aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2022-04-20util/log: Rename qemu_log_lock to qemu_log_trylockRichard Henderson
This function can fail, which makes it more like ftrylockfile or pthread_mutex_trylock than flockfile or pthread_mutex_lock, so rename it. To closer match the other trylock functions, release rcu_read_lock along the failure path, so that qemu_log_unlock need not be called on failure. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-8-richard.henderson@linaro.org>
2022-04-20util/log: Move qemu_log_lock, qemu_log_unlock out of lineRichard Henderson
Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-7-richard.henderson@linaro.org>
2022-04-20os-posix: Use qemu_log_enabledRichard Henderson
Do not reference qemu_logfile directly; use the predicate provided by qemu/log.h. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-6-richard.henderson@linaro.org>
2022-04-20util/log: Pass Error pointer to qemu_set_logRichard Henderson
Do not force exit within qemu_set_log; return bool and pass an Error value back up the stack as per usual. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-5-richard.henderson@linaro.org>
2022-04-20util/log: Return bool from qemu_set_log_filenameRichard Henderson
Per the recommendations in qapi/error.h, return false on failure. Use the return value in the monitor, the only place we aren't already passing error_fatal or error_abort. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-4-richard.henderson@linaro.org>
2022-04-20target/hexagon: Remove qemu_set_log in hexagon_translate_initRichard Henderson
This code appears to be trying to make sure there is a logfile. But that's already true -- the logfile will either be set by -D, or will be stderr. In either case, not appropriate here. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-3-richard.henderson@linaro.org>
2022-04-20util/log: Drop manual log bufferingRichard Henderson
This buffering was introduced during the Paleozoic: 9fa3e853531. There has never been an explanation as to why we may not allow glibc to allocate the file buffer itself. We certainly have many other uses of mmap and malloc during user-only startup, so presumably whatever the issue was, it has been fixed during the preceeding 18 years. Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20220417183019.755276-2-richard.henderson@linaro.org>
2022-04-20Merge tag 'pull-block-2022-04-20' of https://gitlab.com/hreitz/qemu into stagingRichard Henderson
Block patches: - Some changes for qcow2's refcount repair algorithm to make it work for qcow2 images stored on block devices - Skip test cases that require zstd when support for it is missing - Some refactoring in the iotests' meson.build # -----BEGIN PGP SIGNATURE----- # # iQJGBAABCAAwFiEEy2LXoO44KeRfAE00ofpA0JgBnN8FAmJf/asSHGhyZWl0ekBy # ZWRoYXQuY29tAAoJEKH6QNCYAZzfYXUQAKQv5qKQBjU4MTwlS8A4h6B6OJgC1Sik # 9BB7LO/QFjuuF4vNKpcUlf6i0epxPP8B5pmCjaAolMh6u6wZwL7hHq+SOYXvejTo # vINW+r097U0qYPkSV+cS6tbW92rYJDD7VxF+34udiWXGjozsBTw/k9DfJaa9Ht66 # 2dw3AxUa4lxN1/ejFzDLx3DNaff+HctLhgVpHeBb0eN2zr2Ug5+ZFgMoiWwU6r6J # EzTORLAzATerlQVYUkhh4Y/UdVLLw1SzTWOQv5b/NqvaLfKmYsQobSfjC2ajO8XJ # P2REigcOAij5uWVRf4EY7xoqmADP8pXxuOTzw0hyGNLOLNcXoFbfW45WSPoY+YgH # EH1TtC4vMsg/MlO/A3PJr9v+SNqxz32cul3MVrY3PuG4Dzz0riy9GhtFUU37igbj # mR6pP3nSa/f2X4+9B6/UrPjLzusRvc8bvzYqVEnSLABav11npphkYaR9QT1fQUVD # Zw26igXtmLKUcfop/EqShbhblk0ZLYDTj/Lx7X+thC9OCrK1QgF6qAsIUqiS1iHz # vwdktRTCofo4ZIT/OCz5QeriJqDz0B7VJ8/4i/uvm2eq8BUsn2mJuyAGD2XtaONV # rmASrV9VbajdxX5VptjKOOHG6aHtqQlKbyBFog8I4nqVFdjdSMalb++gBMCrPu1A # 1iZPsOOyz/8+ # =BF0c # -----END PGP SIGNATURE----- # gpg: Signature made Wed 20 Apr 2022 05:33:47 AM PDT # gpg: using RSA key CB62D7A0EE3829E45F004D34A1FA40D098019CDF # gpg: issuer "hreitz@redhat.com" # gpg: Good signature from "Hanna Reitz <hreitz@redhat.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: CB62 D7A0 EE38 29E4 5F00 4D34 A1FA 40D0 9801 9CDF * tag 'pull-block-2022-04-20' of https://gitlab.com/hreitz/qemu: qcow2: Add errp to rebuild_refcount_structure() iotests/108: Test new refcount rebuild algorithm qcow2: Improve refcount structure rebuilding iotests/303: Check for zstd support iotests/065: Check for zstd support iotests.py: Add supports_qcow2_zstd_compression() tests/qemu-iotests: Move the bash and sanitizer checks to meson.build tests/qemu-iotests/meson.build: Improve the indentation Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-04-20Merge tag 'pull-request-2022-04-20' of https://gitlab.com/thuth/qemu into ↵Richard Henderson
staging * Drop perl-Test-Harness from the CI containers / VMs * Some qtest fixes * Convert ccid doc to restructuredText * Add compat machines for 7.1 * Allow overwrite smp and memory size in avocado tests # -----BEGIN PGP SIGNATURE----- # # iQJFBAABCAAvFiEEJ7iIR+7gJQEY8+q5LtnXdP5wLbUFAmJf32MRHHRodXRoQHJl # ZGhhdC5jb20ACgkQLtnXdP5wLbXEHQ//e4S4rlETwKwIQR6SqaOGl9wQr8yPX80r # V6UFMt+MhTdtItBDa+cDrWY7xkBU3DpIPcfDRfg4P7F/WB5LFaXfYPQHIB28cmkQ # f5nX4dIVfas/wS+2zk8uvaZEsuv0QiVCKldF2+Z49rE/1UMDfJkHJI+c3MvJToe7 # CPuzR9SL7wfb3gFV5YrDqyZFRtpUurNhQ3j7sfmh+9P+9QVZg118pDI/lE2WIIBT # HwrB0/keRdgepEv/n+6bwIhf+XRPnKyK8ETRo5vaVaj5BxKDHDVaevNYABp1kBB5 # udyCrEtS4KjPmyNgsMc1ZnIdG2R2pGyRPPYvVUXVpODkAQFoprjTS4yc5Gauqeuj # EtrDJDnV+EFtZZlnd2T4Uj+ZxTR9suXWF+kJU8R7vXX5Dffu7C7tAw88FqQoG1GR # mlhtN4fng2PJ/wEZUc+OESVjLUW/3H8yA6rRsbD21gMFaPVxrxc5iXrJoPEWoz1q # BPbc+1v+lf3PgIDTMokogV0HFaxl8Xoq7T1TaXhQHEbEchfPib55VAHnN7rXKJgs # eQt7FBqRTCZdFgRnKNZ71NMGdW2suHRk2lpabGPcuGb/bxyJWc6lcdOM8uEMDUlq # vzAZwbXx3mlGArx7jaGERTrColCgMa0WLbQZ54eP1qCJnqUbzadaIQxmlMaPFWgm # 2imKnvET5PM= # =vsLu # -----END PGP SIGNATURE----- # gpg: Signature made Wed 20 Apr 2022 03:24:35 AM PDT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [undefined] # gpg: aka "Thomas Huth <thuth@redhat.com>" [undefined] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * tag 'pull-request-2022-04-20' of https://gitlab.com/thuth/qemu: tests/avocado: Allow overwrite smp and memory size command line options hw: Add compat machines for 7.1 docs/ccid: convert to restructuredText tests/qtest: properly initialise the vring used idx tests/qtest: Move the fuzz tests to x86 only tests/qtest: Enable more tests for the "mipsel" target tests: Drop perl-Test-Harness from the CI containers / VMs Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-04-20qcow2: Add errp to rebuild_refcount_structure()Hanna Reitz
Instead of fprint()-ing error messages in rebuild_refcount_structure() and its rebuild_refcounts_write_refblocks() helper, pass them through an Error object to qcow2_check_refcounts() (which will then print it). Suggested-by: Eric Blake <eblake@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Message-Id: <20220405134652.19278-4-hreitz@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2022-04-20iotests/108: Test new refcount rebuild algorithmHanna Reitz
One clear problem with how qcow2's refcount structure rebuild algorithm used to be before "qcow2: Improve refcount structure rebuilding" was that it is prone to failure for qcow2 images on block devices: There is generally unused space after the actual image, and if that exceeds what one refblock covers, the old algorithm would invariably write the reftable past the block device's end, which cannot work. The new algorithm does not have this problem. Test it with three tests: (1) Create an image with more empty space at the end than what one refblock covers, see whether rebuilding the refcount structures results in a change in the image file length. (It should not.) (2) Leave precisely enough space somewhere at the beginning of the image for the new reftable (and the refblock for that place), see whether the new algorithm puts the reftable there. (It should.) (3) Test the original problem: Create (something like) a block device with a fixed size, then create a qcow2 image in there, write some data, and then have qemu-img check rebuild the refcount structures. Before HEAD^, the reftable would have been written past the image file end, i.e. outside of what the block device provides, which cannot work. HEAD^ should have fixed that. ("Something like a block device" means a loop device if we can use one ("sudo -n losetup" works), or a FUSE block export with growable=false otherwise.) Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Message-Id: <20220405134652.19278-3-hreitz@redhat.com>
2022-04-20qcow2: Improve refcount structure rebuildingHanna Reitz
When rebuilding the refcount structures (when qemu-img check -r found errors with refcount = 0, but reference count > 0), the new refcount table defaults to being put at the image file end[1]. There is no good reason for that except that it means we will not have to rewrite any refblocks we already wrote to disk. Changing the code to rewrite those refblocks is not too difficult, though, so let us do that. That is beneficial for images on block devices, where we cannot really write beyond the end of the image file. Use this opportunity to add extensive comments to the code, and refactor it a bit, getting rid of the backwards-jumping goto. [1] Unless there is something allocated in the area pointed to by the last refblock, so we have to write that refblock. In that case, we try to put the reftable in there. Buglink: https://bugzilla.redhat.com/show_bug.cgi?id=1519071 Closes: https://gitlab.com/qemu-project/qemu/-/issues/941 Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Message-Id: <20220405134652.19278-2-hreitz@redhat.com>
2022-04-20iotests/303: Check for zstd supportHanna Reitz
303 runs two test cases, one of which requires zstd support. Unfortunately, given that this is not a unittest-style test, we cannot easily skip that single case, and instead can only skip the whole test. (Alternatively, we could split this test into a zlib and a zstd part, but that seems excessive, given that this test is not in auto and thus likely only run by developers who have zstd support compiled in.) Fixes: 677e0bae686e7c670a71d1f ("iotest 303: explicit compression type") Signed-off-by: Hanna Reitz <hreitz@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <v.sementsov-og@mail.ru> Message-Id: <20220323105522.53660-4-hreitz@redhat.com>
2022-04-20iotests/065: Check for zstd supportHanna Reitz
Some test cases run in iotest 065 want to run with zstd compression just for added coverage. Run them with zlib if there is no zstd support compiled in. Reported-by: Thomas Huth <thuth@redhat.com> Fixes: 12a936171d71f839dc907ff ("iotest 065: explicit compression type") Signed-off-by: Hanna Reitz <hreitz@redhat.com> Message-Id: <20220323105522.53660-3-hreitz@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <v.sementsov-og@mail.ru>
2022-04-20iotests.py: Add supports_qcow2_zstd_compression()Hanna Reitz
Suggested-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com> Message-Id: <20220323105522.53660-2-hreitz@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <v.sementsov-og@mail.ru>
2022-04-20tests/qemu-iotests: Move the bash and sanitizer checks to meson.buildThomas Huth
We want to get rid of check-block.sh in the long run, so let's move the checks for the bash version and sanitizers from check-block.sh into the meson.build file instead. Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20220223093840.2515281-4-thuth@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2022-04-20tests/qemu-iotests/meson.build: Improve the indentationThomas Huth
By using subdir_done(), we can get rid of one level of indentation in this file. This will make it easier to add more conditions to skip the iotests in future patches. Reviewed-by: Hanna Reitz <hreitz@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Thomas Huth <thuth@redhat.com> Message-Id: <20220223093840.2515281-3-thuth@redhat.com> Signed-off-by: Hanna Reitz <hreitz@redhat.com>
2022-04-20tests/avocado: Allow overwrite smp and memory size command line optionsAhmed Abouzied
Removes the hard-coded values in setUp(). Class inheriting from avocado_qemu.LinuxTest can overwrite the default smp and memory instead. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/453 Signed-off-by: Ahmed Abouzied <email@aabouzied.com> Message-Id: <20210802222257.50946-1-email@aabouzied.com> Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Reviewed-by: Philippe Mathieu-Daude <philmd@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-04-20hw: Add compat machines for 7.1Cornelia Huck
Add 7.1 machine types for arm/i440fx/m68k/q35/s390x/spapr. Signed-off-by: Cornelia Huck <cohuck@redhat.com> Message-Id: <20220316145521.1224083-1-cohuck@redhat.com> Reviewed-by: Eric Farman <farman@linux.ibm.com> Reviewed-by: Cédric Le Goater <clg@kaod.org> Acked-by: Laurent Vivier <laurent@vivier.eu> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Yanan Wang <wangyanan55@huawei.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-04-20docs/ccid: convert to restructuredTextLucas Ramage
Buglink: https://gitlab.com/qemu-project/qemu/-/issues/527 Signed-off-by: Lucas Ramage <lucas.ramage@infinite-omicron.com> Message-Id: <20220405142906.21382-1-oxr463@gmx.us> Reviewed-by: Damien Hedde <damien.hedde@greensocs.com> [thuth: Added some cosmetic fixes] Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-04-20tests/qtest: properly initialise the vring used idxAlex Bennée
Eric noticed while attempting to enable the vhost-user-blk-test for Aarch64 that that things didn't work unless he put in a dummy guest_malloc() at the start of the test. Without it qvirtio_wait_used_elem() would assert when it reads a junk value for idx resulting in: qvirtqueue_get_buf: idx:2401 last_idx:0 qvirtqueue_get_buf: 0x7ffcb6d3fe74, (nil) qvirtio_wait_used_elem: 3000000/0 ERROR:../../tests/qtest/libqos/virtio.c:226:qvirtio_wait_used_elem: assertion failed (got_desc_idx == desc_idx): (50331648 == 0) Bail out! ERROR:../../tests/qtest/libqos/virtio.c:226:qvirtio_wait_used_elem: assertion failed (got_desc_idx == desc_idx): (50331648 == 0) What was actually happening is the guest_malloc() effectively pushed the allocation of the vring into the next page which just happened to have clear memory. After much tedious tracing of the code I could see that qvring_init() does attempt initialise a bunch of the vring structures but skips the vring->used.idx value. It is probably not wise to assume guest memory is zeroed anyway. Once the ring is properly initialised the hack is no longer needed to get things working. Thanks-to: John Snow <jsnow@redhat.com> for helping debug Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20220406173356.1891500-1-alex.bennee@linaro.org> Tested-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Eric Auger <eric.auger@redhat.com> Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-04-20tests/qtest: Move the fuzz tests to x86 onlyThomas Huth
The fuzz tests are currently scheduled for all targets, but their setup code limits the run to "i386", so that these tests always show "SKIP" on other targets. Move it to the right x86 list in meson.build, then we can drop the architecture check during runtime, too. Message-Id: <20220414130127.719528-1-thuth@redhat.com> Reviewed-by: Laurent Vivier <lvivier@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-04-20tests/qtest: Enable more tests for the "mipsel" targetThomas Huth
Allow the same set of tests for all MIPS targets, so that "mipsel" now gets some additional test coverage, too. While we're at it, simplify the definitions for qtests_mips64 and qtests_mips64el. Message-Id: <20220414114655.604391-1-thuth@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-04-20tests: Drop perl-Test-Harness from the CI containers / VMsThomas Huth
The perl test harness is not necessary anymore since commit 3d2f73ef75 ("build: use "meson test" as the test harness"). Thus remove it from tests/lcitool/projects/qemu.yml, run "make lcitool-refresh" and manually clean the remaining docker / vm files that are not managed by lcitool yet. Message-Id: <20220329102808.423681-1-thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Thomas Huth <thuth@redhat.com>
2022-04-19Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into stagingRichard Henderson
* Add cpu0-id to query-sev-capabilities * whpx support for breakpoints and stepping * initial support for Hyper-V Synthetic Debugging * use monotonic clock for QemuCond and QemuSemaphore * Remove qemu-common.h include from most units and lots of other clenaups * do not include headers for all virtio devices in virtio-ccw.h # -----BEGIN PGP SIGNATURE----- # # iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmJXCQAUHHBib256aW5p # QHJlZGhhdC5jb20ACgkQv/vSX3jHroNT6wf+NHDJUEdDiwaVGVTGXgHuiaycsymi # FpNPiw/+XxSGN5xF3fkUGgqaDrcwIYwVfnXlghKSz8kp1cP3cjxa5CzNMLGTp5je # N6BxFbD7yC6dhagGm3mj32jlsptv3M38OHqKc3t+RaUAotP5RF2VdCyfUBLG6vU0 # aMzvMfMtB5aG0D8Fr5EV63t1JMTceFU0YxsG73UCFs2Yx4Z0cGBbNxMbHweRhd1q # tPeVDS46MFPM3/2cGGHpeeqxkoCTU7A9j1VuNQI3k+Kg+6W5YVxiK/UP7bw77E/a # yAHsmIVTNro8ajMBch73weuHtGtdfFLvCKc6QX6aVjzK4dF1voQ01E7gPQ== # =rMle # -----END PGP SIGNATURE----- # gpg: Signature made Wed 13 Apr 2022 10:31:44 AM PDT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (53 commits) target/i386: Remove unused XMMReg, YMMReg types and CPUState fields target/i386: do not access beyond the low 128 bits of SSE registers virtio-ccw: do not include headers for all virtio devices virtio-ccw: move device type declarations to .c files virtio-ccw: move vhost_ccw_scsi to a separate file s390x: follow qdev tree to detect SCSI device on a CCW bus hw: hyperv: Initial commit for Synthetic Debugging device hyperv: Add support to process syndbg commands hyperv: Add definitions for syndbg hyperv: SControl is optional to enable SynIc thread-posix: optimize qemu_sem_timedwait with zero timeout thread-posix: implement Semaphore with QemuCond and QemuMutex thread-posix: use monotonic clock for QemuCond and QemuSemaphore thread-posix: remove the posix semaphore support whpx: Added support for breakpoints and stepping build-sys: simplify AF_VSOCK check build-sys: drop ntddscsi.h check Remove qemu-common.h include from most units qga: remove explicit environ argument from exec/spawn Move fcntl_setfl() to oslib-posix ... Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-04-19Open 7.1 development treeRichard Henderson
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2022-04-19Update version for v7.0.0 releasev7.0.0Peter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-04-13target/i386: Remove unused XMMReg, YMMReg types and CPUState fieldsPeter Maydell
In commit b7711471f5 in 2014 we refactored the handling of the x86 vector registers so that instead of separate structs XMMReg, YMMReg and ZMMReg for representing the 16-byte, 32-byte and 64-byte width vector registers and multiple fields in the CPU state, we have a single type (XMMReg, later renamed to ZMMReg) and a single struct field (xmm_regs). However, in 2017 in commit c97d6d2cdf97ed some of the old struct types and CPU state fields got added back, when we merged in the hvf support (which had developed in a separate fork that had presumably not had the refactoring of b7711471f5), as part of code handling xsave. Commit f585195ec07 then almost immediately dropped that xsave code again in favour of sharing the xsave handling with KVM, but forgot to remove the now unused CPU state fields and struct types. Delete the unused types and CPUState fields. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20220412110047.1497190-1-peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-13target/i386: do not access beyond the low 128 bits of SSE registersPaolo Bonzini
The i386 target consolidates all vector registers so that instead of XMMReg, YMMReg and ZMMReg structs there is a single ZMMReg that can fit all of SSE, AVX and AVX512. When TCG copies data from and to the SSE registers, it uses the full 64-byte width. This is not a correctness issue because TCG never lets guest code see beyond the first 128 bits of the ZMM registers, however it causes uninitialized stack memory to make it to the CPU's migration stream. Fix it by only copying the low 16 bytes of the ZMMReg union into the destination register. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-12Update version for v7.0.0-rc4 releasev7.0.0-rc4Peter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-04-08virtio-iommu: use-after-free fixWentao Liang
A potential Use-after-free was reported in virtio_iommu_handle_command when using virtio-iommu: > I find a potential Use-after-free in QEMU 6.2.0, which is in > virtio_iommu_handle_command() (./hw/virtio/virtio-iommu.c). > > > Specifically, in the loop body, the variable 'buf' allocated at line 639 can be > freed by g_free() at line 659. However, if the execution path enters the loop > body again and the if branch takes true at line 616, the control will directly > jump to 'out' at line 651. At this time, 'buf' is a freed pointer, which is not > assigned with an allocated memory but used at line 653. As a result, a UAF bug > is triggered. > > > > 599 for (;;) { > ... > 615 sz = iov_to_buf(iov, iov_cnt, 0, &head, sizeof(head)); > 616 if (unlikely(sz != sizeof(head))) { > 617 tail.status = VIRTIO_IOMMU_S_DEVERR; > 618 goto out; > 619 } > ... > 639 buf = g_malloc0(output_size); > ... > 651 out: > 652 sz = iov_from_buf(elem->in_sg, elem->in_num, 0, > 653 buf ? buf : &tail, output_size); > ... > 659 g_free(buf); > > We can fix it by set ‘buf‘ to NULL after freeing it: > > > 651 out: > 652 sz = iov_from_buf(elem->in_sg, elem->in_num, 0, > 653 buf ? buf : &tail, output_size); > ... > 659 g_free(buf); > +++ buf = NULL; > 660 } Fix as suggested by the reporter. Signed-off-by: Wentao Liang <Wentao_Liang_g@163.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Message-id: 20220407095047.50371-1-mst@redhat.com Message-ID: <20220406040445-mutt-send-email-mst@kernel.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-04-08Merge tag 'fixes-20220408-pull-request' of git://git.kraxel.org/qemu into ↵Peter Maydell
staging two cursor/qxl related security fixes. # gpg: Signature made Fri 08 Apr 2022 05:37:16 BST # gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * tag 'fixes-20220408-pull-request' of git://git.kraxel.org/qemu: ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206) display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207) Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-04-07ui/cursor: fix integer overflow in cursor_alloc (CVE-2021-4206)Mauro Matteo Cascella
Prevent potential integer overflow by limiting 'width' and 'height' to 512x512. Also change 'datasize' type to size_t. Refer to security advisory https://starlabs.sg/advisories/22-4206/ for more information. Fixes: CVE-2021-4206 Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220407081712.345609-1-mcascell@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-07display/qxl-render: fix race condition in qxl_cursor (CVE-2021-4207)Mauro Matteo Cascella
Avoid fetching 'width' and 'height' a second time to prevent possible race condition. Refer to security advisory https://starlabs.sg/advisories/22-4207/ for more information. Fixes: CVE-2021-4207 Signed-off-by: Mauro Matteo Cascella <mcascell@redhat.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220407081106.343235-1-mcascell@redhat.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
2022-04-06Update version for v7.0.0-rc3 releasev7.0.0-rc3Peter Maydell
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-04-06acpi: fix acpi_index migrationDr. David Alan Gilbert
vmstate_acpi_pcihp_use_acpi_index() was expecting AcpiPciHpState as state but it actually received PIIX4PMState, because VMSTATE_PCI_HOTPLUG is a macro and not another struct. So it ended up accessing random pointer, which resulted in 'false' return value and acpi_index field wasn't ever sent. However in 7.0 that pointer de-references to value > 0, and destination QEMU starts to expect the field which isn't sent in migratioon stream from older QEMU (6.2 and older). As result migration fails with: qemu-system-x86_64: Missing section footer for 0000:00:01.3/piix4_pm qemu-system-x86_64: load of migration failed: Invalid argument In addition with QEMU-6.2, destination due to not expected state, also never expects the acpi_index field in migration stream. Q35 is not affected as it always sends/expects the field as long as acpi based PCI hotplug is enabled. Fix issue by introducing compat knob to never send/expect acpi_index in migration stream for 6.2 and older PC machine types and always send it for 7.0 and newer PC machine types. Diagnosed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Fixes: b32bd76 ("pci: introduce acpi-index property for PCI device") Resolves: https://gitlab.com/qemu-project/qemu/-/issues/932 Signed-off-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Dr. David Alan Gilbert <dgilbert@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2022-04-06virtio-ccw: do not include headers for all virtio devicesPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06virtio-ccw: move device type declarations to .c filesPaolo Bonzini
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06virtio-ccw: move vhost_ccw_scsi to a separate filePaolo Bonzini
Remove unecessary use of #ifdef CONFIG_VHOST_SCSI, instead just use a separate file and a separate rule in meson.build. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06s390x: follow qdev tree to detect SCSI device on a CCW busPaolo Bonzini
Do not make assumptions on the parent type of the SCSIDevice, instead use object_dynamic_cast all the way up to the CcwDevice. This is cleaner because there is no guarantee that the bus is on a virtio-scsi device; that is only the case for the default configuration of QEMU's s390x target. Reviewed-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06hw: hyperv: Initial commit for Synthetic Debugging deviceJon Doron
Signed-off-by: Jon Doron <arilou@gmail.com> Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20220216102500.692781-5-arilou@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06hyperv: Add support to process syndbg commandsJon Doron
SynDbg commands can come from two different flows: 1. Hypercalls, in this mode the data being sent is fully encapsulated network packets. 2. SynDbg specific MSRs, in this mode only the data that needs to be transfered is passed. Signed-off-by: Jon Doron <arilou@gmail.com> Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20220216102500.692781-4-arilou@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06hyperv: Add definitions for syndbgJon Doron
Add all required definitions for hyperv synthetic debugger interface. Signed-off-by: Jon Doron <arilou@gmail.com> Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20220216102500.692781-3-arilou@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06hyperv: SControl is optional to enable SynIcJon Doron
SynIc can be enabled regardless of the SControl mechanisim which can register a GSI for a given SintRoute. This behaviour can achived by setting enabling SIMP and then the guest will poll on the message slot. Once there is another message pending the host will set the message slot with the pending flag. When the guest polls from the message slot, in case the pending flag is set it will write to the HV_X64_MSR_EOM indicating it has cleared the slot and we can try and push our message again. Signed-off-by: Jon Doron <arilou@gmail.com> Reviewed-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Message-Id: <20220216102500.692781-2-arilou@gmail.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06thread-posix: optimize qemu_sem_timedwait with zero timeoutPaolo Bonzini
In this case there is no need to call pthread_cond_timedwait; the function is just a trywait and waiting on the condition variable would always time out. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06thread-posix: implement Semaphore with QemuCond and QemuMutexLongpeng(Mike)
Now that QemuSemaphore is implemented through pthread_cond_t only, we can use QemuCond and QemuMutex to make the code smaller. Features such as mutex tracing and CLOCK_MONOTONIC timedwait are supported in qemu-sem naturally. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Message-Id: <20220222090507.2028-4-longpeng2@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06thread-posix: use monotonic clock for QemuCond and QemuSemaphoreLongpeng(Mike)
Use CLOCK_MONOTONIC, so the timeout isn't affected by changes to the system time. It depends on the pthread_condattr_setclock(), while some systems(e.g. mac os) does not support it, so the behavior won't change in these systems. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Message-Id: <20220222090507.2028-3-longpeng2@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06thread-posix: remove the posix semaphore supportLongpeng(Mike)
POSIX specifies an absolute time for sem_timedwait(), it would be affected if the system time is changing, but there is not a relative time or monotonic clock version of sem_timedwait, so we cannot gain from POSIX semaphore any more. An alternative way is to use sem_trywait + usleep, maybe we can remove CONFIG_SEM_TIMEDWAIT in this way? No, because some systems (e.g. mac os) mark the sem_xxx API as deprecated. So maybe remove the usage of POSIX semaphore and turn to use the pthread variant for all systems looks better. Signed-off-by: Longpeng(Mike) <longpeng2@huawei.com> Message-Id: <20220222090507.2028-2-longpeng2@huawei.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06whpx: Added support for breakpoints and steppingIvan Shcherbakov
Below is the updated version of the patch adding debugging support to WHPX. It incorporates feedback from Alex Bennée and Peter Maydell regarding not changing the emulation logic depending on the gdb connection status. Instead of checking for an active gdb connection to determine whether QEMU should intercept the INT1 exceptions, it now checks whether any breakpoints have been set, or whether gdb has explicitly requested one or more CPUs to do single-stepping. Having none of these condition present now has the same effect as not using gdb at all. Message-Id: <0e7f01d82e9e$00e9c360$02bd4a20$@sysprogs.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2022-04-06build-sys: simplify AF_VSOCK checkMarc-André Lureau
The current test checks more than AF_VSOCK availability, and doesn't need to be that long. Since its introduction in Linux in 2013, AF_VSOCK came with linux/vm_sockets.h for sockaddr_vm, let's check that. We could even go back to the initial configure-less approach proposed by Stefan Hajnoczi, since Michael Roth added the configure-time check back then to satisfy glibc in Ubuntu 14. See: https://lists.gnu.org/archive/html/qemu-devel/2016-10/msg08208.html Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20220401115005.2204000-1-marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>