| Age | Commit message (Collapse) | Author |
|---|
|
This validates that we correctly handle migration success and failure
scenarios when using TLS with pre shared keys.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220426160048.812266-4-berrange@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
Add CXL Fixed Memory Windows to the CXL tests.
Signed-off-by: Ben Widawsky <ben.widawsky@intel.com>
Co-developed-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220429144110.25167-40-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Tables that differ from normal Q35 tables when running the CXL test.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220429144110.25167-39-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
The DSDT includes several CXL specific elements and the CEDT
table is only present if we enable CXL.
The test exercises all current functionality with several
CFMWS, CHBS structures in CEDT and ACPI0016/ACPI00017 and _OSC
entries in DSDT.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220429144110.25167-38-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Add exceptions for the DSDT and the new CEDT tables
specific to a new CXL test in the following patch.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Message-Id: <20220429144110.25167-37-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
At this stage we can boot configurations with host bridges,
root ports and type 3 memory devices, so add appropriate
tests.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220429144110.25167-23-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Initial test with just pxb-cxl. Other tests will be added
alongside functionality.
Signed-off-by: Jonathan Cameron <Jonathan.Cameron@huawei.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Tested-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220429144110.25167-16-Jonathan.Cameron@huawei.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
* small cleanups for pc-bios/optionrom Makefiles
* checkpatch: fix g_malloc check
* fix mremap() and RDMA detection
* confine igd-passthrough-isa-bridge to Xen-enabled builds
* cover PCI in arm-virt machine qtests
* add -M boot and -M mem compound properties
* bump SLIRP submodule
* support CFI with system libslirp (>= 4.7)
* clean up CoQueue wakeup functions
* fix vhost-vsock regression
* fix --disable-vnc compilation
* other minor bugfixes
# -----BEGIN PGP SIGNATURE-----
#
# iQFIBAABCAAyFiEE8TM4V0tmI4mGbHaCv/vSX3jHroMFAmJ8/KMUHHBib256aW5p
# QHJlZGhhdC5jb20ACgkQv/vSX3jHroNTTAf9Et1C8iZn+OlZi99wMEeMy8a4mIE5
# CpkBpFphhkBvt3AH7XNsCyL4Gea4QgsI7nOIEVUwvW7gPf85PiBUX8mjrIVg3x1k
# bmMEwMKSTYPmDieAnYBP9zCqZQXNYP8L8WxVs2jFY2GXZ2ZogODYFbvCY4yEEB72
# UR6uIvQRdpiB6BEj8UZ+5i+sDtb0zxqrjzUz8T/PJC9/2JSNgi+sAWWQoQT3PPU7
# R7z2nmEa1VeVLPP6mUHvJKhBltVXF+LyIjQHvo+Tp9tSqp9JwXfFBNQ5W/MFes2D
# skF47N7PdgKRH9Dp4r0j+MqBwoAq86+ao+MKsbQ1Gb91HhoCWt/MrVrVyg==
# =1E6P
# -----END PGP SIGNATURE-----
# gpg: Signature made Thu 12 May 2022 05:25:07 AM PDT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [undefined]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (27 commits)
vmxcap: add tertiary execution controls
vl: make machine type deprecation a warning
meson: link libpng independent of vnc
vhost-backend: do not depend on CONFIG_VHOST_VSOCK
coroutine-lock: qemu_co_queue_restart_all is a coroutine-only qemu_co_enter_all
coroutine-lock: introduce qemu_co_queue_enter_all
coroutine-lock: qemu_co_queue_next is a coroutine-only qemu_co_enter_next
net: slirp: allow CFI with libslirp >= 4.7
net: slirp: add support for CFI-friendly timer API
net: slirp: switch to slirp_new
net: slirp: introduce a wrapper struct for QemuTimer
slirp: bump submodule past 4.7 release
machine: move more memory validation to Machine object
machine: make memory-backend a link property
machine: add mem compound property
machine: add boot compound property
machine: use QAPI struct for boot configuration
tests/qtest/libqos: Add generic pci host bridge in arm-virt machine
tests/qtest/libqos: Skip hotplug tests if pci root bus is not hotpluggable
tests/qtest/libqos/pci: Introduce pio_limit
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
|
Add the reproducer from https://gitlab.com/qemu-project/qemu/-/issues/339
Without the previous commit, when running 'make check-qtest-i386'
with QEMU configured with '--enable-sanitizers' we get:
==4028352==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x619000062a00 at pc 0x5626d03c491a bp 0x7ffdb4199410 sp 0x7ffdb4198bc0
READ of size 786432 at 0x619000062a00 thread T0
#0 0x5626d03c4919 in __asan_memcpy (qemu-system-i386+0x1e65919)
#1 0x5626d1c023cc in flatview_write_continue softmmu/physmem.c:2787:13
#2 0x5626d1bf0c0f in flatview_write softmmu/physmem.c:2822:14
#3 0x5626d1bf0798 in address_space_write softmmu/physmem.c:2914:18
#4 0x5626d1bf0f37 in address_space_rw softmmu/physmem.c:2924:16
#5 0x5626d1bf14c8 in cpu_physical_memory_rw softmmu/physmem.c:2933:5
#6 0x5626d0bd5649 in cpu_physical_memory_write include/exec/cpu-common.h:82:5
#7 0x5626d0bd0a07 in i8257_dma_write_memory hw/dma/i8257.c:452:9
#8 0x5626d09f825d in fdctrl_transfer_handler hw/block/fdc.c:1616:13
#9 0x5626d0a048b4 in fdctrl_start_transfer hw/block/fdc.c:1539:13
#10 0x5626d09f4c3e in fdctrl_write_data hw/block/fdc.c:2266:13
#11 0x5626d09f22f7 in fdctrl_write hw/block/fdc.c:829:9
#12 0x5626d1c20bc5 in portio_write softmmu/ioport.c:207:17
0x619000062a00 is located 0 bytes to the right of 512-byte region [0x619000062800,0x619000062a00)
allocated by thread T0 here:
#0 0x5626d03c66ec in posix_memalign (qemu-system-i386+0x1e676ec)
#1 0x5626d2b988d4 in qemu_try_memalign util/oslib-posix.c:210:11
#2 0x5626d2b98b0c in qemu_memalign util/oslib-posix.c:226:27
#3 0x5626d09fbaf0 in fdctrl_realize_common hw/block/fdc.c:2341:20
#4 0x5626d0a150ed in isabus_fdc_realize hw/block/fdc-isa.c:113:5
#5 0x5626d2367935 in device_set_realized hw/core/qdev.c:531:13
SUMMARY: AddressSanitizer: heap-buffer-overflow (qemu-system-i386+0x1e65919) in __asan_memcpy
Shadow bytes around the buggy address:
0x0c32800044f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280004500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3280004510: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3280004520: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c3280004530: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c3280004540:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280004550: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280004560: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280004570: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280004580: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c3280004590: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Heap left redzone: fa
Freed heap region: fd
==4028352==ABORTING
[ kwolf: Added snapshot=on to prevent write file lock failure ]
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Alexander Bulekov <alxndr@bu.edu>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
Up to now the virt-machine node contains a virtio-mmio node.
However no driver produces any PCI interface node. Hence, PCI
tests cannot be run with aarch64 binary.
Add a GPEX driver node that produces a pci interface node. This latter
then can be consumed by all the pci tests. One of the first motivation
was to be able to run the virtio-iommu-pci tests.
We still face an issue with pci hotplug tests as hotplug cannot happen
on the pcie root bus and require a generic root port. This will be
addressed later on.
We force cpu=max along with aarch64/virt machine as some PCI tests
require high MMIO regions to be available.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Message-Id: <20220504152025.1785704-4-eric.auger@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
ARM does not not support hotplug on pcie.0. Add a flag on the bus
which tells if devices can be hotplugged and skip hotplug tests
if the bus cannot be hotplugged. This is a temporary solution to
enable the other pci tests on aarch64.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220504152025.1785704-3-eric.auger@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
At the moment the IO space limit is hardcoded to
QPCI_PIO_LIMIT = 0x10000. When accesses are performed to a bar,
the base address of this latter is compared against the limit
to decide whether we perform an IO or a memory access.
On ARM, we cannot keep this PIO limit as the arm-virt machine
uses [0x3eff0000, 0x3f000000 ] for the IO space map and we
are mandated to allocate at 0x0.
Add a new flag in QPCIBar indicating whether it is an IO bar
or a memory bar. This flag is set on QPCIBar allocation and
provisionned based on the BAR configuration. Then the new flag
is used in access functions and in iomap() function.
Signed-off-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220504152025.1785704-2-eric.auger@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Leading underscores are ill-advised because such identifiers are
reserved. Trailing underscores are merely ugly. Strip both.
Our header guards commonly end in _H. Normalize the exceptions.
Macros should be ALL_CAPS. Normalize the exception.
Done with scripts/clean-header-guards.pl.
include/hw/xen/interface/ and tools/virtiofsd/ left alone, because
these were imported from Xen and libfuse respectively.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20220506134911.2856099-3-armbru@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
|
Header guard symbols should match their file name to make guard
collisions less likely.
Cleaned up with scripts/clean-header-guards.pl, followed by some
renaming of new guard symbols picked by the script to better ones.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20220506134911.2856099-2-armbru@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
[Change to generated file ebpf/rss.bpf.skeleton.h backed out]
|
|
In aarch64_numa_cpu(), the CPU and NUMA association is something
like below. Two threads in the same core/cluster/socket are
associated with two individual NUMA nodes, which is unreal as
Igor Mammedov mentioned. We don't expect the association to break
NUMA-to-socket boundary, which matches with the real world.
NUMA-node socket cluster core thread
------------------------------------------
0 0 0 0 0
1 0 0 0 1
This corrects the topology for CPUs and their association with
NUMA nodes. After this patch is applied, the CPU and NUMA
association becomes something like below, which looks real.
Besides, socket/cluster/core/thread IDs are all checked when
the NUMA node IDs are verified. It helps to check if the CPU
topology is properly populated or not.
NUMA-node socket cluster core thread
------------------------------------------
0 1 0 0 0
1 0 0 0 0
Suggested-by: Igor Mammedov <imammedo@redhat.com>
Signed-off-by: Gavin Shan <gshan@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Message-id: 20220503140304.855514-5-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
The CPU topology isn't enabled on arm/virt machine yet, but we're
going to do it in next patch. After the CPU topology is enabled by
next patch, "thread-id=1" becomes invalid because the CPU core is
preferred on arm/virt machine. It means these two CPUs have 0/1
as their core IDs, but their thread IDs are all 0. It will trigger
test failure as the following message indicates:
[14/21 qemu:qtest+qtest-aarch64 / qtest-aarch64/numa-test ERROR
1.48s killed by signal 6 SIGABRT
>>> G_TEST_DBUS_DAEMON=/home/gavin/sandbox/qemu.main/tests/dbus-vmstate-daemon.sh \
QTEST_QEMU_STORAGE_DAEMON_BINARY=./storage-daemon/qemu-storage-daemon \
QTEST_QEMU_BINARY=./qemu-system-aarch64 \
QTEST_QEMU_IMG=./qemu-img MALLOC_PERTURB_=83 \
/home/gavin/sandbox/qemu.main/build/tests/qtest/numa-test --tap -k
――――――――――――――――――――――――――――――――――――――――――――――
stderr:
qemu-system-aarch64: -numa cpu,node-id=0,thread-id=1: no match found
This fixes the issue by providing comprehensive SMP configurations
in aarch64_numa_cpu(). The SMP configurations aren't used before
the CPU topology is enabled in next patch.
Signed-off-by: Gavin Shan <gshan@redhat.com>
Reviewed-by: Yanan Wang <wangyanan55@huawei.com>
Message-id: 20220503140304.855514-3-gshan@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Misc cleanups
# -----BEGIN PGP SIGNATURE-----
#
# iQJQBAABCAA6FiEEh6m9kz+HxgbSdvYt2ujhCXWWnOUFAmJxKjQcHG1hcmNhbmRy
# ZS5sdXJlYXVAcmVkaGF0LmNvbQAKCRDa6OEJdZac5ZD5D/9f5CGbNsrl7kB1t6iS
# 1ABr5AeW0g9sidMCsQAe9xhWl6+R2SO/z0bBue+mv1ltG0RSZ1ZXS4FyJFBAhFfR
# fZ6J7bvdnawIKOxu5T9NY/UvthdRV0eC8CTo0q6GAJo9MHyIGvo1TOoM2Ld9QpfB
# 2uup+9fw3Clh0HSHwV9LSL7v2nucFef4A5P1CJ6d1KHnnej0hfug5o+Aiy+wDLA2
# 5RnTm44dqm9lzTgt/x4MqE6Us7WWQukjlLny8/gyurNTR+6fxLqjsHZG+6woQETu
# Gg6angsOoAFyciFZ564rjGv80qQuccMVMjtrKvBZz/cmwUUz+Lb4tU3tUPBqomGX
# wiofVtL4qcXs94OHWX654UX/iXgkRqC3r+aC0xT37cL4svC8N69BhilxI5+gIGxZ
# ZjaQhHx/0e+Ut3c+xrjYHbywQMd9L9AhRyYSMz5BNeLg9+yUiMR+hvGVR/SubLN1
# iiLS07CRgdOKdP6ts7CC7txAgDw4h3cPN5Hz+gqXMJTcnBKpXpnF1lL+Zd/J5++N
# 8qMVQH5O4REQRISsbKaOPW8PCiPESsUaHb/mWkre7iYLgkEdNMVQvRcnfx14ejbk
# /KKXolrG1huJXGQGnYvgJArHMBBL+ieIYiT6alKFNRNECLdioL46FuSOlirHVCGe
# StU22Vsl61M8ifDOPdolK55X5Q==
# =npwd
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 03 May 2022 06:12:20 AM PDT
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
* tag 'misc-pull-request' of gitlab.com:marcandre.lureau/qemu: (23 commits)
util: rename qemu_*block() socket functions
tests: replace qemu_set_nonblock()
net: replace qemu_set_nonblock()
ui: replace qemu_set_nonblock()
hw: replace qemu_set_nonblock()
qga: replace qemu_set_nonblock()
io: replace qemu_set{_non}block()
chardev: replace qemu_set_nonblock()
io: make qio_channel_command_new_pid() static
Replace fcntl(O_NONBLOCK) with g_unix_set_fd_nonblocking()
io: replace pipe() with g_unix_open_pipe(CLOEXEC)
virtiofsd: replace pipe() with g_unix_open_pipe(CLOEXEC)
os-posix: replace pipe()+cloexec with g_unix_open_pipe(CLOEXEC)
tests: replace pipe() with g_unix_open_pipe(CLOEXEC)
qga: replace pipe() with g_unix_open_pipe(CLOEXEC)
util: replace pipe()+cloexec with g_unix_open_pipe()
Replace qemu_pipe() with g_unix_open_pipe()
block: move fcntl_setfl()
Use g_unix_set_fd_nonblocking()
libqtest: split QMP part in libqmp
...
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
|
|
The call is POSIX-specific. Use the dedicated GLib API.
(this is a preliminary patch before renaming qemu_set_nonblock())
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
|
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
|
|
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
|
|
This will help moving QAPI/QMP in a common subproject.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
|
|
Since commit a2ce7dbd917 ("meson: convert tests/qtest to meson"),
libqtest.h is under libqos/ directory, while libqtest.c is still in
qtest/. Move back to its original location to avoid mixing with libqos/.
Suggested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Thomas Huth <thuth@redhat.com>
|
|
I was setting gpioV4-7 to "1110" using the QOM pin property handler and
noticed that lowering gpioV7 was inadvertently lowering gpioV4-6 too.
(qemu) qom-set /machine/soc/gpio gpioV4 true
(qemu) qom-set /machine/soc/gpio gpioV5 true
(qemu) qom-set /machine/soc/gpio gpioV6 true
(qemu) qom-get /machine/soc/gpio gpioV4
true
(qemu) qom-set /machine/soc/gpio gpioV7 false
(qemu) qom-get /machine/soc/gpio gpioV4
false
An expression in aspeed_gpio_set_pin_level was using a logical NOT
operator instead of a bitwise NOT operator:
value &= !pin_mask;
The original author probably intended to make a bitwise NOT expression
"~", but mistakenly used a logical NOT operator "!" instead. Some
programming languages like Rust use "!" for both purposes.
Fixes: 4b7f956862dc ("hw/gpio: Add basic Aspeed GPIO model for AST2400 and
AST2500")
Signed-off-by: Peter Delevoryas <pdel@fb.com>
Message-Id: <20220502080827.244815-1-pdel@fb.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
This add two addition test cases for accumulative mode under sg enabled.
The input vector was manually craft with "abc" + bit 1 + padding zeros + L.
The padding length depends on algorithm, i.e. SHA512 (1024 bit),
SHA256 (512 bit).
The result was calculated by command line sha512sum/sha256sum utilities
without padding, i.e. only "abc" ascii text.
Signed-off-by: Troy Lee <troy_lee@aspeedtech.com>
Signed-off-by: Steven Lee <steven_lee@aspeedtech.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Joel Stanley <joel@jms.id.au>
[ clg: checkpatch fixes ]
Message-Id: <20220426021120.28255-4-steven_lee@aspeedtech.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
The migration precopy testing helper function always expects the
migration to run to a completion state. There will be test scenarios
for TLS where expect either the client or server to fail the migration.
This expands the helper to cope with these scenarios.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-12-berrange@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
The combination of the start and finish hooks allow the FD passing
code to use the precopy helper
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-11-berrange@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
There are alot of different scenarios to test with migration due to the
wide number of parameters and capabilities available. To enable sharing
of the basic precopy test scenario, we need to be able to set arbitrary
parameters and capabilities before the migration is initiated, but don't
want to have all this logic in the common helper function. Solve this
by defining two hooks that can be provided by the test case, one before
migration starts and one after migration finishes.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-10-berrange@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
The test cases differ only in the URI they provide to the migration
commands, and the ability to set the dirty_ring mode. This code is
trivially merged into a common helper.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-9-berrange@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
There's no compelling reason why the MigrateStart struct needs to be
heap allocated. Using stack allocation and static initializers is
simpler.
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-8-berrange@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
The QMP commands have a trailing newline, but the response does not.
This makes the qtest logs hard to follow as the next QMP command
appears in the same line as the previous QMP response.
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-5-berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
When debugging failing qtests it is useful to be able to turn on trace
output to stderr. The QTEST_TRACE env variable contents get injected
as a '-trace <str>' command line arg
Reviewed-by: Peter Xu <peterx@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Juan Quintela <quintela@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20220310171821.3724080-4-berrange@redhat.com>
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
|
|
../tests/qtest/fuzz/generic_fuzz.c:746:17: warning: variable 'name' set but not used [-Wunused-but-set-variable]
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220420132624.2439741-42-marcandre.lureau@redhat.com>
|
|
Reuse qemu_write_full().
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220420132624.2439741-33-marcandre.lureau@redhat.com>
|
|
Eric noticed while attempting to enable the vhost-user-blk-test for
Aarch64 that that things didn't work unless he put in a dummy
guest_malloc() at the start of the test. Without it
qvirtio_wait_used_elem() would assert when it reads a junk value for
idx resulting in:
qvirtqueue_get_buf: idx:2401 last_idx:0
qvirtqueue_get_buf: 0x7ffcb6d3fe74, (nil)
qvirtio_wait_used_elem: 3000000/0
ERROR:../../tests/qtest/libqos/virtio.c:226:qvirtio_wait_used_elem: assertion failed (got_desc_idx == desc_idx): (50331648 == 0)
Bail out! ERROR:../../tests/qtest/libqos/virtio.c:226:qvirtio_wait_used_elem: assertion failed (got_desc_idx == desc_idx): (50331648 == 0)
What was actually happening is the guest_malloc() effectively pushed
the allocation of the vring into the next page which just happened to
have clear memory. After much tedious tracing of the code I could see
that qvring_init() does attempt initialise a bunch of the vring
structures but skips the vring->used.idx value. It is probably not
wise to assume guest memory is zeroed anyway. Once the ring is
properly initialised the hack is no longer needed to get things
working.
Thanks-to: John Snow <jsnow@redhat.com> for helping debug
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220406173356.1891500-1-alex.bennee@linaro.org>
Tested-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Eric Auger <eric.auger@redhat.com>
Reviewed-by: Stefan Hajnoczi <stefanha@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
The fuzz tests are currently scheduled for all targets, but their setup
code limits the run to "i386", so that these tests always show "SKIP"
on other targets. Move it to the right x86 list in meson.build, then
we can drop the architecture check during runtime, too.
Message-Id: <20220414130127.719528-1-thuth@redhat.com>
Reviewed-by: Laurent Vivier <lvivier@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
Allow the same set of tests for all MIPS targets, so that "mipsel"
now gets some additional test coverage, too. While we're at it,
simplify the definitions for qtests_mips64 and qtests_mips64el.
Message-Id: <20220414114655.604391-1-thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220323155743.1585078-33-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-Id: <20220323155743.1585078-22-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Replace a config-time define with a compile time condition
define (compatible with clang and gcc) that must be declared prior to
its usage. This avoids having a global configure time define, but also
prevents from bad usage, if the config header wasn't included before.
This can help to make some code independent from qemu too.
gcc supports __BYTE_ORDER__ from about 4.6 and clang from 3.2.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
[ For the s390x parts I'm involved in ]
Acked-by: Halil Pasic <pasic@linux.ibm.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220323155743.1585078-7-marcandre.lureau@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
If the migration is over before we cancel it, we are
waiting in a loop a state that never comes because the state
is already "completed".
To avoid an infinite loop, skip the test if the migration
is "completed" before we were able to cancel it.
Signed-off-by: Laurent Vivier <lvivier@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-id: 20220329124259.355995-1-lvivier@redhat.com
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
staging
* Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611)
* Fix heap overflow due to recursive DMA in sdhci code
# gpg: Signature made Mon 21 Mar 2022 16:14:36 GMT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2022-03-21' of https://gitlab.com/thuth/qemu:
tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225)
hw/sd/sdhci: Prohibit DMA accesses to devices
hw/sd/sdhci: Honor failed DMA transactions
tests/qtest/intel-hda-test: Add reproducer for issue #542
hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices)
hw/audio/intel-hda: Do not ignore DMA overrun errors
softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
softmmu/physmem: Simplify flatview_write and address_space_access_valid
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
One less qemu-specific macro. It also helps to make some headers/units
only depend on glib, and thus moved in standalone projects eventually.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
The socket API wrappers were initially introduced in commit
00aa0040 ("Wrap recv to avoid warnings"), but made redundant with
commit a2d96af4 ("osdep: add wrappers for socket functions") which fixes
the win32 declarations and thus removed the earlier warnings.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
|
|
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T).
Initial patch created mechanically with:
$ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \
--macro-file scripts/cocci-macro-file.h FILES...
This uncovers a typing error:
../hw/9pfs/9p.c: In function ‘qid_path_fullmap’:
../hw/9pfs/9p.c:855:13: error: assignment to ‘QpfEntry *’ from incompatible pointer type ‘QppEntry *’ [-Werror=incompatible-pointer-types]
855 | val = g_new0(QppEntry, 1);
| ^
Harmless, because QppEntry is larger than QpfEntry. Manually fixed to
allocate a QpfEntry instead.
Cc: Greg Kurz <groug@kaod.org>
Cc: Christian Schoenebeck <qemu_oss@crudebyte.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20220315144156.1595462-3-armbru@redhat.com>
|
|
Include the qtest reproducer provided by Alexander Bulekov
in https://gitlab.com/qemu-project/qemu/-/issues/451. Without
the previous commit, we get:
$ make check-qtest-i386
...
Running test qtest-i386/fuzz-sdcard-test
==447470==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61500002a080 at pc 0x564c71766d48 bp 0x7ffc126c62b0 sp 0x7ffc126c62a8
READ of size 1 at 0x61500002a080 thread T0
#0 0x564c71766d47 in sdhci_read_dataport hw/sd/sdhci.c:474:18
#1 0x564c7175f139 in sdhci_read hw/sd/sdhci.c:1022:19
#2 0x564c721b937b in memory_region_read_accessor softmmu/memory.c:440:11
#3 0x564c72171e51 in access_with_adjusted_size softmmu/memory.c:554:18
#4 0x564c7216f47c in memory_region_dispatch_read1 softmmu/memory.c:1424:16
#5 0x564c7216ebb9 in memory_region_dispatch_read softmmu/memory.c:1452:9
#6 0x564c7212db5d in flatview_read_continue softmmu/physmem.c:2879:23
#7 0x564c7212f958 in flatview_read softmmu/physmem.c:2921:12
#8 0x564c7212f418 in address_space_read_full softmmu/physmem.c:2934:18
#9 0x564c721305a9 in address_space_rw softmmu/physmem.c:2962:16
#10 0x564c7175a392 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
#11 0x564c7175a0ea in dma_memory_rw include/sysemu/dma.h:132:12
#12 0x564c71759684 in dma_memory_read include/sysemu/dma.h:152:12
#13 0x564c7175518c in sdhci_do_adma hw/sd/sdhci.c:823:27
#14 0x564c7174bf69 in sdhci_data_transfer hw/sd/sdhci.c:935:13
#15 0x564c7176aaa7 in sdhci_send_command hw/sd/sdhci.c:376:9
#16 0x564c717629ee in sdhci_write hw/sd/sdhci.c:1212:9
#17 0x564c72172513 in memory_region_write_accessor softmmu/memory.c:492:5
#18 0x564c72171e51 in access_with_adjusted_size softmmu/memory.c:554:18
#19 0x564c72170766 in memory_region_dispatch_write softmmu/memory.c:1504:16
#20 0x564c721419ee in flatview_write_continue softmmu/physmem.c:2812:23
#21 0x564c721301eb in flatview_write softmmu/physmem.c:2854:12
#22 0x564c7212fca8 in address_space_write softmmu/physmem.c:2950:18
#23 0x564c721d9a53 in qtest_process_command softmmu/qtest.c:727:9
0x61500002a080 is located 0 bytes to the right of 512-byte region [0x615000029e80,0x61500002a080)
allocated by thread T0 here:
#0 0x564c708e1737 in __interceptor_calloc (qemu-system-i386+0x1e6a737)
#1 0x7ff05567b5e0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x5a5e0)
#2 0x564c71774adb in sdhci_pci_realize hw/sd/sdhci-pci.c:36:5
SUMMARY: AddressSanitizer: heap-buffer-overflow hw/sd/sdhci.c:474:18 in sdhci_read_dataport
Shadow bytes around the buggy address:
0x0c2a7fffd3c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fffd3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fffd3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fffd3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fffd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fffd410:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fffd420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fffd430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fffd440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fffd450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fffd460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Heap left redzone: fa
Freed heap region: fd
==447470==ABORTING
Broken pipe
ERROR qtest-i386/fuzz-sdcard-test - too few tests run (expected 3, got 2)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20211215205656.488940-4-philmd@redhat.com>
[thuth: Replaced "-m 4G" with "-m 512M"]
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
Include the qtest reproducer provided by Alexander Bulekov
in https://gitlab.com/qemu-project/qemu/-/issues/542.
Without the previous commit, we get:
$ make check-qtest-i386
...
Running test tests/qtest/intel-hda-test
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1580408==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc3d566fe0
#0 0x63d297cf in address_space_translate_internal softmmu/physmem.c:356
#1 0x63d27260 in flatview_do_translate softmmu/physmem.c:499:15
#2 0x63d27af5 in flatview_translate softmmu/physmem.c:565:15
#3 0x63d4ce84 in flatview_write softmmu/physmem.c:2850:10
#4 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
#5 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
#6 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
#7 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
#8 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
#9 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
#10 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
#11 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
#12 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
#13 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
#14 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
#15 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
#16 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
#17 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
#18 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
#19 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
#20 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
#21 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
#22 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
#23 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
#24 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
#25 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
#26 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
#27 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
#28 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
#29 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
#30 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
#31 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
#32 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
#33 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
#34 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
#35 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
#36 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
#37 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
#38 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
#39 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
#40 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
#41 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
#42 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
#43 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
#44 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
#45 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
#46 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
#47 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
#48 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
...
SUMMARY: AddressSanitizer: stack-overflow softmmu/physmem.c:356 in address_space_translate_internal
==1580408==ABORTING
Broken pipe
Aborted (core dumped)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20211218160912.1591633-4-philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
'boot-serial-test' does not work with a QEMU built with --disable-tcg in
a IBM POWER9 host. The reason is that without TCG QEMU will default to
KVM acceleration, but then the KVM module in IBM POWER hosts aren't able
to handle other CPUs.
The result is that the test will break with a KVM error when trying to
ruin the ppce500 test:
$ QTEST_QEMU_BINARY=./qemu-system-ppc64 ./tests/qtest/boot-serial-test
/ppc64/boot-serial/ppce500: qemu-system-ppc64: -accel tcg: invalid accelerator tcg
error: kvm run failed Invalid argument
NIP 0000000000f00000 LR 0000000000000000 CTR 0000000000000000 XER 0000000000000000 CPU#0
MSR 0000000000000000 HID0 0000000000000000 HF 24020002 iidx 1 didx 1
TB 00000000 00000000 DECR 0
(...)
** (./tests/qtest/boot-serial-test:1935760): ERROR **: 07:44:03.010: Failed to find expected string. Please check '/tmp/qtest-boot-serial-sJ78sqg'
Fix it by checking CONFIG_TCG before compiling boot-serial-test.
Cc: Thomas Huth <thuth@redhat.com>
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220303153517.168943-3-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
