diff options
| author | Richard Henderson <richard.henderson@linaro.org> | 2023-08-02 06:51:29 -0700 |
|---|---|---|
| committer | Richard Henderson <richard.henderson@linaro.org> | 2023-08-02 06:51:29 -0700 |
| commit | 081619e677f148ad91897a37f94894959729bbd4 (patch) | |
| tree | 999cbee314b12e741d15478a0669d3a970bb645e | |
| parent | a51c07053878719501eb6cb34729c706a4c1112a (diff) | |
| parent | 8caaae7319a5f7ca449900c0e6bfcaed78fa3ae2 (diff) | |
Merge tag 'misc-fixes-20230801' of https://github.com/philmd/qemu into staging
Misc patches queue
xen: Fix issues reported by fuzzer / Coverity
misc: Fix some typos in documentation and comments
ui/dbus: Build fixes for Clang/win32/!opengl
linux-user: Semihosting fixes on m68k/nios2
tests/migration: Disable stack protector when linking without stdlib
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE+qvnXhKRciHc/Wuy4+MsLN6twN4FAmTJfrQACgkQ4+MsLN6t
# wN4Nqw/+NjoW2jdy9LNAgx7IeH2w+HfvvULpBOTDRRNahuXbGpzl6L57cS92r5a8
# UFJGfxbL2nlxrJbUdAWGONIweCvUb9jnpbT2id1dBp4wp+8aKFvPj1Al34OENNVS
# 1lQT0G6mKx9itcXP9lVSBPhEbWIB9ZMaDG0R872bA6Ec3G7PWny+AOhMvJecieol
# 2Qyv84ioA3N0xkYUB64KBVDmJOG0Tx+LYZfsXUybLKwfvBDLeVkHuHKtb94kh0G9
# MUsM/p9sHvfrC1bO+DQ9P1bzRI9zw2I2f4xMIs4QCMGPbJUrhv7edOc2PSO5XQoG
# izcV9NSL0tl6LbXZvkE7sJw0tDuR6R9sQ9KJWoltJCGRGOWlC5CeSTUfLbH9HkFc
# CXapKWth6cmOboGZNTlidn41oH7xE/kW6Em1XAD0M0eLUCUMzVjaSs1sIwKnbF7i
# sz7HcgAAuAVhmR0n4zOkphJkek72J7atLNpqU0AdYH46LR92zSdh6YoD5YDBPwY8
# hoy7VFauSkF8+5Wi7CTTjtq+edkuFRcuNMCR0Fd2iolE8KKYvxHnwEGH/5T4s2m7
# 8f40AEyQRk0nFn44tqeyb14O8c2lZL3jmDEh+LYT/PPp/rCc/X7Ugplpau+bNZsx
# OOZd0AxujbrK+Xn80Agc+3/vn4/2eAvz7OdGc/SmKuYLyseBQfo=
# =5ZLa
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 01 Aug 2023 02:52:52 PM PDT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full]
* tag 'misc-fixes-20230801' of https://github.com/philmd/qemu:
target/m68k: Fix semihost lseek offset computation
target/nios2: Fix semihost lseek offset computation
target/nios2: Pass semihosting arg to exit
tests/migration: Add -fno-stack-protector
misc: Fix some typos in documentation and comments
ui/dbus: fix clang compilation issue
ui/dbus: fix win32 compilation when !opengl
hw/xen: prevent guest from binding loopback event channel to itself
i386/xen: consistent locking around Xen singleshot timers
hw/xen: fix off-by-one in xen_evtchn_set_gsi()
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
| -rw-r--r-- | docs/about/deprecated.rst | 2 | ||||
| -rw-r--r-- | docs/devel/qom.rst | 2 | ||||
| -rw-r--r-- | docs/system/devices/nvme.rst | 2 | ||||
| -rw-r--r-- | hw/core/loader.c | 4 | ||||
| -rw-r--r-- | hw/i386/kvm/xen_evtchn.c | 15 | ||||
| -rw-r--r-- | include/exec/memory.h | 2 | ||||
| -rw-r--r-- | target/i386/kvm/xen-emu.c | 37 | ||||
| -rw-r--r-- | target/m68k/m68k-semi.c | 2 | ||||
| -rw-r--r-- | target/nios2/nios2-semi.c | 6 | ||||
| -rw-r--r-- | tests/migration/s390x/Makefile | 4 | ||||
| -rw-r--r-- | ui/dbus-listener.c | 7 | ||||
| -rw-r--r-- | ui/vnc-enc-tight.c | 2 |
12 files changed, 56 insertions, 29 deletions
diff --git a/docs/about/deprecated.rst b/docs/about/deprecated.rst index 1c35f55666..92a2bafd2b 100644 --- a/docs/about/deprecated.rst +++ b/docs/about/deprecated.rst @@ -369,7 +369,7 @@ mapping permissions et al by using its 'mapped' security model option. Nowadays it would make sense to reimplement the ``proxy`` backend by using QEMU's ``vhost`` feature, which would eliminate the high latency costs under which the 9p ``proxy`` backend currently suffers. However as of to date nobody -has indicated plans for such kind of reimplemention unfortunately. +has indicated plans for such kind of reimplementation unfortunately. Block device options diff --git a/docs/devel/qom.rst b/docs/devel/qom.rst index 0b506426d7..9918fac7f2 100644 --- a/docs/devel/qom.rst +++ b/docs/devel/qom.rst @@ -30,7 +30,7 @@ user configuration. Creating a QOM class ==================== -A simple minimal device implementation may look something like bellow: +A simple minimal device implementation may look something like below: .. code-block:: c :caption: Creating a minimal type diff --git a/docs/system/devices/nvme.rst b/docs/system/devices/nvme.rst index a8bb8d729c..2a3af268f7 100644 --- a/docs/system/devices/nvme.rst +++ b/docs/system/devices/nvme.rst @@ -232,7 +232,7 @@ parameters: Set the number of Reclaim Groups. ``fdp.nruh`` (default: ``0``) - Set the number of Reclaim Unit Handles. This is a mandatory paramater and + Set the number of Reclaim Unit Handles. This is a mandatory parameter and must be non-zero. ``fdp.runs`` (default: ``96M``) diff --git a/hw/core/loader.c b/hw/core/loader.c index 8b7fd9e9e5..4dd5a71fb7 100644 --- a/hw/core/loader.c +++ b/hw/core/loader.c @@ -863,7 +863,7 @@ ssize_t load_image_gzipped(const char *filename, hwaddr addr, uint64_t max_sz) /* * The Linux header magic number for a EFI PE/COFF - * image targetting an unspecified architecture. + * image targeting an unspecified architecture. */ #define EFI_PE_LINUX_MAGIC "\xcd\x23\x82\x81" @@ -1492,7 +1492,7 @@ RomGap rom_find_largest_gap_between(hwaddr base, size_t size) if (rom->mr || rom->fw_file) { continue; } - /* ignore anything finishing bellow base */ + /* ignore anything finishing below base */ if (rom->addr + rom->romsize <= base) { continue; } diff --git a/hw/i386/kvm/xen_evtchn.c b/hw/i386/kvm/xen_evtchn.c index 3d810dbd59..a731738411 100644 --- a/hw/i386/kvm/xen_evtchn.c +++ b/hw/i386/kvm/xen_evtchn.c @@ -1408,8 +1408,15 @@ int xen_evtchn_bind_interdomain_op(struct evtchn_bind_interdomain *interdomain) XenEvtchnPort *rp = &s->port_table[interdomain->remote_port]; XenEvtchnPort *lp = &s->port_table[interdomain->local_port]; - if (rp->type == EVTCHNSTAT_unbound && rp->type_val == 0) { - /* It's a match! */ + /* + * The 'remote' port for loopback must be an unbound port allocated for + * communication with the local domain (as indicated by rp->type_val + * being zero, not PORT_INFO_TYPEVAL_REMOTE_QEMU), and must *not* be + * the port that was just allocated for the local end. + */ + if (interdomain->local_port != interdomain->remote_port && + rp->type == EVTCHNSTAT_unbound && rp->type_val == 0) { + rp->type = EVTCHNSTAT_interdomain; rp->type_val = interdomain->local_port; @@ -1587,7 +1594,7 @@ static int allocate_pirq(XenEvtchnState *s, int type, int gsi) found: pirq_inuse_word(s, pirq) |= pirq_inuse_bit(pirq); if (gsi >= 0) { - assert(gsi <= IOAPIC_NUM_PINS); + assert(gsi < IOAPIC_NUM_PINS); s->gsi_pirq[gsi] = pirq; } s->pirq[pirq].gsi = gsi; @@ -1601,7 +1608,7 @@ bool xen_evtchn_set_gsi(int gsi, int level) assert(qemu_mutex_iothread_locked()); - if (!s || gsi < 0 || gsi > IOAPIC_NUM_PINS) { + if (!s || gsi < 0 || gsi >= IOAPIC_NUM_PINS) { return false; } diff --git a/include/exec/memory.h b/include/exec/memory.h index 7f5c11a0cc..68284428f8 100644 --- a/include/exec/memory.h +++ b/include/exec/memory.h @@ -942,7 +942,7 @@ struct MemoryListener { * * @listener: The #MemoryListener. * @last_stage: The last stage to synchronize the log during migration. - * The caller should gurantee that the synchronization with true for + * The caller should guarantee that the synchronization with true for * @last_stage is triggered for once after all VCPUs have been stopped. */ void (*log_sync_global)(MemoryListener *listener, bool last_stage); diff --git a/target/i386/kvm/xen-emu.c b/target/i386/kvm/xen-emu.c index d7c7eb8d9c..a8146115f0 100644 --- a/target/i386/kvm/xen-emu.c +++ b/target/i386/kvm/xen-emu.c @@ -43,6 +43,7 @@ static void xen_vcpu_singleshot_timer_event(void *opaque); static void xen_vcpu_periodic_timer_event(void *opaque); +static int vcpuop_stop_singleshot_timer(CPUState *cs); #ifdef TARGET_X86_64 #define hypercall_compat32(longmode) (!(longmode)) @@ -466,6 +467,7 @@ void kvm_xen_inject_vcpu_callback_vector(uint32_t vcpu_id, int type) } } +/* Must always be called with xen_timers_lock held */ static int kvm_xen_set_vcpu_timer(CPUState *cs) { X86CPU *cpu = X86_CPU(cs); @@ -483,6 +485,7 @@ static int kvm_xen_set_vcpu_timer(CPUState *cs) static void do_set_vcpu_timer_virq(CPUState *cs, run_on_cpu_data data) { + QEMU_LOCK_GUARD(&X86_CPU(cs)->env.xen_timers_lock); kvm_xen_set_vcpu_timer(cs); } @@ -545,7 +548,6 @@ static void do_vcpu_soft_reset(CPUState *cs, run_on_cpu_data data) env->xen_vcpu_time_info_gpa = INVALID_GPA; env->xen_vcpu_runstate_gpa = INVALID_GPA; env->xen_vcpu_callback_vector = 0; - env->xen_singleshot_timer_ns = 0; memset(env->xen_virq, 0, sizeof(env->xen_virq)); set_vcpu_info(cs, INVALID_GPA); @@ -555,8 +557,13 @@ static void do_vcpu_soft_reset(CPUState *cs, run_on_cpu_data data) INVALID_GPA); if (kvm_xen_has_cap(EVTCHN_SEND)) { kvm_xen_set_vcpu_callback_vector(cs); + + QEMU_LOCK_GUARD(&X86_CPU(cs)->env.xen_timers_lock); + env->xen_singleshot_timer_ns = 0; kvm_xen_set_vcpu_timer(cs); - } + } else { + vcpuop_stop_singleshot_timer(cs); + }; } @@ -1059,6 +1066,10 @@ static int vcpuop_stop_periodic_timer(CPUState *target) return 0; } +/* + * Userspace handling of timer, for older kernels. + * Must always be called with xen_timers_lock held. + */ static int do_set_singleshot_timer(CPUState *cs, uint64_t timeout_abs, bool future, bool linux_wa) { @@ -1086,12 +1097,8 @@ static int do_set_singleshot_timer(CPUState *cs, uint64_t timeout_abs, timeout_abs = now + delta; } - qemu_mutex_lock(&env->xen_timers_lock); - timer_mod_ns(env->xen_singleshot_timer, qemu_now + delta); env->xen_singleshot_timer_ns = now + delta; - - qemu_mutex_unlock(&env->xen_timers_lock); return 0; } @@ -1115,6 +1122,7 @@ static int vcpuop_set_singleshot_timer(CPUState *cs, uint64_t arg) return -EFAULT; } + QEMU_LOCK_GUARD(&X86_CPU(cs)->env.xen_timers_lock); return do_set_singleshot_timer(cs, sst.timeout_abs_ns, !!(sst.flags & VCPU_SSHOTTMR_future), false); @@ -1141,6 +1149,7 @@ static bool kvm_xen_hcall_set_timer_op(struct kvm_xen_exit *exit, X86CPU *cpu, if (unlikely(timeout == 0)) { err = vcpuop_stop_singleshot_timer(CPU(cpu)); } else { + QEMU_LOCK_GUARD(&X86_CPU(cpu)->env.xen_timers_lock); err = do_set_singleshot_timer(CPU(cpu), timeout, false, true); } exit->u.hcall.result = err; @@ -1826,6 +1835,7 @@ int kvm_put_xen_state(CPUState *cs) * If the kernel has EVTCHN_SEND support then it handles timers too, * so the timer will be restored by kvm_xen_set_vcpu_timer() below. */ + QEMU_LOCK_GUARD(&env->xen_timers_lock); if (env->xen_singleshot_timer_ns) { ret = do_set_singleshot_timer(cs, env->xen_singleshot_timer_ns, false, false); @@ -1844,10 +1854,8 @@ int kvm_put_xen_state(CPUState *cs) } if (env->xen_virq[VIRQ_TIMER]) { - ret = kvm_xen_set_vcpu_timer(cs); - if (ret < 0) { - return ret; - } + do_set_vcpu_timer_virq(cs, + RUN_ON_CPU_HOST_INT(env->xen_virq[VIRQ_TIMER])); } return 0; } @@ -1896,6 +1904,15 @@ int kvm_get_xen_state(CPUState *cs) if (ret < 0) { return ret; } + + /* + * This locking is fairly pointless, and is here to appease Coverity. + * There is an unavoidable race condition if a different vCPU sets a + * timer for this vCPU after the value has been read out. But that's + * OK in practice because *all* the vCPUs need to be stopped before + * we set about migrating their state. + */ + QEMU_LOCK_GUARD(&X86_CPU(cs)->env.xen_timers_lock); env->xen_singleshot_timer_ns = va.u.timer.expires_ns; } diff --git a/target/m68k/m68k-semi.c b/target/m68k/m68k-semi.c index 88ad9ba814..239f6e44e9 100644 --- a/target/m68k/m68k-semi.c +++ b/target/m68k/m68k-semi.c @@ -166,7 +166,7 @@ void do_m68k_semihosting(CPUM68KState *env, int nr) GET_ARG64(2); GET_ARG64(3); semihost_sys_lseek(cs, m68k_semi_u64_cb, arg0, - deposit64(arg2, arg1, 32, 32), arg3); + deposit64(arg2, 32, 32, arg1), arg3); break; case HOSTED_RENAME: diff --git a/target/nios2/nios2-semi.c b/target/nios2/nios2-semi.c index 3738774976..9d0241c758 100644 --- a/target/nios2/nios2-semi.c +++ b/target/nios2/nios2-semi.c @@ -133,8 +133,8 @@ void do_nios2_semihosting(CPUNios2State *env) args = env->regs[R_ARG1]; switch (nr) { case HOSTED_EXIT: - gdb_exit(env->regs[R_ARG0]); - exit(env->regs[R_ARG0]); + gdb_exit(env->regs[R_ARG1]); + exit(env->regs[R_ARG1]); case HOSTED_OPEN: GET_ARG(0); @@ -169,7 +169,7 @@ void do_nios2_semihosting(CPUNios2State *env) GET_ARG64(2); GET_ARG64(3); semihost_sys_lseek(cs, nios2_semi_u64_cb, arg0, - deposit64(arg2, arg1, 32, 32), arg3); + deposit64(arg2, 32, 32, arg1), arg3); break; case HOSTED_RENAME: diff --git a/tests/migration/s390x/Makefile b/tests/migration/s390x/Makefile index 6393c3e5b9..6671de2efc 100644 --- a/tests/migration/s390x/Makefile +++ b/tests/migration/s390x/Makefile @@ -6,8 +6,8 @@ all: a-b-bios.h fwdir=../../../pc-bios/s390-ccw CFLAGS+=-ffreestanding -fno-delete-null-pointer-checks -fPIE -Os \ - -msoft-float -march=z900 -fno-asynchronous-unwind-tables -Wl,-pie \ - -Wl,--build-id=none -nostdlib + -msoft-float -march=z900 -fno-asynchronous-unwind-tables \ + -fno-stack-protector -Wl,-pie -Wl,--build-id=none -nostdlib a-b-bios.h: s390x.elf echo "$$__note" > header.tmp diff --git a/ui/dbus-listener.c b/ui/dbus-listener.c index 68ff343799..30917271ab 100644 --- a/ui/dbus-listener.c +++ b/ui/dbus-listener.c @@ -232,7 +232,7 @@ static void dbus_call_update_gl(DisplayChangeListener *dcl, egl_fb_read_rect(ddl->ds, &ddl->fb, x, y, w, h); dbus_gfx_update(dcl, x, y, w, h); break; - case SHARE_KIND_D3DTEX: + case SHARE_KIND_D3DTEX: { Error *err = NULL; assert(ddl->d3d_texture); @@ -249,6 +249,7 @@ static void dbus_call_update_gl(DisplayChangeListener *dcl, dbus_update_gl_cb, g_object_ref(ddl)); break; + } default: g_warn_if_reached(); } @@ -338,6 +339,7 @@ static bool dbus_scanout_map(DBusDisplayListener *ddl) return true; } +#ifdef CONFIG_OPENGL static bool dbus_scanout_share_d3d_texture( DBusDisplayListener *ddl, @@ -399,7 +401,8 @@ dbus_scanout_share_d3d_texture( return true; } -#endif +#endif /* CONFIG_OPENGL */ +#endif /* WIN32 */ #ifdef CONFIG_OPENGL static void dbus_scanout_texture(DisplayChangeListener *dcl, diff --git a/ui/vnc-enc-tight.c b/ui/vnc-enc-tight.c index 09200d71b8..ee853dcfcb 100644 --- a/ui/vnc-enc-tight.c +++ b/ui/vnc-enc-tight.c @@ -77,7 +77,7 @@ static int tight_send_framebuffer_update(VncState *vs, int x, int y, #ifdef CONFIG_VNC_JPEG static const struct { - double jpeg_freq_min; /* Don't send JPEG if the freq is bellow */ + double jpeg_freq_min; /* Don't send JPEG if the freq is below */ double jpeg_freq_threshold; /* Always send JPEG if the freq is above */ int jpeg_idx; /* Allow indexed JPEG */ int jpeg_full; /* Allow full color JPEG */ |