aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-07-22qio: add support for SO_PEERCRED for socket channelAnthony Harivel
The function qio_channel_get_peercred() returns a pointer to the credentials of the peer process connected to this socket. This credentials structure is defined in <sys/socket.h> as follows: struct ucred { pid_t pid; /* Process ID of the sending process */ uid_t uid; /* User ID of the sending process */ gid_t gid; /* Group ID of the sending process */ }; The use of this function is possible only for connected AF_UNIX stream sockets and for AF_UNIX stream and datagram socket pairs. On platform other than Linux, the function return 0. Signed-off-by: Anthony Harivel <aharivel@redhat.com> Link: https://lore.kernel.org/r/20240522153453.1230389-2-aharivel@redhat.com Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-07-22target/i386: do not crash if microvm guest uses SGX CPUID leavesPaolo Bonzini
sgx_epc_get_section assumes a PC platform is in use: bool sgx_epc_get_section(int section_nr, uint64_t *addr, uint64_t *size) { PCMachineState *pcms = PC_MACHINE(qdev_get_machine()); However, sgx_epc_get_section is called by CPUID regardless of whether SGX state has been initialized or which platform is in use. Check whether the machine has the right QOM class and if not behave as if there are no EPC sections. Fixes: 1dec2e1f19f ("i386: Update SGX CPUID info according to hardware/KVM/user input", 2021-09-30) Cc: qemu-stable@nongnu.org Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2142 Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-07-22hw/nvme: fix memory leak in nvme_dsmZheyu Ma
The allocated memory to hold LBA ranges leaks in the nvme_dsm function. This happens because the allocated memory for iocb->range is not freed in all error handling paths. Fix this by adding a free to ensure that the allocated memory is properly freed. ASAN log: ==3075137==ERROR: LeakSanitizer: detected memory leaks Direct leak of 480 byte(s) in 6 object(s) allocated from: #0 0x55f1f8a0eddd in malloc llvm/compiler-rt/lib/asan/asan_malloc_linux.cpp:129:3 #1 0x7f531e0f6738 in g_malloc (/lib/x86_64-linux-gnu/libglib-2.0.so.0+0x5e738) #2 0x55f1faf1f091 in blk_aio_get block/block-backend.c:2583:12 #3 0x55f1f945c74b in nvme_dsm hw/nvme/ctrl.c:2609:30 #4 0x55f1f945831b in nvme_io_cmd hw/nvme/ctrl.c:4470:16 #5 0x55f1f94561b7 in nvme_process_sq hw/nvme/ctrl.c:7039:29 Cc: qemu-stable@nongnu.org Fixes: d7d1474fd85d ("hw/nvme: reimplement dsm to allow cancellation") Signed-off-by: Zheyu Ma <zheyuma97@gmail.com> Reviewed-by: Klaus Jensen <k.jensen@samsung.com> Signed-off-by: Klaus Jensen <k.jensen@samsung.com>
2024-07-22ui/vdagent: send caps on fe_openMarc-André Lureau
The spice-vdagentd doesn't send capabilities again on host/client disconnect (but when the session agent connects and sends a GUEST_XORG_RESOLUTION message) When the dbus client disconnects, vdagent_disconnect() is called to reset the agent state. Capabilities must be negotiated again on reconnection. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717171541.201525-5-marcandre.lureau@redhat.com>
2024-07-22ui/vdagent: notify clipboard peers of serial resetMarc-André Lureau
Since we reset the serial counters, peers should also be reset to be sync. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717171541.201525-4-marcandre.lureau@redhat.com>
2024-07-22ui/vdagent: improve vdagent_fe_open() traceMarc-André Lureau
Place the trace when the function enters, with arg value. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717171541.201525-3-marcandre.lureau@redhat.com>
2024-07-22ui: add more tracing for dbusMarc-André Lureau
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717171541.201525-2-marcandre.lureau@redhat.com>
2024-07-22Cursor: 8 -> 1 bit alpha downsampling improvementPhil Dennis-Jordan
Mouse cursors with 8 bit alpha were downsampled to 1-bit opacity maps by turning alpha values of 255 into 1 and everything else into 0. This means that mostly-opaque pixels ended up completely invisible. This patch changes the behaviour so that only pixels with less than 50% alpha (0-127) are treated as transparent when converted to 1-bit alpha. This greatly improves the subjective appearance of anti-aliased mouse cursors, such as those used by macOS, when using a front-end UI without support for alpha-blended cursors, such as some VNC clients. Signed-off-by: Phil Dennis-Jordan <phil@philjordan.eu> Reviewed-by: Akihiko Odaki <akihiko.odaki@daynix.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com> Message-Id: <20240624101040.82726-1-phil@philjordan.eu>
2024-07-22virtio-gpu-gl: declare dependency on ui-openglMarc-André Lureau
Since commit e8a2db94 "virtio-gpu-virgl: teach it to get the QEMU EGL display", virtio-gl depends on ui-opengl symbol "qemu_egl_display". Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2391 Fixes: e8a2db94 ("virtio-gpu-virgl: teach it to get the QEMU EGL display") Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2024-07-22tests/tcg/aarch64: Fix test-mte.pyRichard Henderson
Python 3.12 warns: TEST gdbstub MTE support on aarch64 /home/rth/qemu/src/tests/tcg/aarch64/gdbstub/test-mte.py:21: SyntaxWarning: invalid escape sequence '\(' PATTERN_0 = "Memory tags for address 0x[0-9a-f]+ match \(0x[0-9a-f]+\)." Double up the \ to pass one through to the pattern. Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Message-Id: <20240719004143.1319260-1-richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
2024-07-22semihosting: Restrict to TCGPhilippe Mathieu-Daudé
Semihosting currently uses the TCG probe_access API. It is pointless to have it in the binary when TCG isn't. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Message-Id: <20240717105723.58965-9-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-16-alex.bennee@linaro.org>
2024-07-22target/xtensa: Restrict semihosting to TCGPhilippe Mathieu-Daudé
The semihosting feature depends on TCG (due to the probe_access API access). Although TCG is the single accelerator currently available for the xtensa target, use the Kconfig "imply" directive which is more correct (if we were to support a different accel). Reported-by: Anton Johansson <anjo@rev.ng> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717105723.58965-8-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-15-alex.bennee@linaro.org>
2024-07-22target/riscv: Restrict semihosting to TCGPhilippe Mathieu-Daudé
Semihosting currently uses the TCG probe_access API. To prepare for encoding the TCG dependency in Kconfig, do not enable it unless TCG is available. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Anton Johansson <anjo@rev.ng> Message-Id: <20240717105723.58965-7-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-14-alex.bennee@linaro.org>
2024-07-22target/mips: Restrict semihosting to TCGPhilippe Mathieu-Daudé
Semihosting currently uses the TCG probe_access API. To prepare for encoding the TCG dependency in Kconfig, do not enable it unless TCG is available. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Anton Johansson <anjo@rev.ng> Message-Id: <20240717105723.58965-6-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-13-alex.bennee@linaro.org>
2024-07-22target/m68k: Restrict semihosting to TCGPhilippe Mathieu-Daudé
The semihosting feature depends on TCG (due to the probe_access API access). Although TCG is the single accelerator currently available for the m68k target, use the Kconfig "imply" directive which is more correct (if we were to support a different accel). Reported-by: Anton Johansson <anjo@rev.ng> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717105723.58965-5-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-12-alex.bennee@linaro.org>
2024-07-22target/mips: Add semihosting stubPhilippe Mathieu-Daudé
Since the SEMIHOSTING feature is optional, we need a stub to link when it is disabled. Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717105723.58965-4-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-11-alex.bennee@linaro.org>
2024-07-22target/m68k: Add semihosting stubPhilippe Mathieu-Daudé
Since the SEMIHOSTING feature is optional, we need a stub to link when it is disabled. Suggested-by: Paolo Bonzini <pbonzini@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717105723.58965-3-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-10-alex.bennee@linaro.org>
2024-07-22semihosting: Include missing 'gdbstub/syscalls.h' headerPhilippe Mathieu-Daudé
"semihosting/syscalls.h" requires definitions from "gdbstub/syscalls.h", include it in order to avoid: include/semihosting/syscalls.h:23:38: error: unknown type name 'gdb_syscall_complete_cb' void semihost_sys_open(CPUState *cs, gdb_syscall_complete_cb complete, ^ Signed-off-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-Id: <20240717105723.58965-2-philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-9-alex.bennee@linaro.org>
2024-07-22plugins/execlog.c: correct dump of registers valuesFrédéric Pétrot
Register values are dumped as 'sz' chunks of two nibbles in the execlog plugin, sz was 1 too big. Signed-off-by: Frédéric Pétrot <frederic.petrot@univ-grenoble-alpes.fr> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Message-Id: <20240620083805.73603-1-frederic.petrot@univ-grenoble-alpes.fr> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-8-alex.bennee@linaro.org>
2024-07-22tests/plugins: use qemu_plugin_outs for inline statsAlex Bennée
Using bare printf's in plugins is perfectly acceptable but they do rather mess up the output of "make check-tcg". Convert the printfs to use g_string and then output with the plugin output helper which will already be captured to .pout files by the test harness. Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-7-alex.bennee@linaro.org>
2024-07-22plugins: fix mem callback array sizePierrick Bouvier
data was correctly copied, but size of array was not set (g_array_sized_new only reserves memory, but does not set size). As a result, callbacks were not called for code path relying on plugin_register_vcpu_mem_cb(). Found when trying to trigger mem access callbacks for atomic instructions. Reviewed-by: Xingtao Yao <yaoxt.fnst@fujitsu.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240706191335.878142-2-pierrick.bouvier@linaro.org> Message-Id: <20240718094523.1198645-6-alex.bennee@linaro.org>
2024-07-22plugins/stoptrigger: TCG plugin to stop execution under conditionsSimon Hamelin
This new plugin allows to stop emulation using conditions on the emulation state. By setting this plugin arguments, it is possible to set an instruction count limit and/or trigger address(es) to stop at. The code returned at emulation exit can be customized. This plugin demonstrates how someone could stop QEMU execution. It could be used for research purposes to launch some code and deterministically stop it and understand where its execution flow went. Co-authored-by: Alexandre Iooss <erdnaxe@crans.org> Signed-off-by: Simon Hamelin <simon.hamelin@grenoble-inp.org> Signed-off-by: Alexandre Iooss <erdnaxe@crans.org> Reviewed-by: Pierrick Bouvier <pierrick.bouvier@linaro.org> Message-Id: <20240715081521.19122-2-simon.hamelin@grenoble-inp.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-5-alex.bennee@linaro.org>
2024-07-22gdbstub: Re-factor gdb command extensionsAlex Bennée
Coverity reported a memory leak (CID 1549757) in this code and its admittedly rather clumsy handling of extending the command table. Instead of handing over a full array of the commands lets use the lighter weight GPtrArray and simply test for the presence of each entry as we go. This avoids complications of transferring ownership of arrays and keeps the final command entries as static entries in the target code. Cc: Akihiko Odaki <akihiko.odaki@daynix.com> Cc: Gustavo Bueno Romero <gustavo.romero@linaro.org> Cc: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Gustavo Romero <gustavo.romero@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-4-alex.bennee@linaro.org>
2024-07-22tests/avocado: Remove non-working sparc leon3 testThomas Huth
The test has been marked as broken more than 4 years ago, and so far nobody ever cared to fix it. Thus let's simply remove it now ... if somebody ever needs it again, they can restore the file from an older version of QEMU. Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Clément Chigot <chigot@adacore.com> Acked-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240710111755.60584-1-thuth@redhat.com> [AJB: fix MAINTAINERS] Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-3-alex.bennee@linaro.org>
2024-07-22testing: bump to latest libvirt-ciAlex Bennée
This brings in the latest python mappings for the BSD updates. Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20240718094523.1198645-2-alex.bennee@linaro.org>
2024-07-22vnc: increase max display sizeGerd Hoffmann
It's 2024. 4k display resolutions are a thing these days. Raise width and height limits of the qemu vnc server. Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1596 Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Message-ID: <20240530111029.1726329-1-kraxel@redhat.com>
2024-07-22tests/avocado/boot_xen.py: use class attributeCleber Rosa
Rather than defining a single use variable, let's just use the class attribute directly. Signed-off-by: Cleber Rosa <crosa@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20231208190911.102879-11-crosa@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2024-07-22tests/avocado/boot_xen.py: unify tagsCleber Rosa
Because all tests share the same tags, it's possible to have all of them at the class level. Signed-off-by: Cleber Rosa <crosa@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Message-ID: <20231208190911.102879-10-crosa@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2024-07-22tests/avocado/boot_xen.py: merge base classesCleber Rosa
While it's a good practice to have reusable base classes, in this specific case there's no other user of the BootXenBase class. By unifying the class used in this test, we can improve readability and have the opportunity to add some future improvements in a clearer fashion. Signed-off-by: Cleber Rosa <crosa@redhat.com> Message-ID: <20231208190911.102879-9-crosa@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2024-07-22Merge tag 'pull-aspeed-20240721' of https://github.com/legoater/qemu into ↵Richard Henderson
staging aspeed queue: * SMC model fix (Coverity) * AST2600 boot for eMMC support and test * AST2700 ADC model * I2C model changes preparing AST2700 I2C support # -----BEGIN PGP SIGNATURE----- # # iQIzBAABCAAdFiEEoPZlSPBIlev+awtgUaNDx8/77KEFAmacwdQACgkQUaNDx8/7 # 7KFJGxAAyGLeAW8OJQgRMh0LygKyY6n4p+8LnImKwH19DkJy9KXsFmi2iCyg2Ufh # FvNU1NUNjJopYZv+9sMtNXDlFbv53FkxotpmRnPQZxncH7VNUqZ/FyfVBItU7fdB # pX4pU1x49InQDSL+ZwOYEDLirc8aTp/ZfyeayeFxmJvhtpVtAOGwH+R/Xx5o+Tfd # fHTkAkJ69LVxK37fk6Bz6X4s3RnOCUpC7g8MuwN4FOSs1IorCq37tH72npPQ+lR+ # rFAaTY8/EDvn+mhCk61rTDo7fNB+/Oaks336cqKVWX8cg+qc0qOfqnG9f8H77b/P # PLmCoXS+L83Ko6p8PMh2hzehYMW/NXJLHQm3YOFx20LicommM3Mg9wXd2FV4AcVi # VbsL4+gNi4fPb4z6qCKUV/ir9IoL3x4OLfazKvj9wo88AvOkw06cyhZCfIBIy1Pe # BQyI9Bg8ExjCsDX5MXhPOzHbqHSQDmGPpN7B4DkcCRSp61QoO4GR8XwsUMPOWt2H # jwa0qEicdetu4Rop6HIQMdGCvpQEB4RW9l9hoePlg5FSv66M+wQoO5DTmUmTP/Go # 5NNEdFK1oaf2xgvgiWsexFyeinKoyC12OwzhHWxeZp7OORo44M1eYosFQ8L7o+Pk # XKL+t9Om17/BKKEA4JQjjip8E4p7m9wNJ7HQNcb63lqh2sYH/rQ= # =r9I0 # -----END PGP SIGNATURE----- # gpg: Signature made Sun 21 Jul 2024 06:07:48 PM AEST # gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1 # gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined] # gpg: WARNING: This key is not certified with a trusted signature! # gpg: There is no indication that the signature belongs to the owner. # Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1 * tag 'pull-aspeed-20240721' of https://github.com/legoater/qemu: aspeed: fix coding style hw/i2c/aspeed: rename the I2C class pool attribute to share_pool hw/i2c/aspeed: support to set the different memory size aspeed/soc: support ADC for AST2700 aspeed/adc: Add AST2700 support tests/avocado/machine_aspeed.py: Add eMMC boot tests aspeed: Introduce a 'boot-emmc' machine option aspeed: Introduce a 'hw_strap1' machine attribute aspeed: Add boot-from-eMMC HW strapping bit to rainier-bmc machine aspeed: Tune eMMC device properties to reflect HW strapping aspeed: Introduce a AspeedSoCClass 'boot_from_emmc' handler aspeed/scu: Add boot-from-eMMC HW strapping bit for AST2600 SoC aspeed: Load eMMC first boot area as a boot rom aspeed: Change type of eMMC device aspeed/smc: Fix possible integer overflow Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
2024-07-21contrib/vhost-user-blk: fix overflowing expressionStefano Garzarella
Coverity reported: >>> CID 1549454: Integer handling issues (OVERFLOW_BEFORE_WIDEN) >>> Potentially overflowing expression "le32_to_cpu(desc->num_sectors) << 9" with type "uint32_t" (32 bits, unsigned) is evaluated using 32-bit arithmetic, and then used in a context that expects an expression of type "uint64_t" (64 bits, unsigned). 199 le32_to_cpu(desc->num_sectors) << 9 }; Coverity noticed this issue after commit ab04420c3 ("contrib/vhost-user-*: use QEMU bswap helper functions"), but it was pre-existing and introduced from the beginning by commit caa1ee4313 ("vhost-user-blk: add discard/write zeroes features support"). Explicitly cast the 32-bit value before the shift to fix this issue. Fixes: Coverity CID 1549454 Fixes: 5ab04420c3 ("contrib/vhost-user-*: use QEMU bswap helper functions") Fixes: caa1ee4313 ("vhost-user-blk: add discard/write zeroes features support") Cc: changpeng.liu@intel.com Suggested-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Stefano Garzarella <sgarzare@redhat.com> Message-Id: <20240712153857.207440-1-sgarzare@redhat.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21virtio: Add VIRTIO_F_IN_ORDER property definitionJonah Palmer
Extend the virtio device property definitions to include the VIRTIO_F_IN_ORDER feature. The default state of this feature is disabled, allowing it to be explicitly enabled where it's supported. Acked-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com> Message-Id: <20240710125522.4168043-7-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21vhost,vhost-user: Add VIRTIO_F_IN_ORDER to vhost feature bitsJonah Palmer
Add support for the VIRTIO_F_IN_ORDER feature across a variety of vhost devices. The inclusion of VIRTIO_F_IN_ORDER in the feature bits arrays for these devices ensures that the backend is capable of offering and providing support for this feature, and that it can be disabled if the backend does not support it. Acked-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com> Message-Id: <20240710125522.4168043-6-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21virtio: virtqueue_ordered_flush - VIRTIO_F_IN_ORDER supportJonah Palmer
Add VIRTIO_F_IN_ORDER feature support for the virtqueue_flush operation. The goal of the virtqueue_ordered_flush operation when the VIRTIO_F_IN_ORDER feature has been negotiated is to write elements to the used/descriptor ring in-order and then update used_idx. The function iterates through the VirtQueueElement used_elems array in-order starting at vq->used_idx. If the element is valid (filled), the element is written to the used/descriptor ring. This process continues until we find an invalid (not filled) element. For packed VQs, the first entry (at vq->used_idx) is written to the descriptor ring last so the guest doesn't see any invalid descriptors. If any elements were written, the used_idx is updated. Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com> Message-Id: <20240710125522.4168043-5-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com> Acked-by: Eugenio Pérez <eperezma@redhat.com>
2024-07-21virtio: virtqueue_ordered_fill - VIRTIO_F_IN_ORDER supportJonah Palmer
Add VIRTIO_F_IN_ORDER feature support for the virtqueue_fill operation. The goal of the virtqueue_ordered_fill operation when the VIRTIO_F_IN_ORDER feature has been negotiated is to search for this now-used element, set its length, and mark the element as filled in the VirtQueue's used_elems array. By marking the element as filled, it will indicate that this element has been processed and is ready to be flushed, so long as the element is in-order. Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com> Message-Id: <20240710125522.4168043-4-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21virtio: virtqueue_pop - VIRTIO_F_IN_ORDER supportJonah Palmer
Add VIRTIO_F_IN_ORDER feature support in virtqueue_split_pop and virtqueue_packed_pop. VirtQueueElements popped from the available/descritpor ring are added to the VirtQueue's used_elems array in-order and in the same fashion as they would be added the used and descriptor rings, respectively. This will allow us to keep track of the current order, what elements have been written, as well as an element's essential data after being processed. Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com> Message-Id: <20240710125522.4168043-3-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21virtio: Add bool to VirtQueueElementJonah Palmer
Add the boolean 'in_order_filled' member to the VirtQueueElement structure. The use of this boolean will signify whether the element has been processed and is ready to be flushed (so long as the element is in-order). This boolean is used to support the VIRTIO_F_IN_ORDER feature. Reviewed-by: Eugenio Pérez <eperezma@redhat.com> Signed-off-by: Jonah Palmer <jonah.palmer@oracle.com> Message-Id: <20240710125522.4168043-2-jonah.palmer@oracle.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21intel_iommu: make type matchClément Mathieu--Drif
The 'level' field in vtd_iotlb_key is an unsigned integer. We don't need to store level as an int in vtd_lookup_iotlb. This is not an issue by itself, but using unsigned here seems cleaner. Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Message-Id: <20240709142557.317271-5-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21intel_iommu: fix type of the mask field in VTDIOTLBPageInvInfoClément Mathieu--Drif
Per the below code, it can overflow as am can be larger than 8 according to the CH 6.5.2.3 IOTLB Invalidate. Use uint64_t to avoid overflows. Fixes: b5a280c00840 ("intel-iommu: add IOTLB using hash table") Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com> Reviewed-by: Minwoo Im <minwoo.im@samsung.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Message-Id: <20240709142557.317271-4-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21intel_iommu: move VTD_FRCD_PV and VTD_FRCD_PP declarationsClément Mathieu--Drif
These 2 macros are for high 64-bit of the FRCD registers. Declarations have to be moved accordingly. Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com> Reviewed-by: Minwoo Im <minwoo.im@samsung.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Message-Id: <20240709142557.317271-3-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21intel_iommu: fix FRCD construction macroClément Mathieu--Drif
The constant must be unsigned, otherwise the two's complement overrides the other fields when a PASID is present. Fixes: 1b2b12376c8a ("intel-iommu: PASID support") Signed-off-by: Clément Mathieu--Drif <clement.mathieu--drif@eviden.com> Reviewed-by: Yi Liu <yi.l.liu@intel.com> Reviewed-by: Zhenzhong Duan <zhenzhong.duan@intel.com> Reviewed-by: Minwoo Im <minwoo.im@samsung.com> Message-Id: <20240709142557.317271-2-clement.mathieu--drif@eviden.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21virtio-snd: check for invalid param shift operandsManos Pitsidianakis
When setting the parameters of a PCM stream, we compute the bit flag with the format and rate values as shift operand to check if they are set in supported_formats and supported_rates. If the guest provides a format/rate value which when shifting 1 results in a value bigger than the number of bits in supported_formats/supported_rates, we must report an error. Previously, this ended up triggering the not reached assertions later when converting to internal QEMU values. Reported-by: Zheyu Ma <zheyuma97@gmail.com> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2416 Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Message-Id: <virtio-snd-fuzz-2416-fix-v1-manos.pitsidianakis@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21virtio-snd: add max size bounds check in input cbManos Pitsidianakis
When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb(), we do not check whether the iov can actually fit the data buffer. This is because we use the buffer->size field as a total-so-far accumulator instead of byte-size-left like in TX buffers. This triggers an out of bounds write if the size of the virtio queue element is equal to virtio_snd_pcm_status, which makes the available space for audio data zero. This commit adds a check for reaching the maximum buffer size before attempting any writes. Reported-by: Zheyu Ma <zheyuma97@gmail.com> Resolves: https://gitlab.com/qemu-project/qemu/-/issues/2427 Signed-off-by: Manos Pitsidianakis <manos.pitsidianakis@linaro.org> Message-Id: <virtio-snd-fuzz-2427-fix-v1-manos.pitsidianakis@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21MAINTAINERS: Add myself as a VT-d reviewerYi Liu
Signed-off-by: Yi Liu <yi.l.liu@intel.com> Message-Id: <20240708032112.796339-1-yi.l.liu@intel.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21hw/cxl: Support firmware updatesDavidlohr Bueso
Implement transfer and activate functionality per 3.1 spec for supporting update metadata (no actual buffers). Transfer times are arbitrarily set to ten and two seconds for full and part transfers, respectively. cxl update-firmware mem0 -F fw.img <on-going fw update> cxl update-firmware mem0 "memdev":"mem0", "pmem_size":"1024.00 MiB (1073.74 MB)", "serial":"0", "host":"0000:0d:00.0", "firmware":{ "num_slots":2, "active_slot":1, "online_activate_capable":true, "slot_1_version":"BWFW VERSION 0", "fw_update_in_progress":true, "remaining_size":22400 } } <completed fw update> cxl update-firmware mem0 { "memdev":"mem0", "pmem_size":"1024.00 MiB (1073.74 MB)", "serial":"0", "host":"0000:0d:00.0", "firmware":{ "num_slots":2, "active_slot":1, "staged_slot":2, "online_activate_capable":true, "slot_1_version":"BWFW VERSION 0", "slot_2_version":"BWFW VERSION 1", "fw_update_in_progress":false } } Signed-off-by: Davidlohr Bueso <dave@stgolabs.net> Link: https://lore.kernel.org/r/20240627164912.25630-1-dave@stgolabs.net Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20240705125915.991672-2-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21hw/cxl/cxl-mailbox-utils: Add device DDR5 ECS control featureShiju Jose
CXL spec 3.1 section 8.2.9.9.11.2 describes the DDR5 Error Check Scrub (ECS) control feature. The Error Check Scrub (ECS) is a feature defined in JEDEC DDR5 SDRAM Specification (JESD79-5) and allows the DRAM to internally read, correct single-bit errors, and write back corrected data bits to the DRAM array while providing transparency to error counts. The ECS control feature allows the request to configure ECS input configurations during system boot or at run-time. The ECS control allows the requester to change the log entry type, the ECS threshold count provided that the request is within the definition specified in DDR5 mode registers, change mode between codeword mode and row count mode, and reset the ECS counter. Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Reviewed-by: Fan Ni <fan.ni@samsung.com> Signed-off-by: Shiju Jose <shiju.jose@huawei.com> Link: https://lore.kernel.org/r/20240223085902.1549-4-shiju.jose@huawei.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20240705123039.963781-5-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21hw/cxl/cxl-mailbox-utils: Add device patrol scrub control featureShiju Jose
CXL spec 3.1 section 8.2.9.9.11.1 describes the device patrol scrub control feature. The device patrol scrub proactively locates and makes corrections to errors in regular cycle. The patrol scrub control allows the request to configure patrol scrub input configurations. The patrol scrub control allows the requester to specify the number of hours for which the patrol scrub cycles must be completed, provided that the requested number is not less than the minimum number of hours for the patrol scrub cycle that the device is capable of. In addition, the patrol scrub controls allow the host to disable and enable the feature in case disabling of the feature is needed for other purposes such as performance-aware operations which require the background operations to be turned off. Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Reviewed-by: Fan Ni <fan.ni@samsung.com> Signed-off-by: Shiju Jose <shiju.jose@huawei.com> Link: https://lore.kernel.org/r/20240223085902.1549-3-shiju.jose@huawei.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20240705123039.963781-4-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21hw/cxl/cxl-mailbox-utils: Add support for feature commands (8.2.9.6)Shiju Jose
CXL spec 3.1 section 8.2.9.6 describes optional device specific features. CXL devices supports features with changeable attributes. Get Supported Features retrieves the list of supported device specific features. The settings of a feature can be retrieved using Get Feature and optionally modified using Set Feature. Reviewed-by: Davidlohr Bueso <dave@stgolabs.net> Reviewed-by: Fan Ni <fan.ni@samsung.com> Signed-off-by: Shiju Jose <shiju.jose@huawei.com> Link: https://lore.kernel.org/r/20240223085902.1549-2-shiju.jose@huawei.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20240705123039.963781-3-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21cxl/mailbox: move mailbox effect definitions to a headerGregory Price
Preparation for allowing devices to define their own CCI commands Signed-off-by: Gregory Price <gregory.price@memverge.com> Link: https://lore.kernel.org/r/20230906001517.324380-2-gregory.price@memverge.com Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20240705123039.963781-2-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2024-07-21hw/cxl: Add get scan media results cmd supportDavidlohr Bueso
Iterate over the list keeping the output payload size into account, returning the results from a previous scan media operation. The scan media operation does not fail prematurely due to device being out of storage, so this implementation does not deal with the retry/restart functionality. Signed-off-by: Davidlohr Bueso <dave@stgolabs.net> Link: https://lore.kernel.org/r/20230908073152.4386-5-dave@stgolabs.net Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com> Message-Id: <20240705120643.959422-5-Jonathan.Cameron@huawei.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>