to
CCW device") added a "loadparm" property to all CCW devices. This
was a little bit unfortunate, since this property is only useful
for devices that can be used for booting, but certainly it is not
useful for devices like virtio-gpu or virtio-tablet.
Thus let's restrict the property to CCW devices that we can boot from
(i.e. virtio-block, virtio-net and vfio-ccw devices).
Message-ID: <20241113114741.681096-1-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Jared Rossi <jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Update documentation to include per-device loadparm support.
Signed-off-by: Jared Rossi <jrossi@linux.ibm.com> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20241115002742.3576842-1-jrossi@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
Cédric Le Goater [Fri, 15 Nov 2024 08:34:40 +0000 (09:34 +0100)]
vfio/container: Fix container object destruction
When commit 96b7af4388b3 intoduced a .instance_finalize() handler,
it did not take into account that the container was not necessarily
inserted into the container list of the address space. Hence, if
the container object is destroyed, by calling object_unref() for
example, before vfio_address_space_insert() is called, QEMU may
crash when removing the container from the list as done in
vfio_container_instance_finalize(). This was seen with an SEV-SNP
guest for which discarding of RAM fails.
To resolve this issue, use the safe version of QLIST_REMOVE().
Cc: Zhenzhong Duan <zhenzhong.duan@intel.com> Cc: Eric Auger <eric.auger@redhat.com> Fixes: 96b7af4388b3 ("vfio/container: Move vfio_container_destroy() to an instance_finalize() handler") Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Signed-off-by: Cédric Le Goater <clg@redhat.com>
Corvin Köhne [Fri, 8 Nov 2024 12:49:04 +0000 (13:49 +0100)]
vfio/igd: fix calculation of graphics stolen memory
When copying the calculation of the stolen memory size for Intels integrated
graphics device of gen 9 and later from the Linux kernel [1], we missed
subtracting 0xf0 from the graphics mode select value for values above 0xf0.
This leads to QEMU reporting a very large size of the graphics stolen memory
area. That's just a waste of memory. Additionally the guest firmware might be
unable to allocate such a large buffer.
Peter Maydell [Sat, 16 Nov 2024 18:16:46 +0000 (18:16 +0000)]
Merge tag 'pull-tcg-20241116' of https://gitlab.com/rth7680/qemu into staging
cpu: ensure we don't call start_exclusive from cpu_exec
tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc()
accel/tcg: Fix user-only probe_access_internal plugin check
linux-user: Fix setreuid and setregid to use direct syscalls
linux-user: Tolerate CONFIG_LSM_MMAP_MIN_ADDR
linux-user: Honor elf alignment when placing images
linux-user/*: Reduce vdso alignment to 4k
linux-user/arm: Select vdso for be8 and be32 modes
* tag 'pull-tcg-20241116' of https://gitlab.com/rth7680/qemu:
tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc()
linux-user/arm: Select vdso for be8 and be32 modes
linux-user/ppc: Reduce vdso alignment to 4k
linux-user/loongarch64: Reduce vdso alignment to 4k
linux-user/arm: Reduce vdso alignment to 4k
linux-user/aarch64: Reduce vdso alignment to 4k
linux-user: Drop image_info.alignment
linux-user: Honor elf alignment when placing images
cpu: ensure we don't call start_exclusive from cpu_exec
target/i386: fix hang when using slow path for ptw_setl
tests/tcg: Test that sigreturn() does not corrupt the signal mask
linux-user: Tolerate CONFIG_LSM_MMAP_MIN_ADDR
accel/tcg: Fix user-only probe_access_internal plugin check
target/arm: Drop user-only special case in sve_stN_r
linux-user: Fix setreuid and setregid to use direct syscalls
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Fri, 15 Nov 2024 17:25:15 +0000 (17:25 +0000)]
tcg: Allow top bit of SIMD_DATA_BITS to be set in simd_desc()
In simd_desc() we create a SIMD descriptor from various pieces
including an arbitrary data value from the caller. We try to
sanitize these to make sure everything will fit: the 'data' value
needs to fit in the SIMD_DATA_BITS (== 22) sized field. However we
do that sanitizing with:
tcg_debug_assert(data == sextract32(data, 0, SIMD_DATA_BITS));
This works for the case where the data is supposed to be considered
as a signed integer (which can then be returned via simd_data()).
However, some callers want to treat the data value as unsigned.
Specifically, for the Arm SVE operations, make_svemte_desc()
assembles a data value as a collection of fields, and it needs to use
all 22 bits. Currently if MTE is enabled then its MTEDESC SIZEM1
field may have the most significant bit set, and then it will trip
this assertion.
Loosen the assertion so that we only check that the data value will
fit into the field in some way, either as a signed or as an unsigned
value. This means we will fail to detect some kinds of bug in the
callers, but we won't spuriously assert for intentional use of the
data field as unsigned.
Cc: qemu-stable@nongnu.org Fixes: db432672dc50e ("tcg: Add generic vector expanders")
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2601 Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-ID: <20241115172515.1229393-1-peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Richard Henderson [Wed, 13 Nov 2024 16:59:54 +0000 (08:59 -0800)]
linux-user/arm: Select vdso for be8 and be32 modes
In be8 mode, instructions are little-endian.
In be32 mode, instructions are big-endian.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2333 Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Pierrick Bouvier [Fri, 25 Oct 2024 17:58:56 +0000 (10:58 -0700)]
target/i386: fix hang when using slow path for ptw_setl
When instrumenting memory accesses for plugin, we force memory accesses
to use the slow path for mmu [1]. This create a situation where we end
up calling ptw_setl_slow. This was fixed recently in [2] but the issue
still could appear out of plugins use case.
Since this function gets called during a cpu_exec, start_exclusive then
hangs. This exclusive section was introduced initially for security
reasons [3].
I suspect this code path was never triggered, because ptw_setl_slow
would always be called transitively from cpu_exec, resulting in a hang.
Ilya Leoshkevich [Wed, 23 Oct 2024 00:24:31 +0000 (02:24 +0200)]
linux-user: Tolerate CONFIG_LSM_MMAP_MIN_ADDR
Running qemu-i386 on a system running with SELinux in enforcing mode
(more precisely: s390x trixie container on Fedora 40) fails with:
qemu-i386: tests/tcg/i386-linux-user/sigreturn-sigmask: Unable to find a guest_base to satisfy all guest address mapping requirements 00000000-ffffffff
The reason is that main() determines mmap_min_addr from
/proc/sys/vm/mmap_min_addr, but SELinux additionally defines
CONFIG_LSM_MMAP_MIN_ADDR, which is normally larger: 32K or 64K, but,
in general, can be anything. There is no portable way to query its
value: /boot/config, /proc/config and /proc/config.gz are distro- and
environment-specific.
Once the identity map fails, the magnitude of guest_base does not
matter, so fix by starting the search from 1M or 1G.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2598 Suggested-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-ID: <20241023002558.34589-1-iii@linux.ibm.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
The acc_flag check for write should have been against PAGE_WRITE_ORG,
not PAGE_WRITE. But it is better to combine two acc_flag checks
to a single check against access_type. This matches the system code
in cputlb.c.
Cc: qemu-stable@nongnu.org
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2647 Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: 20241111145002.144995-1-richard.henderson@linaro.org Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
projects / users / dwmw2 / qemu.git / log