aboutsummaryrefslogtreecommitdiff
path: root/tests
AgeCommit message (Collapse)Author
2021-03-23Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2021-03-23' into ↵Peter Maydell
staging QAPI patches patches for 2021-03-23 # gpg: Signature made Tue 23 Mar 2021 21:37:53 GMT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qapi-2021-03-23: (29 commits) block: Remove monitor command block_passwd qapi: Enforce union and alternate branch naming rules qapi: Enforce enum member naming rules qapi: Enforce struct member naming rules tests/qapi-schema: Switch member name clash test to struct qapi: Enforce command naming rules qapi: Enforce feature naming rules qapi: Prepare for rejecting underscore in command and member names tests-qmp-cmds: Drop unused and incorrect qmp_TestIfCmd() qapi/pragma: Streamline comments on member-name-exceptions qapi: Rename pragma *-whitelist to *-exceptions tests/qapi-schema: Rename returns-whitelist to returns-bad-type tests/qapi-schema: Rename pragma-*-crap to pragma-value-not-* qapi: Factor out QAPISchemaParser._check_pragma_list_of_str() tests/qapi-schema: Rename redefined-builtin to redefined-predefined qapi: Enforce type naming rules qapi: Enforce event naming rules qapi: Consistently permit any case in downstream prefixes qapi: Move uppercase rejection to check_name_lower() qapi: Rework name checking in preparation of stricter checking ... Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-23qapi: Enforce union and alternate branch naming rulesMarkus Armbruster
Union branch names should use '-', not '_'. Enforce this. The only offenders are in tests/. Fix them. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-29-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [Commit message typo fixed]
2021-03-23qapi: Enforce enum member naming rulesMarkus Armbruster
Enum members should use '-', not '_'. Enforce this. Fix the fixable offenders (all in tests/), and add the remainder to pragma member-name-exceptions. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-28-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23qapi: Enforce struct member naming rulesMarkus Armbruster
Struct members, including command arguments, event data, and union inline base members, should use '-', not '_'. Enforce this. Fix the fixable offenders (all in tests/), and add the remainder to pragma member-name-exceptions. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-27-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23tests/qapi-schema: Switch member name clash test to structMarkus Armbruster
Test args-name-clash covers command parameter name clash. This effectively covers struct member name clash as well. The next commit will make parameter name clash impossible. Convert args-name-clash from testing command to testing a struct, and rename it to struct-member-name-clash. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-26-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [Commit message typo fixed]
2021-03-23qapi: Enforce command naming rulesMarkus Armbruster
Command names should be lower-case. Enforce this. Fix the fixable offenders (all in tests/), and add the remainder to pragma command-name-exceptions. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-25-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23qapi: Prepare for rejecting underscore in command and member namesMarkus Armbruster
Command names and member names within a type should be all lower case with words separated by a hyphen. We also accept underscore. Rework check_name_lower() to optionally reject underscores, but don't use that option, yet. Update expected test output for the changed error message. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-23-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23tests-qmp-cmds: Drop unused and incorrect qmp_TestIfCmd()Markus Armbruster
Commit 967c885108 "qapi: add 'if' to top-level expressions" added command TestIfCmd with an 'if' condition. It also added the qmp_TestIfCmd() to go with it, guarded by the corresponding #if. Commit ccadd6bcba "qapi: Add 'if' to implicit struct members" changed the command, but not the function. Compiles only because we don't satisfy the #if. Instead of fixing the function, simply drop it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-22-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23qapi: Rename pragma *-whitelist to *-exceptionsMarkus Armbruster
Rename pragma returns-whitelist to command-returns-exceptions, and name-case-whitelist to member-name-case-exceptions. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-20-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23tests/qapi-schema: Rename returns-whitelist to returns-bad-typeMarkus Armbruster
This test covers returning "bad" types. Pragma returns-whitelist is just one aspect. Naming it returns-whitelist is suboptimal. Rename to returns-bad-type. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-19-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23tests/qapi-schema: Rename pragma-*-crap to pragma-value-not-*Markus Armbruster
Rename pragma-doc-required-crap to pragma-not-bool, pragma-returns-whitelist-crap to pragma-value-not-list, and pragma-name-case-whitelist-crap to pragma-value-not-list-of-str. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-18-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23tests/qapi-schema: Rename redefined-builtin to redefined-predefinedMarkus Armbruster
The previous commit changed this test to clash with a predefined enum type, not a built-in type. Adjust its name. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-16-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23qapi: Enforce type naming rulesMarkus Armbruster
Type names should be CamelCase. Enforce this. The only offenders are in tests/. Fix them. Add test type-case to cover the new error. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-15-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> [Regexp simplified, new test made more robust]
2021-03-23qapi: Enforce event naming rulesMarkus Armbruster
Event names should be ALL_CAPS with words separated by underscore. Enforce this. The only offenders are in tests/. Fix them. Existing test event-case covers the new error. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-14-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-23qapi: Fix to reject optional members with reserved namesMarkus Armbruster
check_type() fails to reject optional members with reserved names, because it neglects to strip off the leading '*'. Fix that. The stripping in check_name_str() is now useless. Drop. Also drop the "no leading '*'" assertion, because valid_name.match() ensures it can't fail. Fixes: 9fb081e0b98409556d023c7193eeb68947cd1211 Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-8-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
2021-03-23tests/qapi-schema: Tweak to demonstrate buggy member name checkMarkus Armbruster
Member name 'u' and names starting with 'has-' or 'has_' are reserved for the generator. check_type() enforces this, covered by tests reserved-member-u and reserved-member-has. These tests neglect to cover optional members, where the name starts with '*'. Tweak reserved-member-u to fix that. Test reserved-member-has still covers non-optional members. This demonstrates the reserved member name check is broken for optional members. The next commit will fix it. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-7-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> [Commit message improved slightly]
2021-03-23Merge remote-tracking branch ↵Peter Maydell
'remotes/pmaydell/tags/pull-target-arm-20210323' into staging target-arm queue: * hw/arm/virt: Disable pl011 clock migration if needed * target/arm: Make M-profile VTOR loads on reset handle memory aliasing * target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill # gpg: Signature made Tue 23 Mar 2021 14:26:09 GMT # gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE # gpg: issuer "peter.maydell@linaro.org" # gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate] # gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate] # Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE * remotes/pmaydell/tags/pull-target-arm-20210323: target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill target/arm: Make M-profile VTOR loads on reset handle memory aliasing hw/core/loader: Add new function rom_ptr_for_as() memory: Add offset_in_region to flatview_cb arguments memory: Document flatview_for_each_range() memory: Make flatview_cb return bool, not int hw/arm/virt: Disable pl011 clock migration if needed Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-23tests/qapi-schema: Drop TODO comment on simple unionsMarkus Armbruster
Simple unions don't need more features, they need to die. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-6-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
2021-03-23tests/qapi-schema: Belatedly update comment on alternate clashMarkus Armbruster
Commit 0426d53c65 "qapi: Simplify visiting of alternate types" eliminated the implicit alternate enum, but neglected to update a comment about it in a test. Do that now. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-5-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
2021-03-23tests/qapi-schema: Rework comments on longhand member definitionsMarkus Armbruster
A few old comments talk about "desired future use of defaults" and "anonymous inline branch types". Kind of misleading since commit 87adbbffd4 "qapi: add a dictionary form for TYPE" added longhand member definitions. Talk about that instead. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-4-armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
2021-03-23tests/qapi-schema: Drop redundant flat-union-inline testMarkus Armbruster
flat-union-inline.json covers longhand branch definition with an invalid type value. It's redundant: longhand branch definition is covered by flat-union-inline-invalid-dict.json, and invalid type value is covered by nested-struct-data.json. Drop the test. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210323094025.3569441-3-armbru@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com>
2021-03-23memory: Add offset_in_region to flatview_cb argumentsPeter Maydell
The function flatview_for_each_range() calls a callback for each range in a FlatView. Currently the callback gets the start and length of the range and the MemoryRegion involved, but not the offset within the MemoryRegion. Add this to the callback's arguments; we're going to want it for a new use in the next commit. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210318174823.18066-4-peter.maydell@linaro.org
2021-03-23memory: Make flatview_cb return bool, not intPeter Maydell
The return value of the flatview_cb callback passed to the flatview_for_each_range() function is zero if the iteration through the ranges should continue, or non-zero to break out of it. Use a bool for this rather than int. Signed-off-by: Peter Maydell <peter.maydell@linaro.org> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Message-id: 20210318174823.18066-2-peter.maydell@linaro.org
2021-03-23Merge remote-tracking branch 'remotes/mst/tags/for_upstream' into stagingPeter Maydell
pc,virtio,pci: fixes, features Fixes all over the place. ACPI index support. Signed-off-by: Michael S. Tsirkin <mst@redhat.com> # gpg: Signature made Mon 22 Mar 2021 22:58:45 GMT # gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469 # gpg: issuer "mst@redhat.com" # gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full] # gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full] # Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67 # Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469 * remotes/mst/tags/for_upstream: acpi: Move setters/getters of oem fields to X86MachineState acpi: Set proper maximum size for "etc/acpi/rsdp" blob acpi: Move maximum size logic into acpi_add_rom_blob() microvm: Don't open-code "etc/table-loader" acpi: Set proper maximum size for "etc/table-loader" blob tests: acpi: update expected blobs pci: acpi: add _DSM method to PCI devices acpi: add aml_to_decimalstring() and aml_call6() helpers pci: acpi: ensure that acpi-index is unique pci: introduce acpi-index property for PCI device tests: acpi: temporary whitelist DSDT changes virtio-pmem: fix virtio_pmem_resp assign problem vhost-user: Monitor slave channel in vhost_user_read() vhost-user: Introduce nested event loop in vhost_user_read() vhost-user: Convert slave channel to QIOChannelSocket vhost-user: Factor out duplicated slave_fd teardown code vhost-user: Fix double-close on slave_read() error path vhost-user: Drop misleading EAGAIN checks in slave_read() virtio: Fix virtio_mmio_read()/virtio_mmio_write() Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-22tests: acpi: update expected blobsIgor Mammedov
expected changes are: * larger BNMR operation region * new PIDX field and method to fetch acpi-index * PDSM method that implements PCI device _DSM + per device _DSM that calls PDSM @@ -221,10 +221,11 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001) B0EJ, 32 } - OperationRegion (BNMR, SystemIO, 0xAE10, 0x04) + OperationRegion (BNMR, SystemIO, 0xAE10, 0x08) Field (BNMR, DWordAcc, NoLock, WriteAsZeros) { - BNUM, 32 + BNUM, 32, + PIDX, 32 } Mutex (BLCK, 0x00) @@ -236,6 +237,52 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001) Release (BLCK) Return (Zero) } + + Method (AIDX, 2, NotSerialized) + { + Acquire (BLCK, 0xFFFF) + BNUM = Arg0 + PIDX = (One << Arg1) + Local0 = PIDX /* \_SB_.PCI0.PIDX */ + Release (BLCK) + Return (Local0) + } + + Method (PDSM, 6, Serialized) + { + If ((Arg0 == ToUUID ("e5c937d0-3553-4d7a-9117-ea4d19c3434d") /* Device Labeling Interface */)) + { + Local0 = AIDX (Arg4, Arg5) + If ((Arg2 == Zero)) + { + If ((Arg1 == 0x02)) + { + If (!((Local0 == Zero) | (Local0 == 0xFFFFFFFF))) + { + Return (Buffer (One) + { + 0x81 // . + }) + } + } + + Return (Buffer (One) + { + 0x00 // . + }) + } + ElseIf ((Arg2 == 0x07)) + { + Local1 = Package (0x02) + { + Zero, + "" + } + Local1 [Zero] = Local0 + Return (Local1) + } + } + } } Scope (_SB) @@ -785,7 +832,7 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001) 0xAE00, // Range Minimum 0xAE00, // Range Maximum 0x01, // Alignment - 0x14, // Length + 0x18, // Length ) }) } @@ -842,11 +889,22 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001) Device (S00) { Name (_ADR, Zero) // _ADR: Address + Name (_SUN, Zero) // _SUN: Slot User Number + Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method + { + Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN)) + } } Device (S10) { Name (_ADR, 0x00020000) // _ADR: Address + Name (_SUN, 0x02) // _SUN: Slot User Number + Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method + { + Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN)) + } + Method (_S1D, 0, NotSerialized) // _S1D: S1 Device State { Return (Zero) [...] Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20210315180102.3008391-7-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-03-22tests: acpi: temporary whitelist DSDT changesIgor Mammedov
Signed-off-by: Igor Mammedov <imammedo@redhat.com> Message-Id: <20210315180102.3008391-2-imammedo@redhat.com> Reviewed-by: Michael S. Tsirkin <mst@redhat.com> Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
2021-03-22Merge remote-tracking branch 'remotes/jasowang/tags/net-pull-request' into ↵Peter Maydell
staging # gpg: Signature made Mon 22 Mar 2021 09:35:08 GMT # gpg: using RSA key EF04965B398D6211 # gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal] # gpg: WARNING: This key is not certified with sufficiently trusted signatures! # gpg: It is not certain that the signature belongs to the owner. # Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211 * remotes/jasowang/tags/net-pull-request: net/eth: Add an assert() and invert if() statement to simplify code net/eth: Read ip6_ext_hdr_routing buffer before accessing it net/eth: Check iovec has enough data earlier net/eth: Check size earlier in _eth_get_rss_ex_dst_addr() net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument net/eth: Simplify _eth_get_rss_ex_dst_addr() net/eth: Use correct in6_address offset in _eth_get_rss_ex_dst_addr() net/colo-compare.c: Optimize removal of secondary packet net/colo-compare.c: Fix memory leak for non-tcp packet hw/net: virtio-net: Initialize nc->do_not_pad to true net: Pad short frames to minimum size before sending from SLiRP/TAP net: Add a 'do_not_pad" to NetClientState net: eth: Add a helper to pad a short Ethernet frame Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-22Merge remote-tracking branch ↵Peter Maydell
'remotes/thuth-gitlab/tags/pull-request-2021-03-21' into staging * Small fixes for the unit tests * Compilation fixes for Illumos et al. * Update the FreeBSD VM to 12.2 # gpg: Signature made Sun 21 Mar 2021 16:51:42 GMT # gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5 # gpg: issuer "thuth@redhat.com" # gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full] # gpg: aka "Thomas Huth <thuth@redhat.com>" [full] # gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full] # gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown] # Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5 * remotes/thuth-gitlab/tags/pull-request-2021-03-21: FreeBSD: Upgrade to 12.2 release contrib: ivshmem client and server build fix for SunOS. configure: fix for SunOS based systems tests/unit/test-block-iothread: fix maybe-uninitialized error on GCC 11 docs/devel/testing.rst: Fix references to unit tests Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-22net/eth: Read ip6_ext_hdr_routing buffer before accessing itPhilippe Mathieu-Daudé
We can't know the caller read enough data in the memory pointed by ext_hdr to cast it as a ip6_ext_hdr_routing. Declare rt_hdr on the stack and fill it again from the iovec. Since we already checked there is enough data in the iovec buffer, simply add an assert() call to consume the bytes_read variable. This fix a 2 bytes buffer overrun in eth_parse_ipv6_hdr() reported by QEMU fuzzer: $ cat << EOF | ./qemu-system-i386 -M pc-q35-5.0 \ -accel qtest -monitor none \ -serial none -nographic -qtest stdio outl 0xcf8 0x80001010 outl 0xcfc 0xe1020000 outl 0xcf8 0x80001004 outw 0xcfc 0x7 write 0x25 0x1 0x86 write 0x26 0x1 0xdd write 0x4f 0x1 0x2b write 0xe1020030 0x4 0x190002e1 write 0xe102003a 0x2 0x0807 write 0xe1020048 0x4 0x12077cdd write 0xe1020400 0x4 0xba077cdd write 0xe1020420 0x4 0x190002e1 write 0xe1020428 0x4 0x3509d807 write 0xe1020438 0x1 0xe2 EOF ================================================================= ==2859770==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdef904902 at pc 0x561ceefa78de bp 0x7ffdef904820 sp 0x7ffdef904818 READ of size 1 at 0x7ffdef904902 thread T0 #0 0x561ceefa78dd in _eth_get_rss_ex_dst_addr net/eth.c:410:17 #1 0x561ceefa41fb in eth_parse_ipv6_hdr net/eth.c:532:17 #2 0x561cef7de639 in net_tx_pkt_parse_headers hw/net/net_tx_pkt.c:228:14 #3 0x561cef7dbef4 in net_tx_pkt_parse hw/net/net_tx_pkt.c:273:9 #4 0x561ceec29f22 in e1000e_process_tx_desc hw/net/e1000e_core.c:730:29 #5 0x561ceec28eac in e1000e_start_xmit hw/net/e1000e_core.c:927:9 #6 0x561ceec1baab in e1000e_set_tdt hw/net/e1000e_core.c:2444:9 #7 0x561ceebf300e in e1000e_core_write hw/net/e1000e_core.c:3256:9 #8 0x561cef3cd4cd in e1000e_mmio_write hw/net/e1000e.c:110:5 Address 0x7ffdef904902 is located in stack of thread T0 at offset 34 in frame #0 0x561ceefa320f in eth_parse_ipv6_hdr net/eth.c:486 This frame has 1 object(s): [32, 34) 'ext_hdr' (line 487) <== Memory access at offset 34 overflows this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-buffer-overflow net/eth.c:410:17 in _eth_get_rss_ex_dst_addr Shadow bytes around the buggy address: 0x10003df188d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df188e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df188f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18910: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 =>0x10003df18920:[02]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x10003df18970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Stack left redzone: f1 Stack right redzone: f3 ==2859770==ABORTING Add the corresponding qtest case with the fuzzer reproducer. FWIW GCC 11 similarly reported: net/eth.c: In function 'eth_parse_ipv6_hdr': net/eth.c:410:15: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds] 410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) { | ~~~~~^~~~~~~ net/eth.c:485:24: note: while referencing 'ext_hdr' 485 | struct ip6_ext_hdr ext_hdr; | ^~~~~~~ net/eth.c:410:38: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds] 410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) { | ~~~~~^~~~~~~~~ net/eth.c:485:24: note: while referencing 'ext_hdr' 485 | struct ip6_ext_hdr ext_hdr; | ^~~~~~~ Cc: qemu-stable@nongnu.org Buglink: https://bugs.launchpad.net/qemu/+bug/1879531 Reported-by: Alexander Bulekov <alxndr@bu.edu> Reported-by: Miroslav Rezanina <mrezanin@redhat.com> Reviewed-by: Stefano Garzarella <sgarzare@redhat.com> Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com> Fixes: eb700029c78 ("net_pkt: Extend packet abstraction as required by e1000e functionality") Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Jason Wang <jasowang@redhat.com>
2021-03-20FreeBSD: Upgrade to 12.2 releaseWarner Losh
FreeBSD 12.1 has reached end of life. Use 12.2 instead so that FreeBSD's project's packages will work. Update which timezone to pick. Work around a QEMU bug that incorrectly raises an exception on a CRC32 instruction with the FPU disabled. The qemu bug is described here: https://www.mail-archive.com/qemu-devel@nongnu.org/msg784158.html Signed-off-by: Warner Losh <imp@bsdimp.com> Message-Id: <20210307155654.993-2-imp@bsdimp.com> [thuth: Disable gnutls to work-around a problem with libtasn1] Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-03-20tests/unit/test-block-iothread: fix maybe-uninitialized error on GCC 11Emanuele Giuseppe Esposito
When building qemu with GCC 11, test-block-iothread produces the following warning: ../tests/unit/test-block-iothread.c:148:11: error: ‘buf’ may be used uninitialized [-Werror=maybe-uninitialized] This is caused by buf[512] left uninitialized and passed to bdrv_save_vmstate() that expects a const uint8_t *, so the compiler assumes it will be read and expects the parameter to be initialized. Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com> Reviewed-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210319112218.49609-1-eesposit@redhat.com> Signed-off-by: Thomas Huth <thuth@redhat.com>
2021-03-19Merge remote-tracking branch 'remotes/bonzini-gitlab/tags/for-upstream' into ↵Peter Maydell
staging * fixes for i386 TCG paging * fixes for Hyper-V enlightenments * avoid uninitialized variable warning # gpg: Signature made Fri 19 Mar 2021 14:38:12 GMT # gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83 # gpg: issuer "pbonzini@redhat.com" # gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full] # gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full] # Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1 # Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83 * remotes/bonzini-gitlab/tags/for-upstream: tests/qtest: cleanup the testcase for bug 1878642 hw/intc/i8259: Refactor pic_read_irq() to avoid uninitialized variable i386: Make migration fail when Hyper-V reenlightenment was enabled but 'user_tsc_khz' is unset i386: Fix 'hypercall_hypercall' typo target/i386: svm: do not discard high 32 bits of EXITINFO1 target/i386: fail if toggling LA57 in 64-bit mode target/i386: allow modifying TCG phys-addr-bits qom: use qemu_printf to print help for user-creatable objects Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-19Merge remote-tracking branch 'remotes/armbru/tags/pull-qapi-2021-03-16-v4' ↵Peter Maydell
into staging QAPI patches patches for 2021-03-16 # gpg: Signature made Fri 19 Mar 2021 15:06:52 GMT # gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653 # gpg: issuer "armbru@redhat.com" # gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full] # gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full] # Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653 * remotes/armbru/tags/pull-qapi-2021-03-16-v4: qapi: New -compat deprecated-input=crash qapi: Implement deprecated-input=reject for QMP command arguments qapi: Implement deprecated-input=reject for QMP commands test-util-sockets: Add stub for monitor_set_cur() qapi: Implement deprecated-output=hide for QMP introspection monitor: Drop query-qmp-schema 'gen': false hack qapi: Implement deprecated-output=hide for QMP event data qapi: Implement deprecated-output=hide for QMP events qapi: Implement deprecated-output=hide for QMP command results qemu-options: New -compat to set policy for deprecated interfaces qemuutil: remove qemu_set_fd_handler duplicate symbol Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-19qapi: Implement deprecated-input=reject for QMP command argumentsMarkus Armbruster
This policy rejects deprecated input, and thus permits "testing the future". Implement it for QMP command arguments: reject commands with deprecated ones. Example: when QEMU is run with -compat deprecated-input=reject, then {"execute": "eject", "arguments": {"device": "cd"}} fails like this {"error": {"class": "GenericError", "desc": "Deprecated parameter 'device' disabled by policy"}} When the deprecated parameter is removed, the error will change to {"error": {"class": "GenericError", "desc": "Parameter 'device' is unexpected"}} Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20210318155519.1224118-11-armbru@redhat.com>
2021-03-19qapi: Implement deprecated-input=reject for QMP commandsMarkus Armbruster
This policy rejects deprecated input, and thus permits "testing the future". Implement it for QMP commands: make deprecated ones fail. Example: when QEMU is run with -compat deprecated-input=reject, then {"execute": "query-cpus"} fails like this {"error": {"class": "CommandNotFound", "desc": "Deprecated command query-cpus disabled by policy"}} When the deprecated command is removed, the error will change to {"error": {"class": "CommandNotFound", "desc": "The command query-cpus has not been found"}} Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20210318155519.1224118-10-armbru@redhat.com>
2021-03-19test-util-sockets: Add stub for monitor_set_cur()Markus Armbruster
Without this stub, the next commit fails to link. I suspect the real cause is 947e47448d "monitor: Use getter/setter functions for cur_mon". Cc: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20210318155519.1224118-9-armbru@redhat.com>
2021-03-19qapi: Implement deprecated-output=hide for QMP event dataMarkus Armbruster
This policy suppresses deprecated bits in output, and thus permits "testing the future". Implement it for QMP event data: suppress deprecated members. No QMP event data is deprecated right now. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20210318155519.1224118-6-armbru@redhat.com>
2021-03-19qapi: Implement deprecated-output=hide for QMP eventsMarkus Armbruster
This policy suppresses deprecated bits in output, and thus permits "testing the future". Implement it for QMP events: suppress deprecated ones. No QMP event is deprecated right now. Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20210318155519.1224118-5-armbru@redhat.com>
2021-03-19qapi: Implement deprecated-output=hide for QMP command resultsMarkus Armbruster
This policy suppresses deprecated bits in output, and thus permits "testing the future". Implement it for QMP command results. Example: when QEMU is run with -compat deprecated-output=hide, then {"execute": "query-cpus-fast"} yields {"return": [{"thread-id": 9805, "props": {"core-id": 0, "thread-id": 0, "socket-id": 0}, "qom-path": "/machine/unattached/device[0]", "cpu-index": 0, "target": "x86_64"}]} instead of {"return": [{"arch": "x86", "thread-id": 22436, "props": {"core-id": 0, "thread-id": 0, "socket-id": 0}, "qom-path": "/machine/unattached/device[0]", "cpu-index": 0, "target": "x86_64"}]} Note the suppression of deprecated member "arch". Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Message-Id: <20210318155519.1224118-4-armbru@redhat.com>
2021-03-19tests/qtest: cleanup the testcase for bug 1878642Paolo Bonzini
Clean up the writes to the configuration space and the PM region, and rename the test to lpc-ich9-test. Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-19hw: Replace anti-social QOM type namesMarkus Armbruster
Several QOM type names contain ',': ARM,bitband-memory etraxfs,pic etraxfs,serial etraxfs,timer fsl,imx25 fsl,imx31 fsl,imx6 fsl,imx6ul fsl,imx7 grlib,ahbpnp grlib,apbpnp grlib,apbuart grlib,gptimer grlib,irqmp qemu,register SUNW,bpp SUNW,CS4231 SUNW,DBRI SUNW,DBRI.prom SUNW,fdtwo SUNW,sx SUNW,tcx xilinx,zynq_slcr xlnx,zynqmp xlnx,zynqmp-pmu-soc xlnx,zynq-xadc These are all device types. They can't be plugged with -device / device_add, except for xlnx,zynqmp-pmu-soc, and I doubt that one actually works. They *can* be used with -device / device_add to request help. Usability is poor, though: you have to double the comma, like this: $ qemu-system-x86_64 -device SUNW,,fdtwo,help Trap for the unwary. The fact that this was broken in device-introspect-test for more than six years until commit e27bd49876 fixed it demonstrates that "the unwary" includes seasoned developers. One QOM type name contains ' ': "ICH9 SMB". Because having to remember just one way to quote would be too easy. Rename the "SUNW,FOO types to "sun-FOO". Summarily replace ',' and ' ' by '-' in the other type names. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210304140229.575481-2-armbru@redhat.com> Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Acked-by: Paolo Bonzini <pbonzini@redhat.com>
2021-03-19fdc: Drop deprecated floppy configurationMarkus Armbruster
Drop the crap deprecated in commit 4a27a638e7 "fdc: Deprecate configuring floppies with -global isa-fdc" (v5.1.0). Signed-off-by: Markus Armbruster <armbru@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: John Snow <jsnow@redhat.com> Message-id: 20210309161214.1402527-3-armbru@redhat.com Signed-off-by: John Snow <jsnow@redhat.com>
2021-03-19fuzz: Avoid deprecated misuse of -drive if=sdMarkus Armbruster
qemu-fuzz-i386-target-generic-fuzz-sdhci-v3 uses -drive=sd where it should use -drive if=none instead. This prints a deprecation warning: $ ./build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-sdhci-v3 -runs=1 -seed=1 [ASan warnings snipped...] --> i386: -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive: warning: bogus if=sd is deprecated, use if=none INFO: Seed: 1 [More normal output snipped...] Support for this usage will be gone soon. Adjust the test. Signed-off-by: Markus Armbruster <armbru@redhat.com> Message-Id: <20210319132008.1830950-1-armbru@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
2021-03-19tests: convert check-qom-proplist to keyvalPaolo Bonzini
The command-line creation test is using QemuOpts. Switch it to keyval, since the emulator has some special needs and thus the last user of user_creatable_add_opts will go away with the next patch. Reviewed-by: Kevin Wolf <kwolf@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210312173547.1283477-2-pbonzini@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-19char: Deprecate backend aliases 'tty' and 'parport'Kevin Wolf
QAPI doesn't know the aliases 'tty' and 'parport' and there is no reason to prefer them to the real names of the backends 'serial' and 'parallel'. Since warnings are not allowed in 'make check' output, we can't test the deprecated alias any more. Remove it from test-char. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Message-Id: <20210311164253.338723-3-kwolf@redhat.com> Reviewed-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-19tests: Drop 'props' from object-add callsKevin Wolf
The 'props' option has been deprecated in 5.0 in favour of a flattened object-add command. Time to change our test cases to drop the deprecated option. Signed-off-by: Kevin Wolf <kwolf@redhat.com> Acked-by: Paolo Bonzini <pbonzini@redhat.com> Acked-by: Peter Krempa <pkrempa@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com>
2021-03-19stream: Don't crash when node permission is deniedKevin Wolf
The image streaming block job restricts shared permissions of the nodes it accesses. This can obviously fail when other users already got these permissions. &error_abort is therefore wrong and can crash. Handle these errors gracefully and just fail starting the block job. Reported-by: Nini Gu <ngu@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20210309173451.45152-1-kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Reviewed-by: Alberto Garcia <berto@igalia.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-19storage-daemon: Call job_cancel_sync_all() on shutdownKevin Wolf
bdrv_close_all() asserts that no jobs are running any more, so we need to cancel all jobs first to avoid failing the assertion. Fixes: b55a3c8860b763b62b2cc2f4a6f55379977bbde5 Reported-by: Nini Gu <ngu@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com> Message-Id: <20210309121814.31078-1-kwolf@redhat.com> Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Kevin Wolf <kwolf@redhat.com>
2021-03-18Merge remote-tracking branch ↵Peter Maydell
'remotes/berrange-gitlab/tags/dep-many-pull-request' into staging Remove many old deprecated features The following features have been deprecated for well over the 2 release cycle we promise ``-drive file=json:{...{'driver':'file'}}`` (since 3.0) ``-vnc acl`` (since 4.0.0) ``-mon ...,control=readline,pretty=on|off`` (since 4.1) ``migrate_set_downtime`` and ``migrate_set_speed`` (since 2.8.0) ``query-named-block-nodes`` result ``encryption_key_missing`` (since 2.10.0) ``query-block`` result ``inserted.encryption_key_missing`` (since 2.10.0) ``migrate-set-cache-size`` and ``query-migrate-cache-size`` (since 2.11.0) ``query-named-block-nodes`` and ``query-block`` result dirty-bitmaps[i].status (since 4.0) ``query-cpus`` (since 2.12.0) ``query-cpus-fast`` ``arch`` output member (since 3.0.0) ``query-events`` (since 4.0) chardev client socket with ``wait`` option (since 4.0) ``acl_show``, ``acl_reset``, ``acl_policy``, ``acl_add``, ``acl_remove`` (since 4.0.0) ``ide-drive`` (since 4.2) ``scsi-disk`` (since 4.2) # gpg: Signature made Thu 18 Mar 2021 09:23:39 GMT # gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF # gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full] # gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full] # Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF * remotes/berrange-gitlab/tags/dep-many-pull-request: block: remove support for using "file" driver with block/char devices block: remove 'dirty-bitmaps' field from 'BlockInfo' struct block: remove dirty bitmaps 'status' field block: remove 'encryption_key_missing' flag from QAPI hw/scsi: remove 'scsi-disk' device hw/ide: remove 'ide-drive' device chardev: reject use of 'wait' flag for socket client chardevs machine: remove 'arch' field from 'query-cpus-fast' QMP command machine: remove 'query-cpus' QMP command migrate: remove QMP/HMP commands for speed, downtime and cache size monitor: remove 'query-events' QMP command monitor: raise error when 'pretty' option is used with HMP ui, monitor: remove deprecated VNC ACL option and HMP commands Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
2021-03-18Merge remote-tracking branch ↵Peter Maydell
'remotes/stsquad/tags/pull-misc-6.0-updates-170321-2' into staging Final fixes for 6.0 - plugins physical address changes - syscall tracking plugin - plugin kernel-doc comments (without integration) - libfdt build fix for guest-loader # gpg: Signature made Wed 17 Mar 2021 07:19:23 GMT # gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44 # gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full] # Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44 * remotes/stsquad/tags/pull-misc-6.0-updates-170321-2: hw/core: Only build guest-loader if libfdt is available plugins: Fixes typo in qemu-plugin.h plugins: getting qemu_plugin_get_hwaddr only expose one function prototype plugins: expand kernel-doc for memory query and instrumentation plugins: expand kernel-doc for instruction query and instrumentation plugins: expand inline exec kernel-doc documentation. plugins: add qemu_plugin_id_t to kernel-doc plugins: add qemu_plugin_cb_flags to kernel-doc plugins: expand the typedef kernel-docs for translation plugins: expand the callback typedef kernel-docs plugins: cleanup kernel-doc for qemu_plugin_install plugins: expand kernel-doc for qemu_info_t plugins: Expose physical addresses instead of device offsets plugins: new syscalls plugin utils: Use fixed-point arithmetic in qemu_strtosz Signed-off-by: Peter Maydell <peter.maydell@linaro.org>