aboutsummaryrefslogtreecommitdiff
path: root/hw
AgeCommit message (Collapse)Author
2020-07-15Merge remote-tracking branch ↵Peter Maydell
'remotes/philmd-gitlab/tags/sdcard-CVE-2020-13253-pull-request' into staging Fix CVE-2020-13253 By using invalidated address, guest can do out-of-bounds accesses. These patches fix the issue by only allowing SD card image sizes power of 2, and not switching to SEND_DATA state when the address is invalid (out of range). This issue was found using QEMU fuzzing mode (using --enable-fuzzing, see docs/devel/fuzzing.txt) and reported by Alexander Bulekov. Reproducer: https://bugs.launchpad.net/qemu/+bug/1880822/comments/1 CI jobs results: . https://cirrus-ci.com/build/5157142548185088 . https://gitlab.com/philmd/qemu/-/pipelines/166381731 . https://travis-ci.org/github/philmd/qemu/builds/707956535 # gpg: Signature made Tue 14 Jul 2020 14:54:44 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/sdcard-CVE-2020-13253-pull-request: hw/sd/sdcard: Do not switch to ReceivingData if address is invalid hw/sd/sdcard: Update coding style to make checkpatch.pl happy hw/sd/sdcard: Do not allow invalid SD card sizes hw/sd/sdcard: Simplify realize() a bit hw/sd/sdcard: Restrict Class 6 commands to SCSD cards tests/acceptance/boot_linux: Expand SD card image to power of 2 tests/acceptance/boot_linux: Tag tests using a SD card with 'device:sd' docs/orangepi: Add instructions for resizing SD image to power of two MAINTAINERS: Cc qemu-block mailing list Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-14hw/sd/sdcard: Do not switch to ReceivingData if address is invalidPhilippe Mathieu-Daudé
Only move the state machine to ReceivingData if there is no pending error. This avoids later OOB access while processing commands queued. "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" 4.3.3 Data Read Read command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR occurred and no data transfer is performed. 4.3.4 Data Write Write command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR occurred and no data transfer is performed. WP_VIOLATION errors are not modified: the error bit is set, we stay in receive-data state, wait for a stop command. All further data transfer is ignored. See the check on sd->card_status at the beginning of sd_read_data() and sd_write_data(). Fixes: CVE-2020-13253 Cc: qemu-stable@nongnu.org Reported-by: Alexander Bulekov <alxndr@bu.edu> Buglink: https://bugs.launchpad.net/qemu/+bug/1880822 Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20200630133912.9428-6-f4bug@amsat.org>
2020-07-14hw/sd/sdcard: Update coding style to make checkpatch.pl happyPhilippe Mathieu-Daudé
To make the next commit easier to review, clean this code first. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200630133912.9428-3-f4bug@amsat.org>
2020-07-14hw/sd/sdcard: Do not allow invalid SD card sizesPhilippe Mathieu-Daudé
QEMU allows to create SD card with unrealistic sizes. This could work, but some guests (at least Linux) consider sizes that are not a power of 2 as a firmware bug and fix the card size to the next power of 2. While the possibility to use small SD card images has been seen as a feature, it became a bug with CVE-2020-13253, where the guest is able to do OOB read/write accesses past the image size end. In a pair of commits we will fix CVE-2020-13253 as: Read command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR occurred and no data transfer is performed. Write command is rejected if BLOCK_LEN_ERROR or ADDRESS_ERROR occurred and no data transfer is performed. WP_VIOLATION errors are not modified: the error bit is set, we stay in receive-data state, wait for a stop command. All further data transfer is ignored. See the check on sd->card_status at the beginning of sd_read_data() and sd_write_data(). While this is the correct behavior, in case QEMU create smaller SD cards, guests still try to access past the image size end, and QEMU considers this is an invalid address, thus "all further data transfer is ignored". This is wrong and make the guest looping until eventually timeouts. Fix by not allowing invalid SD card sizes (suggesting the expected size as a hint): $ qemu-system-arm -M orangepi-pc -drive file=rootfs.ext2,if=sd,format=raw qemu-system-arm: Invalid SD card size: 60 MiB SD card size has to be a power of 2, e.g. 64 MiB. You can resize disk images with 'qemu-img resize <imagefile> <new-size>' (note that this will lose data if you make the image smaller than it currently is). Cc: qemu-stable@nongnu.org Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Message-Id: <20200713183209.26308-8-f4bug@amsat.org>
2020-07-14hw/sd/sdcard: Simplify realize() a bitPhilippe Mathieu-Daudé
We don't need to check if sd->blk is set twice. Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20200630133912.9428-18-f4bug@amsat.org>
2020-07-14hw/sd/sdcard: Restrict Class 6 commands to SCSD cardsPhilippe Mathieu-Daudé
Only SCSD cards support Class 6 (Block Oriented Write Protection) commands. "SD Specifications Part 1 Physical Layer Simplified Spec. v3.01" 4.3.14 Command Functional Difference in Card Capacity Types * Write Protected Group SDHC and SDXC do not support write-protected groups. Issuing CMD28, CMD29 and CMD30 generates the ILLEGAL_COMMAND error. Cc: qemu-stable@nongnu.org Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <20200630133912.9428-7-f4bug@amsat.org>
2020-07-13hw/char: Convert the Ibex UART to use the registerfields APIAlistair Francis
Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Message-id: 06372c9cdeec715077899e71c858d9f0a2a3395b.1594332223.git.alistair.francis@wdc.com Message-Id: <06372c9cdeec715077899e71c858d9f0a2a3395b.1594332223.git.alistair.francis@wdc.com>
2020-07-13hw/char: Convert the Ibex UART to use the qdev Clock modelAlistair Francis
Conver the Ibex UART to use the recently added qdev-clock functions. Signed-off-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: b0136fad870a29049959ec161c1217b967d7e19d.1594332223.git.alistair.francis@wdc.com Message-Id: <b0136fad870a29049959ec161c1217b967d7e19d.1594332223.git.alistair.francis@wdc.com>
2020-07-13hw/riscv: Modify MROM size to end at 0x10000Bin Meng
At present the size of Mask ROM for sifive_u / spike / virt machines is set to 0x11000, which ends at an unusual address. This changes the size to 0xf000 so that it ends at 0x10000. Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-Id: <1594289144-24723-1-git-send-email-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-13RISC-V: Support 64 bit start addressAtish Patra
Even though the start address in ROM code is declared as a 64 bit address for RV64, it can't be used as upper bits are set to zero in ROM code. Update the ROM code correctly to reflect the 64bit value. Signed-off-by: Atish Patra <atish.patra@wdc.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-Id: <20200701183949.398134-5-atish.patra@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-13riscv: Add opensbi firmware dynamic supportAtish Patra
OpenSBI is the default firmware in Qemu and has various firmware loading options. Currently, qemu loader uses fw_jump which has a compile time pre-defined address where fdt & kernel image must reside. This puts a constraint on image size of the Linux kernel depending on the fdt location and available memory. However, fw_dynamic allows the loader to specify the next stage location (i.e. Linux kernel/U-Boot) in memory and other configurable boot options available in OpenSBI. Add support for OpenSBI dynamic firmware loading support. This doesn't break existing setup and fw_jump will continue to work as it is. Any other firmware will continue to work without any issues as long as it doesn't expect anything specific from loader in "a2" register. Signed-off-by: Atish Patra <atish.patra@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-Id: <20200701183949.398134-4-atish.patra@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-13RISC-V: Copy the fdt in dram instead of ROMAtish Patra
Currently, the fdt is copied to the ROM after the reset vector. The firmware has to copy it to DRAM. Instead of this, directly copy the device tree to a pre-computed dram address. The device tree load address should be as far as possible from kernel and initrd images. That's why it is kept at the end of the DRAM or 4GB whichever is lesser. Signed-off-by: Atish Patra <atish.patra@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-Id: <20200701183949.398134-3-atish.patra@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-13riscv: Unify Qemu's reset vector code pathAtish Patra
Currently, all riscv machines except sifive_u have identical reset vector code implementations with memory addresses being different for all machines. They can be easily combined into a single function in common code. Move it to common function and let all the machines use the common function. Signed-off-by: Atish Patra <atish.patra@wdc.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Reviewed-by: Bin Meng <bin.meng@windriver.com> Tested-by: Bin Meng <bin.meng@windriver.com> Message-Id: <20200701183949.398134-2-atish.patra@wdc.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-13hw/riscv: virt: Sort the SoC memmap table entriesBin Meng
Adjust the PCIe memory maps to follow the order. Signed-off-by: Bin Meng <bin.meng@windriver.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com> Message-Id: <1593746511-19517-1-git-send-email-bmeng.cn@gmail.com> Signed-off-by: Alistair Francis <alistair.francis@wdc.com>
2020-07-13Merge remote-tracking branch ↵Peter Maydell
'remotes/kraxel/tags/fixes-20200713-pull-request' into staging bugfixes for audio, usb, ui and docs. # gpg: Signature made Mon 13 Jul 2020 15:10:35 BST # gpg: using RSA key 4CB6D8EED3E87138 # gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full] # gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full] # gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full] # Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138 * remotes/kraxel/tags/fixes-20200713-pull-request: usb: fix usb-host build on windows. ui: fix vc_chr_write call in text_console_do_init docs/qdev-device-use: Clean up the sentences related to -usbdevice ossaudio: fix out of bounds write Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-13hw/arm/aspeed: Do not create and attach empty SD cards by defaultPhilippe Mathieu-Daudé
Since added in commit 2bea128c3d, each SDHCI is wired with a SD card, using empty card when no block drive provided. This is not the desired behavior. The SDHCI exposes a SD bus to plug cards on, if no card available, it is fine to have an unplugged bus. Avoid creating unnecessary SD card device when no block drive provided. Fixes: 2bea128c3d ("hw/sd/aspeed_sdhci: New device") Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200705173402.15620-1-f4bug@amsat.org Reviewed-by: Cédric Le Goater <clg@kaod.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-13hw/arm/palm.c: Encapsulate misc GPIO handling in a devicePeter Maydell
Replace the free-floating set of IRQs and palmte_onoff_gpios() function with a simple QOM device that encapsulates this behaviour. This fixes Coverity issue CID 1421944, which points out that the memory returned by qemu_allocate_irqs() is leaked. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200628214230.2592-3-peter.maydell@linaro.org
2020-07-13hw/arm/palm.c: DetabifyPeter Maydell
Remove hard-tabs from palm.c. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Li Qiang <liq3ea@gmail.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200628214230.2592-2-peter.maydell@linaro.org
2020-07-13hw/arm/tosa: Encapsulate misc GPIO handling in a devicePeter Maydell
Currently we have a free-floating set of IRQs and a function tosa_out_switch() which handle the GPIO lines on the tosa board which connect to LEDs, and another free-floating IRQ and tosa_reset() function to handle the GPIO line that resets the system. Encapsulate this behaviour in a simple QOM device. This commit fixes Coverity issue CID 1421929 (which pointed out that the 'outsignals' in tosa_gpio_setup() were leaked), because it removes the use of the qemu_allocate_irqs() API from this code entirely. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200628203748.14250-3-peter.maydell@linaro.org
2020-07-13hw/arm/tosa.c: DetabifyPeter Maydell
Remove the hardcoded tabs from hw/arm/tosa.c. There aren't many, but since they're all in constant #defines they're not going to go away with our usual "only when we touch a function" policy on reformatting. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20200628203748.14250-2-peter.maydell@linaro.org
2020-07-13hw/nios2: exit to main CPU loop only when unmasking interruptsWentong Wu
Only when guest code is unmasking interrupts, terminate the excution of translated code and exit to the main CPU loop to handle previous pended interrupts because of the interrupts mask by guest code. Signed-off-by: Wentong Wu <wentong.wu@intel.com> Message-id: 20200710233433.19729-4-wentong.wu@intel.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-13osdep.h: Always include <sys/signal.h> if it existsDavid CARLIER
Regularize our handling of <sys/signal.h>: currently we include it in osdep.h, but only for OpenBSD, and we include it without an ifdef guard in a couple of C files. This causes problems for Haiku, which doesn't have that header. Instead, check in configure whether sys/signal.h exists, and if it does then always include it from osdep.h. Signed-off-by: David Carlier <devnexen@gmail.com> Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200703145614.16684-5-peter.maydell@linaro.org [PMM: Expanded commit message; rename to HAVE_SYS_SIGNAL_H] Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-13virtio-iommu: Fix coverity issue in virtio_iommu_handle_command()Eric Auger
Coverity points out (CID 1430180) that the new case is missing break or a /* fallthrough */ comment. Break is the right thing to do as in that case, tail is not used. Fixes 1733eebb9e ("virtio-iommu: Implement RESV_MEM probe request") Signed-off-by: Eric Auger <eric.auger@redhat.com> Reported-by: Peter Maydell <peter.maydell@linaro.org> Message-id: 20200708160147.18426-1-eric.auger@redhat.com Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-13Add the ability to change the FEC PHY MDIO devices numbers on i.MX7 processorJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: c850187322be9930e47c8b234c385a7d0da245cb.1593806826.git.jcd@tribudubois.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: updated for object_property_set_uint() argument reordering] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-13Add the ability to change the FEC PHY MDIO device number on i.MX6 processorJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: 05a64e83eb1c0c865ac077b22c599425c024c02c.1593806826.git.jcd@tribudubois.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: updated for object_property_set_uint() argument reordering] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-13Add the ability to change the FEC PHY MDIO device number on i.MX25 processorJean-Christophe Dubois
Signed-off-by: Jean-Christophe Dubois <jcd@tribudubois.net> Message-id: 9f8923ecd974160ae8f634c275b1100c2cbe66d7.1593806826.git.jcd@tribudubois.net Reviewed-by: Peter Maydell <peter.maydell@linaro.org> [PMM: updated for object_property_set_uint() argument reordering] Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-13usb: fix usb-host build on windows.Gerd Hoffmann
Seems the new API is not available on windows. Update #ifdefs accordingly. Fixes: 9f815e83e983 ("usb: add hostdevice property to usb-host") Reported-by: Howard Spoelstra <hsp.cat7@gmail.com> Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Tested-by: Howard Spoelstra <hsp.cat7@gmail.com> Message-id: 20200624134510.9381-1-kraxel@redhat.com
2020-07-12Merge remote-tracking branch ↵Peter Maydell
'remotes/stsquad/tags/pull-testing-and-misc-110720-2' into staging Testing and misc build updates: - tests/vm support for aarch64 VMs - tests/tcg better cross-compiler detection - update docker tooling to support registries - update docker support for xtensa - gitlab build docker images and store in registry - gitlab use docker images for builds - a number of skipIf updates to support move - linux-user MAP_FIXED_NOREPLACE fix - qht-bench compiler tweaks - configure fix for secret keyring - tsan fiber annotation clean-up - doc updates for mttcg/icount/gdbstub - fix cirrus to use brew bash for iotests - revert virtio-gpu breakage - fix LC_ALL to avoid sorting changes in iotests # gpg: Signature made Sat 11 Jul 2020 15:56:42 BST # gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full] # Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44 * remotes/stsquad/tags/pull-testing-and-misc-110720-2: (50 commits) iotests: Set LC_ALL=C for sort Revert "vga: build virtio-gpu as module" tests: fix "make check-qtest" for modular builds .cirrus.yml: add bash to the brew packages tests/docker: update toolchain set in debian-xtensa-cross tests/docker: fall back more gracefully when pull fails docs: Add to gdbstub documentation the PhyMemMode docs/devel: add some notes on tcg-icount for developers docs/devel: convert and update MTTCG design document tests/qht-bench: Adjust threshold computation tests/qht-bench: Adjust testing rate by -1 travis.yml: Test also the other targets on s390x shippable: pull images from registry instead of building testing: add check-build target containers.yml: build with docker.py tooling gitlab: limit re-builds of the containers tests: improve performance of device-introspect-test gitlab: add avocado asset caching gitlab: enable check-tcg for linux-user tests linux-user/elfload: use MAP_FIXED_NOREPLACE in pgb_reserved_va ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-11Merge remote-tracking branch 'remotes/philmd-gitlab/tags/avr-port-20200711' ↵Peter Maydell
into staging 8bit AVR port from Michael Rolnik. Michael started to work on the AVR port few years ago [*] and kept improving the code over various series. List of people who help him (in chronological order): - Richard Henderson - Sarah Harris and Edward Robbins - Philippe Mathieu-Daudé and Aleksandar Markovic - Pavel Dovgalyuk - Thomas Huth [*] The oldest contribution I could find on the list is from 2016: https://lists.nongnu.org/archive/html/qemu-devel/2016-06/msg02985.html Tests included: $ avocado --show=app run -t arch:avr tests/acceptance/ Fetching asset from tests/acceptance/machine_avr6.py:AVR6Machine.test_freertos (1/1) tests/acceptance/machine_avr6.py:AVR6Machine.test_freertos: PASS (2.13 s) RESULTS : PASS 1 | ERROR 0 | FAIL 0 | SKIP 0 | WARN 0 | INTERRUPT 0 | CANCEL 0 JOB TIME : 2.35 s $ make check-qtest-avr TEST check-qtest-avr: tests/qtest/boot-serial-test TEST check-qtest-avr: tests/qtest/cdrom-test TEST check-qtest-avr: tests/qtest/device-introspect-test TEST check-qtest-avr: tests/qtest/machine-none-test TEST check-qtest-avr: tests/qtest/qmp-test TEST check-qtest-avr: tests/qtest/qmp-cmd-test TEST check-qtest-avr: tests/qtest/qom-test TEST check-qtest-avr: tests/qtest/test-hmp TEST check-qtest-avr: tests/qtest/qos-test CI results: . https://cirrus-ci.com/build/5697049146425344 . https://gitlab.com/philmd/qemu/-/pipelines/165328058 . https://travis-ci.org/github/philmd/qemu/builds/705817933 . https://app.shippable.com/github/philmd/qemu/runs/822/summary/console # gpg: Signature made Sat 11 Jul 2020 10:03:11 BST # gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE # gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [full] # Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE * remotes/philmd-gitlab/tags/avr-port-20200711: (32 commits) target/avr/disas: Fix store instructions display order target/avr/cpu: Fix $PC displayed address target/avr/cpu: Drop tlb_flush() in avr_cpu_reset() target/avr: Add section into QEMU documentation tests/acceptance: Test the Arduino MEGA2560 board tests/boot-serial: Test some Arduino boards (AVR based) hw/avr: Add limited support for some Arduino boards hw/avr: Add some ATmega microcontrollers hw/avr: Add support for loading ELF/raw binaries hw/misc: avr: Add limited support for power reduction device hw/timer: avr: Add limited support for 16-bit timer peripheral hw/char: avr: Add limited support for USART peripheral tests/machine-none: Add AVR support target/avr: Register AVR support with the rest of QEMU target/avr: Add support for disassembling via option '-d in_asm' target/avr: Initialize TCG register variables target/avr: Add instruction translation - CPU main translation function target/avr: Add instruction translation - MCU Control Instructions target/avr: Add instruction translation - Bit and Bit-test Instructions target/avr: Add instruction translation - Data Transfer Instructions ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-11Merge remote-tracking branch 'remotes/bonzini/tags/for-upstream' into stagingPeter Maydell
* Make checkpatch say 'qemu' instead of 'kernel' (Aleksandar) * Fix PSE guests with emulated NPT (Alexander B. #1) * Fix leak (Alexander B. #2) * HVF fixes (Roman, Cameron) * New Sapphire Rapids CPUID bits (Cathy) * cpus.c and softmmu/ cleanups (Claudio) * TAP driver tweaks (Daniel, Havard) * object-add bugfix and testcases (Eric A.) * Fix Coverity MIN_CONST and MAX_CONST (Eric B.) * "info lapic" improvement (Jan) * SSE fixes (Joseph) * "-msg guest-name" option (Mario) * support for AMD nested live migration (myself) * Small i386 TCG fixes (myself) * improved error reporting for Xen (myself) * fix "-cpu host -overcommit cpu-pm=on" (myself) * Add accel/Kconfig (Philippe) * iscsi sense handling fixes (Yongji) * Misc bugfixes # gpg: Signature made Sat 11 Jul 2020 00:33:41 BST # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini/tags/for-upstream: (47 commits) linux-headers: update again to 5.8 apic: Report current_count via 'info lapic' scripts: improve message when TAP based tests fail target/i386: Enable TSX Suspend Load Address Tracking feature target/i386: Add SERIALIZE cpu feature softmmu/vl: Remove the check for colons in -accel parameters cpu-throttle: new module, extracted from cpus.c softmmu: move softmmu only files from root pc: fix leak in pc_system_flash_cleanup_unused cpus: Move CPU code from exec.c to cpus-common.c target/i386: Correct the warning message of Intel PT checkpatch: Change occurences of 'kernel' to 'qemu' in user messages iscsi: return -EIO when sense fields are meaningless iscsi: handle check condition status in retry loop target/i386: sev: fail query-sev-capabilities if QEMU cannot use SEV target/i386: sev: provide proper error reporting for query-sev-capabilities KVM: x86: believe what KVM says about WAITPKG target/i386: implement undocumented "smsw r32" behavior target/i386: remove gen_io_end Makefile: simplify MINIKCONF rules ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-11Revert "vga: build virtio-gpu as module"Gerd Hoffmann
This reverts commit 8d5a24c83dba90b08ef163bbf166d6dfbad9019b. Compiling all virtio-gpu objects into a single module isn't a good plan because the individual objects have different CONFIG_* dependencies. Leads to module load failures on s390x due to vga support being disabled, which in turn breaks '-device virtio-gpu-device' (flagged by travis ci). So back to the drawing board for modular virtio-gpu ... Signed-off-by: Gerd Hoffmann <kraxel@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org> Message-Id: <20200710203652.9708-3-kraxel@redhat.com>
2020-07-11Merge remote-tracking branch 'remotes/aperard/tags/pull-xen-20200710' into ↵Peter Maydell
staging xen patches Fixes following harden checks in qdev. # gpg: Signature made Fri 10 Jul 2020 14:05:46 BST # gpg: using RSA key F80C006308E22CFD8A92E7980CF5572FD7FB55AF # gpg: issuer "anthony.perard@citrix.com" # gpg: Good signature from "Anthony PERARD <anthony.perard@gmail.com>" [marginal] # gpg: aka "Anthony PERARD <anthony.perard@citrix.com>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 5379 2F71 024C 600F 778A 7161 D8D5 7199 DF83 42C8 # Subkey fingerprint: F80C 0063 08E2 2CFD 8A92 E798 0CF5 572F D7FB 55AF * remotes/aperard/tags/pull-xen-20200710: xen: cleanup unrealized flash devices xen: Fix xen-legacy-backend qdev types Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-11hw/avr: Add limited support for some Arduino boardsPhilippe Mathieu-Daudé
Arduino boards are build with AVR chipsets. Add some of these boards: - Arduino Duemilanove - Arduino Uno - Arduino Mega For more information: https://www.arduino.cc/en/Main/Products https://store.arduino.cc/arduino-genuino/most-popular [AM: Remove word 'Atmel' from filenames and all elements of code] Suggested-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Reviewed-by: Igor Mammedov <imammedo@redhat.com> Reviewed-by: Joaquin de Andres <me@xcancerberox.com.ar> [thuth: sysbus_init_child_obj() ==> object_initialize_child()] Signed-off-by: Thomas Huth <huth@tuxfamily.org> Message-Id: <20200705140315.260514-26-huth@tuxfamily.org>
2020-07-11hw/avr: Add some ATmega microcontrollersPhilippe Mathieu-Daudé
Add some AVR microcontrollers from the ATmega family: - middle range: ATmega168 and ATmega328 - high range: ATmega1280 and ATmega2560 For product comparison: https://www.microchip.com/wwwproducts/ProductCompare/ATmega168P/ATmega328P https://www.microchip.com/wwwproducts/ProductCompare/ATmega1280/ATmega2560 Datasheets: http://ww1.microchip.com/downloads/en/DeviceDoc/ATmega48A-PA-88A-PA-168A-PA-328-P-DS-DS40002061A.pdf http://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-2549-8-bit-AVR-Microcontroller-ATmega640-1280-1281-2560-2561_datasheet.pdf [AM: Remove word 'Atmel' from filenames and all elements of code] Suggested-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> [thuth: Rebased to master, fixed object_initialize_child() calls etc.] Signed-off-by: Thomas Huth <huth@tuxfamily.org> Message-Id: <20200705140315.260514-25-huth@tuxfamily.org> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-07-11hw/avr: Add support for loading ELF/raw binariesPhilippe Mathieu-Daudé
Add avr_load_firmware() function to load firmware in ELF or raw binary format. [AM: Corrected the type of the variable containing e_flags] [AM: Moved definition of e_flags conversion function to boot.c] Suggested-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Reviewed-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Signed-off-by: Thomas Huth <huth@tuxfamily.org> Message-Id: <20200705140315.260514-24-huth@tuxfamily.org> [PMD: Replace load_image_targphys() by load_image_mr()] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-07-11hw/misc: avr: Add limited support for power reduction deviceMichael Rolnik
This is a simple device of just one register, and whenever this register is written to it calls qemu_set_irq function for each of 8 bits/IRQs. It is used to implement AVR Power Reduction. [AM: Remove word 'Atmel' from filenames and all elements of code] Suggested-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Signed-off-by: Michael Rolnik <mrolnik@gmail.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> [rth: Squash include fix and file rename from f4bug] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org> Message-Id: <20200705140315.260514-22-huth@tuxfamily.org>
2020-07-11hw/timer: avr: Add limited support for 16-bit timer peripheralMichael Rolnik
These were designed to facilitate testing but should provide enough function to be useful in other contexts. Only a subset of the functions of each peripheral is implemented, mainly due to the lack of a standard way to handle electrical connections (like GPIO pins). [AM: Remove word 'Atmel' from filenames and all elements of code] Suggested-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Signed-off-by: Sarah Harris <S.E.Harris@kent.ac.uk> Signed-off-by: Ed Robbins <E.J.C.Robbins@kent.ac.uk> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> [rth: Squash info mtree fixes and a file rename from f4bug] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> [PMD: Use qemu_log_mask(LOG_UNIMP), replace goto by return] Signed-off-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Reviewed-by: Alex Bennée <alex.bennee@linaro.org> Signed-off-by: Thomas Huth <huth@tuxfamily.org> Message-Id: <20200705140315.260514-21-huth@tuxfamily.org> [PMD: Check cpu-frequency-hz property in realize()] Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
2020-07-11hw/char: avr: Add limited support for USART peripheralMichael Rolnik
These were designed to facilitate testing but should provide enough function to be useful in other contexts. Only a subset of the functions of each peripheral is implemented, mainly due to the lack of a standard way to handle electrical connections (like GPIO pins). [AM: Remove word 'Atmel' from filenames and all elements of code] Suggested-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Signed-off-by: Michael Rolnik <mrolnik@gmail.com> Signed-off-by: Sarah Harris <S.E.Harris@kent.ac.uk> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> [rth: Squash I/O size fix and file rename from f4bug] Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Reviewed-by: Aleksandar Markovic <aleksandar.m.mail@gmail.com> Signed-off-by: Thomas Huth <huth@tuxfamily.org> Message-Id: <20200705140315.260514-20-huth@tuxfamily.org>
2020-07-10apic: Report current_count via 'info lapic'Jan Kiszka
This is helpful when debugging stuck guest timers. As we need apic_get_current_count for that, and it is really not emulation specific, move it to apic_common.c and export it. Fix its style at this chance as well. Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Message-Id: <e00e2896-ca5b-a929-de7a-8e5762f0c1c2@siemens.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-07-10pc: fix leak in pc_system_flash_cleanup_unusedAlexander Bulekov
tries to fix a leak detected when building with --enable-sanitizers: ./i386-softmmu/qemu-system-i386 Upon exit: ==13576==ERROR: LeakSanitizer: detected memory leaks Direct leak of 1216 byte(s) in 1 object(s) allocated from: #0 0x7f9d2ed5c628 in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5) #1 0x7f9d2e963500 in g_malloc (/usr/lib/x86_64-linux-gnu/libglib-2.0.so.) #2 0x55fa646d25cc in object_new_with_type /tmp/qemu/qom/object.c:686 #3 0x55fa63dbaa88 in qdev_new /tmp/qemu/hw/core/qdev.c:140 #4 0x55fa638a533f in pc_pflash_create /tmp/qemu/hw/i386/pc_sysfw.c:88 #5 0x55fa638a54c4 in pc_system_flash_create /tmp/qemu/hw/i386/pc_sysfw.c:106 #6 0x55fa646caa1d in object_init_with_type /tmp/qemu/qom/object.c:369 #7 0x55fa646d20b5 in object_initialize_with_type /tmp/qemu/qom/object.c:511 #8 0x55fa646d2606 in object_new_with_type /tmp/qemu/qom/object.c:687 #9 0x55fa639431e9 in qemu_init /tmp/qemu/softmmu/vl.c:3878 #10 0x55fa6335c1b8 in main /tmp/qemu/softmmu/main.c:48 #11 0x7f9d2cf06e0a in __libc_start_main ../csu/libc-start.c:308 #12 0x55fa6335f8e9 in _start (/tmp/qemu/build/i386-softmmu/qemu-system-i386) Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Message-Id: <20200701145231.19531-1-alxndr@bu.edu> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-07-10hw/core/null-machine: Do not initialize unused chardev backendsPhilippe Mathieu-Daudé
The MachineClass uses an inverted logic (inherited from the PC machines [*]) to create the chardev backends for the default devices (see commits 998bbd74b9d..aa40fc9c964 and ac33f8fad14). As the none-machine doesn't have any hardware device, it is pointless to initialize chardev backends. Fix by setting the 'no_defaults' bits in its MachineClass. Suggested-by: Thomas Huth <thuth@redhat.com> Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com> Message-Id: <20200624105611.1049-1-f4bug@amsat.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2020-07-10Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
virtio: bugfix fixes vdpa on non-kvm platforms Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Wed 08 Jul 2020 11:17:48 BST # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: vhost-vdpa: fix the compile issue without kvm Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2020-07-10xen: Use ERRP_GUARD()Vladimir Sementsov-Ogievskiy
If we want to check error after errp-function call, we need to introduce local_err and then propagate it to errp. Instead, use the ERRP_GUARD() macro, benefits are: 1. No need of explicit error_propagate call 2. No need of explicit local_err variable: use errp directly 3. ERRP_GUARD() leaves errp as is if it's not NULL or &error_fatal, this means that we don't break error_abort (we'll abort on error_set, not on error_propagate) If we want to add some info to errp (by error_prepend() or error_append_hint()), we must use the ERRP_GUARD() macro. Otherwise, this info will not be added when errp == &error_fatal (the program will exit prior to the error_append_hint() or error_prepend() call). No such cases are being fixed here. This commit is generated by command sed -n '/^X86 Xen CPUs$/,/^$/{s/^F: //p}' MAINTAINERS | \ xargs git ls-files | grep '\.[hc]$' | \ xargs spatch \ --sp-file scripts/coccinelle/errp-guard.cocci \ --macro-file scripts/cocci-macro-file.h \ --in-place --no-show-diff --max-width 80 Reported-by: Kevin Wolf <kwolf@redhat.com> Reported-by: Greg Kurz <groug@kaod.org> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200707165037.1026246-9-armbru@redhat.com> [ERRP_AUTO_PROPAGATE() renamed to ERRP_GUARD(), and auto-propagated-errp.cocci to errp-guard.cocci. Commit message tweaked again.]
2020-07-10virtio-9p: Use ERRP_GUARD()Vladimir Sementsov-Ogievskiy
If we want to check error after errp-function call, we need to introduce local_err and then propagate it to errp. Instead, use the ERRP_GUARD() macro, benefits are: 1. No need of explicit error_propagate call 2. No need of explicit local_err variable: use errp directly 3. ERRP_GUARD() leaves errp as is if it's not NULL or &error_fatal, this means that we don't break error_abort (we'll abort on error_set, not on error_propagate) If we want to add some info to errp (by error_prepend() or error_append_hint()), we must use the ERRP_GUARD() macro. Otherwise, this info will not be added when errp == &error_fatal (the program will exit prior to the error_append_hint() or error_prepend() call). Fix such a case in v9fs_device_realize_common(). This commit is generated by command sed -n '/^virtio-9p$/,/^$/{s/^F: //p}' MAINTAINERS | \ xargs git ls-files | grep '\.[hc]$' | \ xargs spatch \ --sp-file scripts/coccinelle/errp-guard.cocci \ --macro-file scripts/cocci-macro-file.h \ --in-place --no-show-diff --max-width 80 Reported-by: Kevin Wolf <kwolf@redhat.com> Reported-by: Greg Kurz <groug@kaod.org> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Acked-by: Greg Kurz <groug@kaod.org> Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200707165037.1026246-7-armbru@redhat.com> [ERRP_AUTO_PROPAGATE() renamed to ERRP_GUARD(), and auto-propagated-errp.cocci to errp-guard.cocci. Commit message tweaked again.]
2020-07-10fw_cfg: Use ERRP_GUARD()Vladimir Sementsov-Ogievskiy
If we want to check error after errp-function call, we need to introduce local_err and then propagate it to errp. Instead, use the ERRP_GUARD() macro, benefits are: 1. No need of explicit error_propagate call 2. No need of explicit local_err variable: use errp directly 3. ERRP_GUARD() leaves errp as is if it's not NULL or &error_fatal, this means that we don't break error_abort (we'll abort on error_set, not on error_propagate) If we want to add some info to errp (by error_prepend() or error_append_hint()), we must use the ERRP_GUARD() macro. Otherwise, this info will not be added when errp == &error_fatal (the program will exit prior to the error_append_hint() or error_prepend() call). No such cases are being fixed here. This commit is generated by command sed -n '/^Firmware configuration (fw_cfg)$/,/^$/{s/^F: //p}' \ MAINTAINERS | \ xargs git ls-files | grep '\.[hc]$' | \ xargs spatch \ --sp-file scripts/coccinelle/errp-guard.cocci \ --macro-file scripts/cocci-macro-file.h \ --in-place --no-show-diff --max-width 80 Reported-by: Kevin Wolf <kwolf@redhat.com> Reported-by: Greg Kurz <groug@kaod.org> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200707165037.1026246-6-armbru@redhat.com> [ERRP_AUTO_PROPAGATE() renamed to ERRP_GUARD(), and auto-propagated-errp.cocci to errp-guard.cocci. Commit message tweaked again. Coccinelle script rerun for commit 3203148917 "hw/nvram/fw_cfg: Add the FW_CFG_DATA_GENERATOR interface"]
2020-07-10pflash: Use ERRP_GUARD()Vladimir Sementsov-Ogievskiy
If we want to check error after errp-function call, we need to introduce local_err and then propagate it to errp. Instead, use the ERRP_GUARD() macro, benefits are: 1. No need of explicit error_propagate call 2. No need of explicit local_err variable: use errp directly 3. ERRP_GUARD() leaves errp as is if it's not NULL or &error_fatal, this means that we don't break error_abort (we'll abort on error_set, not on error_propagate) If we want to add some info to errp (by error_prepend() or error_append_hint()), we must use the ERRP_GUARD() macro. Otherwise, this info will not be added when errp == &error_fatal (the program will exit prior to the error_append_hint() or error_prepend() call). No such cases are being fixed here. This commit is generated by command sed -n '/^Parallel NOR Flash devices$/,/^$/{s/^F: //p}' \ MAINTAINERS | \ xargs git ls-files | grep '\.[hc]$' | \ xargs spatch \ --sp-file scripts/coccinelle/errp-guard.cocci \ --macro-file scripts/cocci-macro-file.h \ --in-place --no-show-diff --max-width 80 Reported-by: Kevin Wolf <kwolf@redhat.com> Reported-by: Greg Kurz <groug@kaod.org> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200707165037.1026246-5-armbru@redhat.com> [ERRP_AUTO_PROPAGATE() renamed to ERRP_GUARD(), and auto-propagated-errp.cocci to errp-guard.cocci. Commit message tweaked again.]
2020-07-10sd: Use ERRP_GUARD()Vladimir Sementsov-Ogievskiy
If we want to check error after errp-function call, we need to introduce local_err and then propagate it to errp. Instead, use the ERRP_GUARD() macro, benefits are: 1. No need of explicit error_propagate call 2. No need of explicit local_err variable: use errp directly 3. ERRP_GUARD() leaves errp as is if it's not NULL or &error_fatal, this means that we don't break error_abort (we'll abort on error_set, not on error_propagate) If we want to add some info to errp (by error_prepend() or error_append_hint()), we must use the ERRP_GUARD() macro. Otherwise, this info will not be added when errp == &error_fatal (the program will exit prior to the error_append_hint() or error_prepend() call). No such cases are being fixed here. This commit is generated by command sed -n '/^SD (Secure Card)$/,/^$/{s/^F: //p}' \ MAINTAINERS | \ xargs git ls-files | grep '\.[hc]$' | \ xargs spatch \ --sp-file scripts/coccinelle/errp-guard.cocci \ --macro-file scripts/cocci-macro-file.h \ --in-place --no-show-diff --max-width 80 Reported-by: Kevin Wolf <kwolf@redhat.com> Reported-by: Greg Kurz <groug@kaod.org> Signed-off-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> [Commit message tweaked] Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20200707165037.1026246-4-armbru@redhat.com> [ERRP_AUTO_PROPAGATE() renamed to ERRP_GUARD(), and auto-propagated-errp.cocci to errp-guard.cocci. Commit message tweaked again.]
2020-07-10qdev: Ignore Error objects where the return value sufficesMarkus Armbruster
Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20200707160613.848843-45-armbru@redhat.com>
2020-07-10error: Avoid error_propagate() after migrate_add_blocker()Markus Armbruster
When migrate_add_blocker(blocker, &errp) is followed by error_propagate(errp, err), we can often just as well do migrate_add_blocker(..., errp). Do that with this Coccinelle script: @@ expression blocker, err, errp; expression ret; @@ - ret = migrate_add_blocker(blocker, &err); - if (err) { + ret = migrate_add_blocker(blocker, errp); + if (ret < 0) { ... when != err; - error_propagate(errp, err); ... } @@ expression blocker, err, errp; @@ - migrate_add_blocker(blocker, &err); - if (err) { + if (migrate_add_blocker(blocker, errp) < 0) { ... when != err; - error_propagate(errp, err); ... } Double-check @err is not used afterwards. Dereferencing it would be use after free, but checking whether it's null would be legitimate. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@virtuozzo.com> Message-Id: <20200707160613.848843-43-armbru@redhat.com>
2020-07-10qapi: Smooth another visitor error checking patternMarkus Armbruster
Convert visit_type_FOO(v, ..., &ptr, &err); ... if (err) { ... } to visit_type_FOO(v, ..., &ptr, errp); ... if (!ptr) { ... } for functions that set @ptr to non-null / null on success / error. Eliminate error_propagate() that are now unnecessary. Delete @err that are now unused. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20200707160613.848843-40-armbru@redhat.com>