Age | Commit message (Collapse) | Author |
|
staging
QAPI patches patches for 2021-03-23
# gpg: Signature made Tue 23 Mar 2021 21:37:53 GMT
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qapi-2021-03-23: (29 commits)
block: Remove monitor command block_passwd
qapi: Enforce union and alternate branch naming rules
qapi: Enforce enum member naming rules
qapi: Enforce struct member naming rules
tests/qapi-schema: Switch member name clash test to struct
qapi: Enforce command naming rules
qapi: Enforce feature naming rules
qapi: Prepare for rejecting underscore in command and member names
tests-qmp-cmds: Drop unused and incorrect qmp_TestIfCmd()
qapi/pragma: Streamline comments on member-name-exceptions
qapi: Rename pragma *-whitelist to *-exceptions
tests/qapi-schema: Rename returns-whitelist to returns-bad-type
tests/qapi-schema: Rename pragma-*-crap to pragma-value-not-*
qapi: Factor out QAPISchemaParser._check_pragma_list_of_str()
tests/qapi-schema: Rename redefined-builtin to redefined-predefined
qapi: Enforce type naming rules
qapi: Enforce event naming rules
qapi: Consistently permit any case in downstream prefixes
qapi: Move uppercase rejection to check_name_lower()
qapi: Rework name checking in preparation of stricter checking
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Union branch names should use '-', not '_'. Enforce this. The only
offenders are in tests/. Fix them.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-29-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Commit message typo fixed]
|
|
Enum members should use '-', not '_'. Enforce this. Fix the fixable
offenders (all in tests/), and add the remainder to pragma
member-name-exceptions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-28-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Struct members, including command arguments, event data, and union
inline base members, should use '-', not '_'. Enforce this. Fix the
fixable offenders (all in tests/), and add the remainder to pragma
member-name-exceptions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-27-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Test args-name-clash covers command parameter name clash. This
effectively covers struct member name clash as well. The next commit
will make parameter name clash impossible. Convert args-name-clash
from testing command to testing a struct, and rename it to
struct-member-name-clash.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-26-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Commit message typo fixed]
|
|
Command names should be lower-case. Enforce this. Fix the fixable
offenders (all in tests/), and add the remainder to pragma
command-name-exceptions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-25-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Command names and member names within a type should be all lower case
with words separated by a hyphen. We also accept underscore. Rework
check_name_lower() to optionally reject underscores, but don't use
that option, yet.
Update expected test output for the changed error message.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-23-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Commit 967c885108 "qapi: add 'if' to top-level expressions" added
command TestIfCmd with an 'if' condition. It also added the
qmp_TestIfCmd() to go with it, guarded by the corresponding #if.
Commit ccadd6bcba "qapi: Add 'if' to implicit struct members" changed
the command, but not the function. Compiles only because we don't
satisfy the #if. Instead of fixing the function, simply drop it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-22-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Rename pragma returns-whitelist to command-returns-exceptions, and
name-case-whitelist to member-name-case-exceptions.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-20-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
This test covers returning "bad" types. Pragma returns-whitelist is
just one aspect. Naming it returns-whitelist is suboptimal. Rename
to returns-bad-type.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-19-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Rename pragma-doc-required-crap to pragma-not-bool,
pragma-returns-whitelist-crap to pragma-value-not-list, and
pragma-name-case-whitelist-crap to pragma-value-not-list-of-str.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-18-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
The previous commit changed this test to clash with a predefined enum
type, not a built-in type. Adjust its name.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-16-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
Type names should be CamelCase. Enforce this. The only offenders are
in tests/. Fix them. Add test type-case to cover the new error.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-15-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
[Regexp simplified, new test made more robust]
|
|
Event names should be ALL_CAPS with words separated by underscore.
Enforce this. The only offenders are in tests/. Fix them. Existing
test event-case covers the new error.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-14-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
check_type() fails to reject optional members with reserved names,
because it neglects to strip off the leading '*'. Fix that.
The stripping in check_name_str() is now useless. Drop.
Also drop the "no leading '*'" assertion, because valid_name.match()
ensures it can't fail.
Fixes: 9fb081e0b98409556d023c7193eeb68947cd1211
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-8-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
|
|
Member name 'u' and names starting with 'has-' or 'has_' are reserved
for the generator. check_type() enforces this, covered by tests
reserved-member-u and reserved-member-has.
These tests neglect to cover optional members, where the name starts
with '*'. Tweak reserved-member-u to fix that. Test
reserved-member-has still covers non-optional members.
This demonstrates the reserved member name check is broken for
optional members. The next commit will fix it.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-7-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
[Commit message improved slightly]
|
|
'remotes/pmaydell/tags/pull-target-arm-20210323' into staging
target-arm queue:
* hw/arm/virt: Disable pl011 clock migration if needed
* target/arm: Make M-profile VTOR loads on reset handle memory aliasing
* target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill
# gpg: Signature made Tue 23 Mar 2021 14:26:09 GMT
# gpg: using RSA key E1A5C593CD419DE28E8315CF3C2525ED14360CDE
# gpg: issuer "peter.maydell@linaro.org"
# gpg: Good signature from "Peter Maydell <peter.maydell@linaro.org>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@gmail.com>" [ultimate]
# gpg: aka "Peter Maydell <pmaydell@chiark.greenend.org.uk>" [ultimate]
# Primary key fingerprint: E1A5 C593 CD41 9DE2 8E83 15CF 3C25 25ED 1436 0CDE
* remotes/pmaydell/tags/pull-target-arm-20210323:
target/arm: Set ARMMMUFaultInfo.level in user-only arm_cpu_tlb_fill
target/arm: Make M-profile VTOR loads on reset handle memory aliasing
hw/core/loader: Add new function rom_ptr_for_as()
memory: Add offset_in_region to flatview_cb arguments
memory: Document flatview_for_each_range()
memory: Make flatview_cb return bool, not int
hw/arm/virt: Disable pl011 clock migration if needed
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Simple unions don't need more features, they need to die.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-6-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
|
|
Commit 0426d53c65 "qapi: Simplify visiting of alternate types"
eliminated the implicit alternate enum, but neglected to update a
comment about it in a test. Do that now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-5-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
|
|
A few old comments talk about "desired future use of defaults" and
"anonymous inline branch types". Kind of misleading since commit
87adbbffd4 "qapi: add a dictionary form for TYPE" added longhand
member definitions. Talk about that instead.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-4-armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
|
|
flat-union-inline.json covers longhand branch definition with an
invalid type value. It's redundant: longhand branch definition is
covered by flat-union-inline-invalid-dict.json, and invalid type value
is covered by nested-struct-data.json. Drop the test.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210323094025.3569441-3-armbru@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
|
|
The function flatview_for_each_range() calls a callback for each
range in a FlatView. Currently the callback gets the start and
length of the range and the MemoryRegion involved, but not the offset
within the MemoryRegion. Add this to the callback's arguments; we're
going to want it for a new use in the next commit.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210318174823.18066-4-peter.maydell@linaro.org
|
|
The return value of the flatview_cb callback passed to the
flatview_for_each_range() function is zero if the iteration through
the ranges should continue, or non-zero to break out of it. Use a
bool for this rather than int.
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-id: 20210318174823.18066-2-peter.maydell@linaro.org
|
|
pc,virtio,pci: fixes, features
Fixes all over the place.
ACPI index support.
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
# gpg: Signature made Mon 22 Mar 2021 22:58:45 GMT
# gpg: using RSA key 5D09FD0871C8F85B94CA8A0D281F0DB8D28D5469
# gpg: issuer "mst@redhat.com"
# gpg: Good signature from "Michael S. Tsirkin <mst@kernel.org>" [full]
# gpg: aka "Michael S. Tsirkin <mst@redhat.com>" [full]
# Primary key fingerprint: 0270 606B 6F3C DF3D 0B17 0970 C350 3912 AFBE 8E67
# Subkey fingerprint: 5D09 FD08 71C8 F85B 94CA 8A0D 281F 0DB8 D28D 5469
* remotes/mst/tags/for_upstream:
acpi: Move setters/getters of oem fields to X86MachineState
acpi: Set proper maximum size for "etc/acpi/rsdp" blob
acpi: Move maximum size logic into acpi_add_rom_blob()
microvm: Don't open-code "etc/table-loader"
acpi: Set proper maximum size for "etc/table-loader" blob
tests: acpi: update expected blobs
pci: acpi: add _DSM method to PCI devices
acpi: add aml_to_decimalstring() and aml_call6() helpers
pci: acpi: ensure that acpi-index is unique
pci: introduce acpi-index property for PCI device
tests: acpi: temporary whitelist DSDT changes
virtio-pmem: fix virtio_pmem_resp assign problem
vhost-user: Monitor slave channel in vhost_user_read()
vhost-user: Introduce nested event loop in vhost_user_read()
vhost-user: Convert slave channel to QIOChannelSocket
vhost-user: Factor out duplicated slave_fd teardown code
vhost-user: Fix double-close on slave_read() error path
vhost-user: Drop misleading EAGAIN checks in slave_read()
virtio: Fix virtio_mmio_read()/virtio_mmio_write()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
expected changes are:
* larger BNMR operation region
* new PIDX field and method to fetch acpi-index
* PDSM method that implements PCI device _DSM +
per device _DSM that calls PDSM
@@ -221,10 +221,11 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
B0EJ, 32
}
- OperationRegion (BNMR, SystemIO, 0xAE10, 0x04)
+ OperationRegion (BNMR, SystemIO, 0xAE10, 0x08)
Field (BNMR, DWordAcc, NoLock, WriteAsZeros)
{
- BNUM, 32
+ BNUM, 32,
+ PIDX, 32
}
Mutex (BLCK, 0x00)
@@ -236,6 +237,52 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
Release (BLCK)
Return (Zero)
}
+
+ Method (AIDX, 2, NotSerialized)
+ {
+ Acquire (BLCK, 0xFFFF)
+ BNUM = Arg0
+ PIDX = (One << Arg1)
+ Local0 = PIDX /* \_SB_.PCI0.PIDX */
+ Release (BLCK)
+ Return (Local0)
+ }
+
+ Method (PDSM, 6, Serialized)
+ {
+ If ((Arg0 == ToUUID ("e5c937d0-3553-4d7a-9117-ea4d19c3434d") /* Device Labeling Interface */))
+ {
+ Local0 = AIDX (Arg4, Arg5)
+ If ((Arg2 == Zero))
+ {
+ If ((Arg1 == 0x02))
+ {
+ If (!((Local0 == Zero) | (Local0 == 0xFFFFFFFF)))
+ {
+ Return (Buffer (One)
+ {
+ 0x81 // .
+ })
+ }
+ }
+
+ Return (Buffer (One)
+ {
+ 0x00 // .
+ })
+ }
+ ElseIf ((Arg2 == 0x07))
+ {
+ Local1 = Package (0x02)
+ {
+ Zero,
+ ""
+ }
+ Local1 [Zero] = Local0
+ Return (Local1)
+ }
+ }
+ }
}
Scope (_SB)
@@ -785,7 +832,7 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
0xAE00, // Range Minimum
0xAE00, // Range Maximum
0x01, // Alignment
- 0x14, // Length
+ 0x18, // Length
)
})
}
@@ -842,11 +889,22 @@ DefinitionBlock ("", "DSDT", 1, "BOCHS ", "BXPC ", 0x00000001)
Device (S00)
{
Name (_ADR, Zero) // _ADR: Address
+ Name (_SUN, Zero) // _SUN: Slot User Number
+ Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method
+ {
+ Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN))
+ }
}
Device (S10)
{
Name (_ADR, 0x00020000) // _ADR: Address
+ Name (_SUN, 0x02) // _SUN: Slot User Number
+ Method (_DSM, 4, Serialized) // _DSM: Device-Specific Method
+ {
+ Return (PDSM (Arg0, Arg1, Arg2, Arg3, BSEL, _SUN))
+ }
+
Method (_S1D, 0, NotSerialized) // _S1D: S1 Device State
{
Return (Zero)
[...]
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210315180102.3008391-7-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Igor Mammedov <imammedo@redhat.com>
Message-Id: <20210315180102.3008391-2-imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
Signed-off-by: Michael S. Tsirkin <mst@redhat.com>
|
|
staging
# gpg: Signature made Mon 22 Mar 2021 09:35:08 GMT
# gpg: using RSA key EF04965B398D6211
# gpg: Good signature from "Jason Wang (Jason Wang on RedHat) <jasowang@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 215D 46F4 8246 689E C77F 3562 EF04 965B 398D 6211
* remotes/jasowang/tags/net-pull-request:
net/eth: Add an assert() and invert if() statement to simplify code
net/eth: Read ip6_ext_hdr_routing buffer before accessing it
net/eth: Check iovec has enough data earlier
net/eth: Check size earlier in _eth_get_rss_ex_dst_addr()
net/eth: Better describe _eth_get_rss_ex_dst_addr's offset argument
net/eth: Simplify _eth_get_rss_ex_dst_addr()
net/eth: Use correct in6_address offset in _eth_get_rss_ex_dst_addr()
net/colo-compare.c: Optimize removal of secondary packet
net/colo-compare.c: Fix memory leak for non-tcp packet
hw/net: virtio-net: Initialize nc->do_not_pad to true
net: Pad short frames to minimum size before sending from SLiRP/TAP
net: Add a 'do_not_pad" to NetClientState
net: eth: Add a helper to pad a short Ethernet frame
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
'remotes/thuth-gitlab/tags/pull-request-2021-03-21' into staging
* Small fixes for the unit tests
* Compilation fixes for Illumos et al.
* Update the FreeBSD VM to 12.2
# gpg: Signature made Sun 21 Mar 2021 16:51:42 GMT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* remotes/thuth-gitlab/tags/pull-request-2021-03-21:
FreeBSD: Upgrade to 12.2 release
contrib: ivshmem client and server build fix for SunOS.
configure: fix for SunOS based systems
tests/unit/test-block-iothread: fix maybe-uninitialized error on GCC 11
docs/devel/testing.rst: Fix references to unit tests
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
We can't know the caller read enough data in the memory pointed
by ext_hdr to cast it as a ip6_ext_hdr_routing.
Declare rt_hdr on the stack and fill it again from the iovec.
Since we already checked there is enough data in the iovec buffer,
simply add an assert() call to consume the bytes_read variable.
This fix a 2 bytes buffer overrun in eth_parse_ipv6_hdr() reported
by QEMU fuzzer:
$ cat << EOF | ./qemu-system-i386 -M pc-q35-5.0 \
-accel qtest -monitor none \
-serial none -nographic -qtest stdio
outl 0xcf8 0x80001010
outl 0xcfc 0xe1020000
outl 0xcf8 0x80001004
outw 0xcfc 0x7
write 0x25 0x1 0x86
write 0x26 0x1 0xdd
write 0x4f 0x1 0x2b
write 0xe1020030 0x4 0x190002e1
write 0xe102003a 0x2 0x0807
write 0xe1020048 0x4 0x12077cdd
write 0xe1020400 0x4 0xba077cdd
write 0xe1020420 0x4 0x190002e1
write 0xe1020428 0x4 0x3509d807
write 0xe1020438 0x1 0xe2
EOF
=================================================================
==2859770==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffdef904902 at pc 0x561ceefa78de bp 0x7ffdef904820 sp 0x7ffdef904818
READ of size 1 at 0x7ffdef904902 thread T0
#0 0x561ceefa78dd in _eth_get_rss_ex_dst_addr net/eth.c:410:17
#1 0x561ceefa41fb in eth_parse_ipv6_hdr net/eth.c:532:17
#2 0x561cef7de639 in net_tx_pkt_parse_headers hw/net/net_tx_pkt.c:228:14
#3 0x561cef7dbef4 in net_tx_pkt_parse hw/net/net_tx_pkt.c:273:9
#4 0x561ceec29f22 in e1000e_process_tx_desc hw/net/e1000e_core.c:730:29
#5 0x561ceec28eac in e1000e_start_xmit hw/net/e1000e_core.c:927:9
#6 0x561ceec1baab in e1000e_set_tdt hw/net/e1000e_core.c:2444:9
#7 0x561ceebf300e in e1000e_core_write hw/net/e1000e_core.c:3256:9
#8 0x561cef3cd4cd in e1000e_mmio_write hw/net/e1000e.c:110:5
Address 0x7ffdef904902 is located in stack of thread T0 at offset 34 in frame
#0 0x561ceefa320f in eth_parse_ipv6_hdr net/eth.c:486
This frame has 1 object(s):
[32, 34) 'ext_hdr' (line 487) <== Memory access at offset 34 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow net/eth.c:410:17 in _eth_get_rss_ex_dst_addr
Shadow bytes around the buggy address:
0x10003df188d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df188e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df188f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df18900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df18910: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1
=>0x10003df18920:[02]f3 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df18930: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df18940: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df18950: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df18960: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x10003df18970: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Stack left redzone: f1
Stack right redzone: f3
==2859770==ABORTING
Add the corresponding qtest case with the fuzzer reproducer.
FWIW GCC 11 similarly reported:
net/eth.c: In function 'eth_parse_ipv6_hdr':
net/eth.c:410:15: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds]
410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) {
| ~~~~~^~~~~~~
net/eth.c:485:24: note: while referencing 'ext_hdr'
485 | struct ip6_ext_hdr ext_hdr;
| ^~~~~~~
net/eth.c:410:38: error: array subscript 'struct ip6_ext_hdr_routing[0]' is partly outside array bounds of 'struct ip6_ext_hdr[1]' [-Werror=array-bounds]
410 | if ((rthdr->rtype == 2) && (rthdr->segleft == 1)) {
| ~~~~~^~~~~~~~~
net/eth.c:485:24: note: while referencing 'ext_hdr'
485 | struct ip6_ext_hdr ext_hdr;
| ^~~~~~~
Cc: qemu-stable@nongnu.org
Buglink: https://bugs.launchpad.net/qemu/+bug/1879531
Reported-by: Alexander Bulekov <alxndr@bu.edu>
Reported-by: Miroslav Rezanina <mrezanin@redhat.com>
Reviewed-by: Stefano Garzarella <sgarzare@redhat.com>
Reviewed-by: Miroslav Rezanina <mrezanin@redhat.com>
Fixes: eb700029c78 ("net_pkt: Extend packet abstraction as required by e1000e functionality")
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Jason Wang <jasowang@redhat.com>
|
|
FreeBSD 12.1 has reached end of life. Use 12.2 instead so that FreeBSD's
project's packages will work. Update which timezone to pick. Work around a QEMU
bug that incorrectly raises an exception on a CRC32 instruction with the FPU
disabled. The qemu bug is described here:
https://www.mail-archive.com/qemu-devel@nongnu.org/msg784158.html
Signed-off-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20210307155654.993-2-imp@bsdimp.com>
[thuth: Disable gnutls to work-around a problem with libtasn1]
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
When building qemu with GCC 11, test-block-iothread produces the following
warning:
../tests/unit/test-block-iothread.c:148:11: error: ‘buf’ may be used
uninitialized [-Werror=maybe-uninitialized]
This is caused by buf[512] left uninitialized and passed to
bdrv_save_vmstate() that expects a const uint8_t *, so the compiler
assumes it will be read and expects the parameter to be initialized.
Signed-off-by: Emanuele Giuseppe Esposito <eesposit@redhat.com>
Reviewed-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210319112218.49609-1-eesposit@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
staging
* fixes for i386 TCG paging
* fixes for Hyper-V enlightenments
* avoid uninitialized variable warning
# gpg: Signature made Fri 19 Mar 2021 14:38:12 GMT
# gpg: using RSA key F13338574B662389866C7682BFFBD25F78C7AE83
# gpg: issuer "pbonzini@redhat.com"
# gpg: Good signature from "Paolo Bonzini <bonzini@gnu.org>" [full]
# gpg: aka "Paolo Bonzini <pbonzini@redhat.com>" [full]
# Primary key fingerprint: 46F5 9FBD 57D6 12E7 BFD4 E2F7 7E15 100C CD36 69B1
# Subkey fingerprint: F133 3857 4B66 2389 866C 7682 BFFB D25F 78C7 AE83
* remotes/bonzini-gitlab/tags/for-upstream:
tests/qtest: cleanup the testcase for bug 1878642
hw/intc/i8259: Refactor pic_read_irq() to avoid uninitialized variable
i386: Make migration fail when Hyper-V reenlightenment was enabled but 'user_tsc_khz' is unset
i386: Fix 'hypercall_hypercall' typo
target/i386: svm: do not discard high 32 bits of EXITINFO1
target/i386: fail if toggling LA57 in 64-bit mode
target/i386: allow modifying TCG phys-addr-bits
qom: use qemu_printf to print help for user-creatable objects
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
into staging
QAPI patches patches for 2021-03-16
# gpg: Signature made Fri 19 Mar 2021 15:06:52 GMT
# gpg: using RSA key 354BC8B3D7EB2A6B68674E5F3870B400EB918653
# gpg: issuer "armbru@redhat.com"
# gpg: Good signature from "Markus Armbruster <armbru@redhat.com>" [full]
# gpg: aka "Markus Armbruster <armbru@pond.sub.org>" [full]
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-qapi-2021-03-16-v4:
qapi: New -compat deprecated-input=crash
qapi: Implement deprecated-input=reject for QMP command arguments
qapi: Implement deprecated-input=reject for QMP commands
test-util-sockets: Add stub for monitor_set_cur()
qapi: Implement deprecated-output=hide for QMP introspection
monitor: Drop query-qmp-schema 'gen': false hack
qapi: Implement deprecated-output=hide for QMP event data
qapi: Implement deprecated-output=hide for QMP events
qapi: Implement deprecated-output=hide for QMP command results
qemu-options: New -compat to set policy for deprecated interfaces
qemuutil: remove qemu_set_fd_handler duplicate symbol
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
This policy rejects deprecated input, and thus permits "testing the
future". Implement it for QMP command arguments: reject commands with
deprecated ones. Example: when QEMU is run with -compat
deprecated-input=reject, then
{"execute": "eject", "arguments": {"device": "cd"}}
fails like this
{"error": {"class": "GenericError", "desc": "Deprecated parameter 'device' disabled by policy"}}
When the deprecated parameter is removed, the error will change to
{"error": {"class": "GenericError", "desc": "Parameter 'device' is unexpected"}}
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210318155519.1224118-11-armbru@redhat.com>
|
|
This policy rejects deprecated input, and thus permits "testing the
future". Implement it for QMP commands: make deprecated ones fail.
Example: when QEMU is run with -compat deprecated-input=reject, then
{"execute": "query-cpus"}
fails like this
{"error": {"class": "CommandNotFound", "desc": "Deprecated command query-cpus disabled by policy"}}
When the deprecated command is removed, the error will change to
{"error": {"class": "CommandNotFound", "desc": "The command query-cpus has not been found"}}
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210318155519.1224118-10-armbru@redhat.com>
|
|
Without this stub, the next commit fails to link. I suspect the real
cause is 947e47448d "monitor: Use getter/setter functions for
cur_mon".
Cc: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210318155519.1224118-9-armbru@redhat.com>
|
|
This policy suppresses deprecated bits in output, and thus permits
"testing the future". Implement it for QMP event data: suppress
deprecated members.
No QMP event data is deprecated right now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210318155519.1224118-6-armbru@redhat.com>
|
|
This policy suppresses deprecated bits in output, and thus permits
"testing the future". Implement it for QMP events: suppress
deprecated ones.
No QMP event is deprecated right now.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210318155519.1224118-5-armbru@redhat.com>
|
|
This policy suppresses deprecated bits in output, and thus permits
"testing the future". Implement it for QMP command results. Example:
when QEMU is run with -compat deprecated-output=hide, then
{"execute": "query-cpus-fast"}
yields
{"return": [{"thread-id": 9805, "props": {"core-id": 0, "thread-id": 0, "socket-id": 0}, "qom-path": "/machine/unattached/device[0]", "cpu-index": 0, "target": "x86_64"}]}
instead of
{"return": [{"arch": "x86", "thread-id": 22436, "props": {"core-id": 0, "thread-id": 0, "socket-id": 0}, "qom-path": "/machine/unattached/device[0]", "cpu-index": 0, "target": "x86_64"}]}
Note the suppression of deprecated member "arch".
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20210318155519.1224118-4-armbru@redhat.com>
|
|
Clean up the writes to the configuration space and the PM region, and
rename the test to lpc-ich9-test.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Several QOM type names contain ',':
ARM,bitband-memory
etraxfs,pic
etraxfs,serial
etraxfs,timer
fsl,imx25
fsl,imx31
fsl,imx6
fsl,imx6ul
fsl,imx7
grlib,ahbpnp
grlib,apbpnp
grlib,apbuart
grlib,gptimer
grlib,irqmp
qemu,register
SUNW,bpp
SUNW,CS4231
SUNW,DBRI
SUNW,DBRI.prom
SUNW,fdtwo
SUNW,sx
SUNW,tcx
xilinx,zynq_slcr
xlnx,zynqmp
xlnx,zynqmp-pmu-soc
xlnx,zynq-xadc
These are all device types. They can't be plugged with -device /
device_add, except for xlnx,zynqmp-pmu-soc, and I doubt that one
actually works.
They *can* be used with -device / device_add to request help.
Usability is poor, though: you have to double the comma, like this:
$ qemu-system-x86_64 -device SUNW,,fdtwo,help
Trap for the unwary. The fact that this was broken in
device-introspect-test for more than six years until commit e27bd49876
fixed it demonstrates that "the unwary" includes seasoned developers.
One QOM type name contains ' ': "ICH9 SMB". Because having to
remember just one way to quote would be too easy.
Rename the "SUNW,FOO types to "sun-FOO". Summarily replace ',' and '
' by '-' in the other type names.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210304140229.575481-2-armbru@redhat.com>
Reviewed-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
|
|
Drop the crap deprecated in commit 4a27a638e7 "fdc: Deprecate
configuring floppies with -global isa-fdc" (v5.1.0).
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
Message-id: 20210309161214.1402527-3-armbru@redhat.com
Signed-off-by: John Snow <jsnow@redhat.com>
|
|
qemu-fuzz-i386-target-generic-fuzz-sdhci-v3 uses -drive=sd where it
should use -drive if=none instead. This prints a deprecation warning:
$ ./build-oss-fuzz/DEST_DIR/qemu-fuzz-i386-target-generic-fuzz-sdhci-v3 -runs=1 -seed=1
[ASan warnings snipped...]
--> i386: -drive if=sd,index=0,file=null-co://,format=raw,id=mydrive: warning: bogus if=sd is deprecated, use if=none
INFO: Seed: 1
[More normal output snipped...]
Support for this usage will be gone soon. Adjust the test.
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Message-Id: <20210319132008.1830950-1-armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
|
|
The command-line creation test is using QemuOpts. Switch it to keyval,
since the emulator has some special needs and thus the last user of
user_creatable_add_opts will go away with the next patch.
Reviewed-by: Kevin Wolf <kwolf@redhat.com>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210312173547.1283477-2-pbonzini@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
QAPI doesn't know the aliases 'tty' and 'parport' and there is no
reason to prefer them to the real names of the backends 'serial' and
'parallel'.
Since warnings are not allowed in 'make check' output, we can't test
the deprecated alias any more. Remove it from test-char.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Message-Id: <20210311164253.338723-3-kwolf@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
The 'props' option has been deprecated in 5.0 in favour of a flattened
object-add command. Time to change our test cases to drop the deprecated
option.
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Acked-by: Paolo Bonzini <pbonzini@redhat.com>
Acked-by: Peter Krempa <pkrempa@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
|
|
The image streaming block job restricts shared permissions of the nodes
it accesses. This can obviously fail when other users already got these
permissions. &error_abort is therefore wrong and can crash. Handle these
errors gracefully and just fail starting the block job.
Reported-by: Nini Gu <ngu@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210309173451.45152-1-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Alberto Garcia <berto@igalia.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
bdrv_close_all() asserts that no jobs are running any more, so we need
to cancel all jobs first to avoid failing the assertion.
Fixes: b55a3c8860b763b62b2cc2f4a6f55379977bbde5
Reported-by: Nini Gu <ngu@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
Message-Id: <20210309121814.31078-1-kwolf@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Kevin Wolf <kwolf@redhat.com>
|
|
'remotes/berrange-gitlab/tags/dep-many-pull-request' into staging
Remove many old deprecated features
The following features have been deprecated for well over the 2
release cycle we promise
``-drive file=json:{...{'driver':'file'}}`` (since 3.0)
``-vnc acl`` (since 4.0.0)
``-mon ...,control=readline,pretty=on|off`` (since 4.1)
``migrate_set_downtime`` and ``migrate_set_speed`` (since 2.8.0)
``query-named-block-nodes`` result ``encryption_key_missing`` (since 2.10.0)
``query-block`` result ``inserted.encryption_key_missing`` (since 2.10.0)
``migrate-set-cache-size`` and ``query-migrate-cache-size`` (since 2.11.0)
``query-named-block-nodes`` and ``query-block`` result dirty-bitmaps[i].status (since 4.0)
``query-cpus`` (since 2.12.0)
``query-cpus-fast`` ``arch`` output member (since 3.0.0)
``query-events`` (since 4.0)
chardev client socket with ``wait`` option (since 4.0)
``acl_show``, ``acl_reset``, ``acl_policy``, ``acl_add``, ``acl_remove`` (since 4.0.0)
``ide-drive`` (since 4.2)
``scsi-disk`` (since 4.2)
# gpg: Signature made Thu 18 Mar 2021 09:23:39 GMT
# gpg: using RSA key DAF3A6FDB26B62912D0E8E3FBE86EBB415104FDF
# gpg: Good signature from "Daniel P. Berrange <dan@berrange.com>" [full]
# gpg: aka "Daniel P. Berrange <berrange@redhat.com>" [full]
# Primary key fingerprint: DAF3 A6FD B26B 6291 2D0E 8E3F BE86 EBB4 1510 4FDF
* remotes/berrange-gitlab/tags/dep-many-pull-request:
block: remove support for using "file" driver with block/char devices
block: remove 'dirty-bitmaps' field from 'BlockInfo' struct
block: remove dirty bitmaps 'status' field
block: remove 'encryption_key_missing' flag from QAPI
hw/scsi: remove 'scsi-disk' device
hw/ide: remove 'ide-drive' device
chardev: reject use of 'wait' flag for socket client chardevs
machine: remove 'arch' field from 'query-cpus-fast' QMP command
machine: remove 'query-cpus' QMP command
migrate: remove QMP/HMP commands for speed, downtime and cache size
monitor: remove 'query-events' QMP command
monitor: raise error when 'pretty' option is used with HMP
ui, monitor: remove deprecated VNC ACL option and HMP commands
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
'remotes/stsquad/tags/pull-misc-6.0-updates-170321-2' into staging
Final fixes for 6.0
- plugins physical address changes
- syscall tracking plugin
- plugin kernel-doc comments (without integration)
- libfdt build fix for guest-loader
# gpg: Signature made Wed 17 Mar 2021 07:19:23 GMT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-misc-6.0-updates-170321-2:
hw/core: Only build guest-loader if libfdt is available
plugins: Fixes typo in qemu-plugin.h
plugins: getting qemu_plugin_get_hwaddr only expose one function prototype
plugins: expand kernel-doc for memory query and instrumentation
plugins: expand kernel-doc for instruction query and instrumentation
plugins: expand inline exec kernel-doc documentation.
plugins: add qemu_plugin_id_t to kernel-doc
plugins: add qemu_plugin_cb_flags to kernel-doc
plugins: expand the typedef kernel-docs for translation
plugins: expand the callback typedef kernel-docs
plugins: cleanup kernel-doc for qemu_plugin_install
plugins: expand kernel-doc for qemu_info_t
plugins: Expose physical addresses instead of device offsets
plugins: new syscalls plugin
utils: Use fixed-point arithmetic in qemu_strtosz
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|