| Age | Commit message (Collapse) | Author |
|---|
|
"make clean" should clear all binaries that have been built, but so
far it left the TCG tests still in place. Let's make sure that they
are now removed, too.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220301085900.1443232-1-thuth@redhat.com>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
|
|
staging
* Fix stack-overflow due to recursive DMA in intel-hda (CVE-2021-3611)
* Fix heap overflow due to recursive DMA in sdhci code
# gpg: Signature made Mon 21 Mar 2022 16:14:36 GMT
# gpg: using RSA key 27B88847EEE0250118F3EAB92ED9D774FE702DB5
# gpg: issuer "thuth@redhat.com"
# gpg: Good signature from "Thomas Huth <th.huth@gmx.de>" [full]
# gpg: aka "Thomas Huth <thuth@redhat.com>" [full]
# gpg: aka "Thomas Huth <huth@tuxfamily.org>" [full]
# gpg: aka "Thomas Huth <th.huth@posteo.de>" [unknown]
# Primary key fingerprint: 27B8 8847 EEE0 2501 18F3 EAB9 2ED9 D774 FE70 2DB5
* tag 'pull-request-2022-03-21' of https://gitlab.com/thuth/qemu:
tests/qtest/fuzz-sdcard-test: Add reproducer for OSS-Fuzz (Issue 29225)
hw/sd/sdhci: Prohibit DMA accesses to devices
hw/sd/sdhci: Honor failed DMA transactions
tests/qtest/intel-hda-test: Add reproducer for issue #542
hw/audio/intel-hda: Restrict DMA engine to memories (not MMIO devices)
hw/audio/intel-hda: Do not ignore DMA overrun errors
softmmu/physmem: Introduce MemTxAttrs::memory field and MEMTX_ACCESS_ERROR
softmmu/physmem: Simplify flatview_write and address_space_access_valid
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Fixes and cleanups for 7.0
Hi,
A collection of fixes & cleanup patches that should be safe for 7.0 inclusion.
# gpg: Signature made Tue 22 Mar 2022 12:11:30 GMT
# gpg: using RSA key 87A9BD933F87C606D276F62DDAE8E10975969CE5
# gpg: issuer "marcandre.lureau@redhat.com"
# gpg: Good signature from "Marc-André Lureau <marcandre.lureau@redhat.com>" [full]
# gpg: aka "Marc-André Lureau <marcandre.lureau@gmail.com>" [full]
# Primary key fingerprint: 87A9 BD93 3F87 C606 D276 F62D DAE8 E109 7596 9CE5
* tag 'fixes-pull-request' of gitlab.com:marcandre.lureau/qemu: (21 commits)
qapi: remove needless include
Remove trailing ; after G_DEFINE_AUTO macro
tests: remove needless include
error: use GLib to remember the program name
qga: remove bswap.h include
qapi: remove needless include
meson: fix CONFIG_ATOMIC128 check
meson: move int128 checks from configure
qapi: remove needless include
util: remove the net/net.h dependency
util: remove needless includes
scripts/modinfo-collect: remove unused/dead code
Move HOST_LONG_BITS to compiler.h
Simplify HOST_LONG_BITS
compiler.h: replace QEMU_SENTINEL with G_GNUC_NULL_TERMINATED
compiler.h: replace QEMU_WARN_UNUSED_RESULT with G_GNUC_WARN_UNUSED_RESULT
Replace GCC_FMT_ATTR with G_GNUC_PRINTF
Drop qemu_foo() socket API wrapper
m68k/nios2-semi: fix gettimeofday() result check
vl: typo fix in a comment
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Markus Armbruster <armbru@redhat.com>
|
|
One less qemu-specific macro. It also helps to make some headers/units
only depend on glib, and thus moved in standalone projects eventually.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Richard W.M. Jones <rjones@redhat.com>
|
|
The socket API wrappers were initially introduced in commit
00aa0040 ("Wrap recv to avoid warnings"), but made redundant with
commit a2d96af4 ("osdep: add wrappers for socket functions") which fixes
the win32 declarations and thus removed the earlier warnings.
Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
|
|
Commit e3296cc796aeaf319f3ed4e064ec309baf5e4da4 made the ssh block
driver's error message for fingerprint mismatches more verbose, so it
now prints the actual host key fingerprint and the key type.
iotest 207 tests such errors, but was not amended to filter that
fingerprint (which is host-specific), so do it now. Filter the key
type, too, because I guess this too can differ depending on the host
configuration.
Fixes: e3296cc796aeaf319f3ed4e064ec309baf5e4da4
("block: print the server key type and fingerprint on failure")
Reported-by: John Snow <jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220318125304.66131-3-hreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
|
|
Allow filters for VM.run_job(), and pass the filters given to
VM.blockdev_create() to it.
(Use this opportunity to annotate VM.run_job()'s parameter types;
unfortunately, for the filter, I could not come up with anything better
than Callable[[Any], Any] that would pass mypy's scrutiny.)
At one point, a plain string is logged, so the filters passed to it must
work fine with plain strings. The only filters passed to it at this
point are the ones from VM.blockdev_create(), which are
filter_qmp_test_files() (by default) and 207's filter_hash(). Both
cannot handle plain strings yet, but we can make them by amending
filter_qmp() to treat them as plain values with a None key.
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220318125304.66131-2-hreitz@redhat.com>
Reviewed-by: John Snow <jsnow@redhat.com>
|
|
Add a `check: bool = True` parameter to both functions and make their
qemu_img() invocations raise on error by default.
users of img_info_log:
206, 207, 210, 211, 212, 213, 237, 242, 266, 274, 302
users of qemu_img_log:
044, 209, 274, 302, 304
iotests 242 and 266 need to use check=False for their negative tests.
iotests 206, 210, 211, 212, 213, 237, 274 and 302 continue working
normally.
As of this commit, all calls to QEMU_IMG made from iotests enforce a
return code of zero by default unless explicitly disabled or suppressed
by passing check=False or with an exception handler.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20220321201618.903471-19-jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
With the exceptional 'create' calls removed in the prior commit, change
qemu_img_log() and img_info_log() to call qemu_img() directly
instead.
For now, allow these calls to qemu-img to return non-zero on the basis
that any unusual output will be logged anyway. The very next commit
begins to enforce a successful exit code by default even for the logged
functions.
Signed-off-by: John Snow <jsnow@redhat.com>
Message-Id: <20220321201618.903471-18-jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
qemu_img_log() calls into qemu_img_pipe(), which always removes output
for 'create' commands on success anyway. Replace all of these calls to
the simpler qemu_img_create(...) which doesn't log, but raises a
detailed exception object on failure instead.
Blank lines are removed from output files where appropriate.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-17-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Admittedly a mostly lateral move, but qemu_img() is essentially the
replacement for qemu_img_pipe_and_status(). It will give slightly better
diagnostics on crash.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-16-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
As part of moving all python iotest invocations of qemu-img onto a
single qemu_img() implementation, remove a few lingering uses of
qemu_img_pipe() from outside of iotests.py itself.
Several cases here rely on the knowledge that qemu_img_pipe() suppresses
*all* output on a successful case when the command being issued is
'create'.
065: This call's output is inspected, but it appears as if it's expected
to succeed. Replace this call with the checked qemu_img() variant
instead to get better diagnostics if/when qemu-img itself fails.
237: "create" call output isn't actually logged. Use qemu_img_create()
instead, which checks the return code. Remove the empty lines from
the test output.
296: Two calls;
-create: Expected to succeed. Like other create calls, the output
isn't actually logged. Switch to a checked variant
(qemu_img_create) instead. The output for this test is
a mixture of both test styles, so actually replace the
blank line for readability.
-amend: This is expected to fail. Log the output.
After this patch, the only uses of qemu_img_pipe are internal to
iotests.py and will be removed in subsequent patches.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-15-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
qemu_img_pipe calls blank their output when the command being run is a
'create' call and the command succeeds. Thus, the normative output for
this command in iotest 149 is to print a blank line. We can remove the
logging from this invocation and use a checked invocation, but we still
need to inspect the actual output to see if we want to retroactively
skip the test due to missing cipher support.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-14-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
qemu_img_pipe() discards the return code from qemu-img in favor of
returning just its output. Some tests using this function don't save,
log, or check the output either, though, which is unsafe.
Replace all of these calls with a checked version.
Tests affected are 194, 202, 203, 234, 262, and 303.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-13-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Similar to other recent changes: use the qemu_img() invocation that
supports throwing loud, nasty exceptions when it fails for surprising
reasons.
(Why would "--help" ever fail? I don't know, but eliminating *all* calls
to qemu-img that do not go through qemu_img() is my goal, so
qemu_img_pipe() has to be removed.)
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-12-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Add a qemu_img_map() function by analogy with qemu_img_measure(),
qemu_img_check(), and qemu_img_info() that all return JSON information.
Replace calls to qemu_img_pipe('map', '--output=json', ...) with this
new function, which provides better diagnostic information on failure.
Note: The output for iotest 211 changes, because logging JSON after it
was deserialized by Python behaves a little differently than logging the
raw JSON document string itself.
(iotests.log() sorts the keys for Python 3.6 support.)
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20220321201618.903471-11-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
This removes two more usages of qemu_img_pipe() and replaces them with
calls to qemu_img(), which provides better diagnostic information on
failure.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-10-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Add qemu_img_info() by analogy with qemu_img_measure() and
qemu_img_check(). Modify image_size() to use this function instead to
take advantage of the better diagnostic information on failure provided
(ultimately) by qemu_img().
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-9-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
qemu_img_json() gives better diagnostic information on failure.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-8-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
qemu_img_json() is a new helper built on top of qemu_img() that tries to
pull a valid JSON document out of the stdout stream.
In the event that the return code is negative (the program crashed), or
the code is greater than zero and did not produce valid JSON output, the
VerboseProcessError raised by qemu_img() is re-raised.
In the event that the return code is zero but we can't parse valid JSON,
allow the JSON deserialization error to be raised.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Message-Id: <20220321201618.903471-7-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Fortify compare_images() to be more discerning about the status codes it
receives. If qemu_img() returns an exit code that implies it didn't
actually perform the comparison, treat that as an exceptional
circumstance and force the caller to be aware of the peril.
If a negative test is desired (perhaps to test how qemu_img compare
behaves on malformed images, for instance), it is still possible to
catch the exception in the test and deal with that circumstance
manually.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-6-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
re-write qemu_img() as a function that will by default raise a
VerboseProcessException (extended from CalledProcessException) on
non-zero return codes. This will produce a stack trace that will show
the command line arguments and return code from the failed process run.
Users that want something more flexible (there appears to be only one)
can use check=False and manage the return themselves. However, when the
return code is negative, the Exception will be raised no matter what.
This is done under the belief that there's no legitimate reason, even in
negative tests, to see a crash from qemu-img.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-5-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
qemu_img() returning zero ought to be the rule, not the
exception. Remove all explicit checks against the condition in
preparation for making non-zero returns an Exception.
Signed-off-by: John Snow <jsnow@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Hanna Reitz <hreitz@redhat.com>
Message-Id: <20220321201618.903471-4-jsnow@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Quoting the TAP specification: "The plan tells how many tests will be
run [...]. It’s a check that the test file hasn’t stopped prematurely."
That's a good idea of course, so let's support that in the iotest
testrunner, too.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220223095816.2663005-1-thuth@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
If there is a failing iotest, the output is currently not logged to
the console anymore. To get this working again, we need to run the
meson test runner with "--print-errorlogs" (and without "--verbose"
due to a current meson bug that will be fixed here:
https://github.com/mesonbuild/meson/commit/c3f145ca2b9f5.patch ).
We could update the "meson test" call in tests/Makefile.include,
but actually it's nicer and easier if we simply do not treat the
iotests as separate test target anymore and integrate them along
with the other test suites. This has the disadvantage of not getting
the detailed progress indication there anymore, but since that was
only working right in single-threaded "make -j1" mode anyway, it's
not a huge loss right now.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220310075048.2303495-1-thuth@redhat.com>
Tested-by: Hanna Reitz <hreitz@redhat.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
These two spots have been missed in commit 9086c7639822 ("Rework the
checks and spots using GNU sed") - they need GNU sed, too, since they
are using the "+" address form.
Signed-off-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20220309101626.637836-1-thuth@redhat.com>
Reviewed-by: Eric Blake <eblake@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
Some qemu-iotests(040 etc) use PCI disk to do test. Without the
mapping, RISC-V flavor use spike as default machine which has no
PCI bus, causing test failure.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/894
Signed-off-by: Kai Zhang <laokz@foxmail.com>
Message-Id: <tencent_E4219E870165A978DB5BBE50BD53D33D2E06@qq.com>
Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Signed-off-by: Hanna Reitz <hreitz@redhat.com>
|
|
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T).
Patch created mechanically with:
$ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \
--macro-file scripts/cocci-macro-file.h FILES...
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Cédric Le Goater <clg@kaod.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Acked-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
Message-Id: <20220315144156.1595462-4-armbru@redhat.com>
Reviewed-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
|
|
g_new(T, n) is neater than g_malloc(sizeof(T) * n). It's also safer,
for two reasons. One, it catches multiplication overflowing size_t.
Two, it returns T * rather than void *, which lets the compiler catch
more type errors.
This commit only touches allocations with size arguments of the form
sizeof(T).
Initial patch created mechanically with:
$ spatch --in-place --sp-file scripts/coccinelle/use-g_new-etc.cocci \
--macro-file scripts/cocci-macro-file.h FILES...
This uncovers a typing error:
../hw/9pfs/9p.c: In function ‘qid_path_fullmap’:
../hw/9pfs/9p.c:855:13: error: assignment to ‘QpfEntry *’ from incompatible pointer type ‘QppEntry *’ [-Werror=incompatible-pointer-types]
855 | val = g_new0(QppEntry, 1);
| ^
Harmless, because QppEntry is larger than QpfEntry. Manually fixed to
allocate a QpfEntry instead.
Cc: Greg Kurz <groug@kaod.org>
Cc: Christian Schoenebeck <qemu_oss@crudebyte.com>
Signed-off-by: Markus Armbruster <armbru@redhat.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Reviewed-by: Christian Schoenebeck <qemu_oss@crudebyte.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Greg Kurz <groug@kaod.org>
Message-Id: <20220315144156.1595462-3-armbru@redhat.com>
|
|
Include the qtest reproducer provided by Alexander Bulekov
in https://gitlab.com/qemu-project/qemu/-/issues/451. Without
the previous commit, we get:
$ make check-qtest-i386
...
Running test qtest-i386/fuzz-sdcard-test
==447470==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61500002a080 at pc 0x564c71766d48 bp 0x7ffc126c62b0 sp 0x7ffc126c62a8
READ of size 1 at 0x61500002a080 thread T0
#0 0x564c71766d47 in sdhci_read_dataport hw/sd/sdhci.c:474:18
#1 0x564c7175f139 in sdhci_read hw/sd/sdhci.c:1022:19
#2 0x564c721b937b in memory_region_read_accessor softmmu/memory.c:440:11
#3 0x564c72171e51 in access_with_adjusted_size softmmu/memory.c:554:18
#4 0x564c7216f47c in memory_region_dispatch_read1 softmmu/memory.c:1424:16
#5 0x564c7216ebb9 in memory_region_dispatch_read softmmu/memory.c:1452:9
#6 0x564c7212db5d in flatview_read_continue softmmu/physmem.c:2879:23
#7 0x564c7212f958 in flatview_read softmmu/physmem.c:2921:12
#8 0x564c7212f418 in address_space_read_full softmmu/physmem.c:2934:18
#9 0x564c721305a9 in address_space_rw softmmu/physmem.c:2962:16
#10 0x564c7175a392 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
#11 0x564c7175a0ea in dma_memory_rw include/sysemu/dma.h:132:12
#12 0x564c71759684 in dma_memory_read include/sysemu/dma.h:152:12
#13 0x564c7175518c in sdhci_do_adma hw/sd/sdhci.c:823:27
#14 0x564c7174bf69 in sdhci_data_transfer hw/sd/sdhci.c:935:13
#15 0x564c7176aaa7 in sdhci_send_command hw/sd/sdhci.c:376:9
#16 0x564c717629ee in sdhci_write hw/sd/sdhci.c:1212:9
#17 0x564c72172513 in memory_region_write_accessor softmmu/memory.c:492:5
#18 0x564c72171e51 in access_with_adjusted_size softmmu/memory.c:554:18
#19 0x564c72170766 in memory_region_dispatch_write softmmu/memory.c:1504:16
#20 0x564c721419ee in flatview_write_continue softmmu/physmem.c:2812:23
#21 0x564c721301eb in flatview_write softmmu/physmem.c:2854:12
#22 0x564c7212fca8 in address_space_write softmmu/physmem.c:2950:18
#23 0x564c721d9a53 in qtest_process_command softmmu/qtest.c:727:9
0x61500002a080 is located 0 bytes to the right of 512-byte region [0x615000029e80,0x61500002a080)
allocated by thread T0 here:
#0 0x564c708e1737 in __interceptor_calloc (qemu-system-i386+0x1e6a737)
#1 0x7ff05567b5e0 in g_malloc0 (/lib64/libglib-2.0.so.0+0x5a5e0)
#2 0x564c71774adb in sdhci_pci_realize hw/sd/sdhci-pci.c:36:5
SUMMARY: AddressSanitizer: heap-buffer-overflow hw/sd/sdhci.c:474:18 in sdhci_read_dataport
Shadow bytes around the buggy address:
0x0c2a7fffd3c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fffd3d0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fffd3e0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fffd3f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x0c2a7fffd400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c2a7fffd410:[fa]fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c2a7fffd420: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fffd430: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fffd440: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fffd450: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
0x0c2a7fffd460: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Heap left redzone: fa
Freed heap region: fd
==447470==ABORTING
Broken pipe
ERROR qtest-i386/fuzz-sdcard-test - too few tests run (expected 3, got 2)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20211215205656.488940-4-philmd@redhat.com>
[thuth: Replaced "-m 4G" with "-m 512M"]
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
Include the qtest reproducer provided by Alexander Bulekov
in https://gitlab.com/qemu-project/qemu/-/issues/542.
Without the previous commit, we get:
$ make check-qtest-i386
...
Running test tests/qtest/intel-hda-test
AddressSanitizer:DEADLYSIGNAL
=================================================================
==1580408==ERROR: AddressSanitizer: stack-overflow on address 0x7ffc3d566fe0
#0 0x63d297cf in address_space_translate_internal softmmu/physmem.c:356
#1 0x63d27260 in flatview_do_translate softmmu/physmem.c:499:15
#2 0x63d27af5 in flatview_translate softmmu/physmem.c:565:15
#3 0x63d4ce84 in flatview_write softmmu/physmem.c:2850:10
#4 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
#5 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
#6 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
#7 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
#8 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
#9 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
#10 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
#11 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
#12 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
#13 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
#14 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
#15 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
#16 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
#17 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
#18 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
#19 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
#20 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
#21 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
#22 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
#23 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
#24 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
#25 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
#26 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
#27 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
#28 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
#29 0x62ae5ec0 in stl_le_dma include/sysemu/dma.h:275:1
#30 0x62ae5ba2 in stl_le_pci_dma include/hw/pci/pci.h:871:1
#31 0x62ad59a6 in intel_hda_response hw/audio/intel-hda.c:372:12
#32 0x62ad2afb in hda_codec_response hw/audio/intel-hda.c:107:5
#33 0x62aec4e1 in hda_audio_command hw/audio/hda-codec.c:655:5
#34 0x62ae05d9 in intel_hda_send_command hw/audio/intel-hda.c:307:5
#35 0x62adff54 in intel_hda_corb_run hw/audio/intel-hda.c:342:9
#36 0x62adc13b in intel_hda_set_corb_wp hw/audio/intel-hda.c:548:5
#37 0x62ae5942 in intel_hda_reg_write hw/audio/intel-hda.c:977:9
#38 0x62ada10a in intel_hda_mmio_write hw/audio/intel-hda.c:1054:5
#39 0x63d8f383 in memory_region_write_accessor softmmu/memory.c:492:5
#40 0x63d8ecc1 in access_with_adjusted_size softmmu/memory.c:554:18
#41 0x63d8d5d6 in memory_region_dispatch_write softmmu/memory.c:1504:16
#42 0x63d5e85e in flatview_write_continue softmmu/physmem.c:2812:23
#43 0x63d4d05b in flatview_write softmmu/physmem.c:2854:12
#44 0x63d4cb18 in address_space_write softmmu/physmem.c:2950:18
#45 0x63d4d387 in address_space_rw softmmu/physmem.c:2960:16
#46 0x62ae12f2 in dma_memory_rw_relaxed include/sysemu/dma.h:89:12
#47 0x62ae104a in dma_memory_rw include/sysemu/dma.h:132:12
#48 0x62ae6157 in dma_memory_write include/sysemu/dma.h:173:12
...
SUMMARY: AddressSanitizer: stack-overflow softmmu/physmem.c:356 in address_space_translate_internal
==1580408==ABORTING
Broken pipe
Aborted (core dumped)
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Acked-by: Thomas Huth <thuth@redhat.com>
Message-Id: <20211218160912.1591633-4-philmd@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
For both ldnt1 and stnt1, the meaning of the Rn and Rm are different
from ld1 and st1: the vector and integer registers are reversed, and
the integer register 31 refers to XZR instead of SP.
Secondly, the 64-bit version of ldnt1 was being interpreted as
32-bit unpacked unscaled offset instead of 64-bit unscaled offset,
which discarded the upper 32 bits of the address coming from
the vector argument.
Thirdly, validate that the memory element size is in range for the
vector element size for ldnt1. For ld1, we do this via independent
decode patterns, but for ldnt1 we need to do it manually.
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/826
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20220308031655.240710-1-richard.henderson@linaro.org
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Race conditions can happen with the current code, because the port that
was available might not be anymore by the time the server is started.
By setting the port to 0, PhoneServer it will use the OS default
behavior to get a free port, then we save this information so we can
later configure the guest.
Suggested-by: Daniel P. Berrangé <berrange@redhat.com>
Signed-off-by: Beraldo Leal <bleal@redhat.com>
Message-Id: <20220311171127.2189534-1-bleal@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
Add a small test in order to prevent regressions.
Signed-off-by: Ilya Leoshkevich <iii@linux.ibm.com>
Message-Id: <20220314104232.675863-4-iii@linux.ibm.com>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
With -cpu max we get a warning:
qemu-s390x: warning: 'msa5-base' requires 'kimd-sha-512'.
But dropping the -cpu max and it still runs fine.
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20220309112248.4083619-1-alex.bennee@linaro.org>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Reviewed-by: David Hildenbrand <david@redhat.com>
Tested-by: Thomas Huth <thuth@redhat.com>
Signed-off-by: Thomas Huth <thuth@redhat.com>
|
|
Darwin-based host patches
- Remove various build warnings
- Fix building with modules on macOS
- Fix mouse/keyboard GUI interactions
# gpg: Signature made Tue 15 Mar 2022 12:52:19 GMT
# gpg: using RSA key FAABE75E12917221DCFD6BB2E3E32C2CDEADC0DE
# gpg: Good signature from "Philippe Mathieu-Daudé (F4BUG) <f4bug@amsat.org>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: FAAB E75E 1291 7221 DCFD 6BB2 E3E3 2C2C DEAD C0DE
* tag 'darwin-20220315' of https://github.com/philmd/qemu: (21 commits)
MAINTAINERS: Volunteer to maintain Darwin-based hosts support
ui/cocoa: add option to swap Option and Command
ui/cocoa: capture all keys and combos when mouse is grabbed
ui/cocoa: release mouse when user switches away from QEMU window
ui/cocoa: add option to disable left-command forwarding to guest
ui/cocoa: Constify qkeycode translation arrays
configure: Pass filtered QEMU_OBJCFLAGS to meson
meson: Log QEMU_CXXFLAGS content in summary
meson: Resolve the entitlement.sh script once for good
osdep: Avoid using Clang-specific __builtin_available()
audio: Rename coreaudio extension to use Objective-C compiler
coreaudio: Always return 0 in handle_voice_change
audio: Log context for audio bug
audio/dbus: Fix building with modules on macOS
audio/coreaudio: Remove a deprecation warning on macOS 12
block/file-posix: Remove a deprecation warning on macOS 12
hvf: Remove deprecated hv_vcpu_flush() calls
hvf: Make hvf_get_segments() / hvf_put_segments() local
hvf: Use standard CR0 and CR4 register definitions
tests/fp/berkeley-testfloat-3: Ignore ignored #pragma directives
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
edk2: update to stable202202
# gpg: Signature made Tue 15 Mar 2022 08:34:38 GMT
# gpg: using RSA key A0328CFFB93A17A79901FE7D4CB6D8EED3E87138
# gpg: Good signature from "Gerd Hoffmann (work) <kraxel@redhat.com>" [full]
# gpg: aka "Gerd Hoffmann <gerd@kraxel.org>" [full]
# gpg: aka "Gerd Hoffmann (private) <kraxel@gmail.com>" [full]
# Primary key fingerprint: A032 8CFF B93A 17A7 9901 FE7D 4CB6 D8EE D3E8 7138
* tag 'edk2-20220315-pull-request' of git://git.kraxel.org/qemu:
MAINTAINERS: take edk2
edk2/docker: use ubuntu 18.04
edk2/docker: install python3
tests/acpi: disallow virt memory hotplug changes
tests/acpi: update expected data files
edk2: update binaries to stable202202
edk2: add microvm build
edk2: .git can be a file
edk2: switch to release builds
edk2: update submodule to stable202202
tests/acpi: allow virt memory hotplug changes
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Since we already use -Wno-unknown-pragmas, we can also use
-Wno-ignored-pragmas. This silences hundred of warnings using
clang 13 on macOS Monterey:
[409/771] Compiling C object tests/fp/libtestfloat.a.p/berkeley-testfloat-3_source_test_az_f128_rx.c.o
../tests/fp/berkeley-testfloat-3/source/test_az_f128_rx.c:49:14: warning: '#pragma FENV_ACCESS' is not supported on this target - ignored [-Wignored-pragmas]
#pragma STDC FENV_ACCESS ON
^
1 warning generated.
Having:
$ cc -v
Apple clang version 13.0.0 (clang-1300.0.29.30)
Reported-by: Roman Bolshakov <roman@roolebo.dev>
Reviewed-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Tested-by: Akihiko Odaki <akihiko.odaki@gmail.com>
Acked-by: Alex Bennée <alex.bennee@linaro.org>
Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
|
|
ppc-7.0 queue :
* Removal of user-created PHB devices
* Avocado fixes for --disable-tcg
* Instruction and Radix MMU fixes
# gpg: Signature made Mon 14 Mar 2022 15:16:07 GMT
# gpg: using RSA key A0F66548F04895EBFE6B0B6051A343C7CFFBECA1
# gpg: Good signature from "Cédric Le Goater <clg@kaod.org>" [undefined]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: A0F6 6548 F048 95EB FE6B 0B60 51A3 43C7 CFFB ECA1
* tag 'pull-ppc-20220314' of https://github.com/legoater/qemu:
ppc/pnv: Remove user-created PHB{3,4,5} devices
ppc/pnv: Always create the PHB5 PEC devices
ppc/pnv: Introduce a pnv-phb5 device to match root port
ppc/xive2: Make type Xive2EndSource not user creatable
target/ppc: fix xxspltw for big endian hosts
target/ppc: fix ISI fault cause for Radix MMU
avocado/ppc_virtex_ml507.py: check TCG accel in test_ppc_virtex_ml507()
avocado/ppc_prep_40p.py: check TCG accel in all tests
avocado/ppc_mpc8544ds.py: check TCG accel in test_ppc_mpc8544ds()
avocado/ppc_bamboo.py: check TCG accel in test_ppc_bamboo()
avocado/ppc_74xx.py: check TCG accel for all tests
avocado/ppc_405.py: check TCG accel in test_ppc_ref405ep()
avocado/ppc_405.py: remove test_ppc_taihu()
avocado/boot_linux_console.py: check TCG accel in test_ppc_mac99()
avocado/boot_linux_console.py: check TCG accel in test_ppc_g3beige()
avocado/replay_kernel.py: make tcg-icount check in run_vm()
avocado/boot_linux_console.py: check tcg accel in test_ppc64_e500
avocado/boot_linux_console.py: check for tcg in test_ppc_powernv8/9
qtest/meson.build: check CONFIG_TCG for boot-serial-test in qtests_ppc
qtest/meson.build: check CONFIG_TCG for prom-env-test in qtests_ppc
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
|
|
The switch to edk2 RELEASE builds changes the memory layout a bit,
resulting in a acpi table change.
See commits ca26041500eb ("edk2: switch to release builds") and
3891a5996fee ("edk2: update binaries to stable202202")
DefinitionBlock ("", "SSDT", 1, "BOCHS ", "NVDIMM", 0x00000001)
{
Scope (\_SB)
{
Device (NVDR)
{
Name (_HID, "ACPI0012" /* NVDIMM Root Device */) // _HID: Hardware ID
Method (NCAL, 5, Serialized)
{
Local6 = MEMA /* \MEMA */
{
Return (NCAL (Arg0, Arg1, Arg2, Arg3, 0x02))
}
}
Device (NV02)
{
Name (_ADR, 0x03) // _ADR: Address
Method (_DSM, 4, NotSerialized) // _DSM: Device-Specific Method
{
Return (NCAL (Arg0, Arg1, Arg2, Arg3, 0x03))
}
}
}
}
- Name (MEMA, 0x43D10000)
+ Name (MEMA, 0x43F50000)
}
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Acked-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
Reviewed-by: Igor Mammedov <imammedo@redhat.com>
Reviewed-by: Michael S. Tsirkin <mst@redhat.com>
|
|
Fix a typo in the host endianness macro and add a simple test to detect
regressions.
Fixes: 9bb0048ec6f8 ("target/ppc: convert xxspltw to vector operations")
Signed-off-by: Matheus Ferst <matheus.ferst@eldorado.org.br>
Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20220310172047.61094-1-matheus.ferst@eldorado.org.br>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
This test times out when running in an IBM POWER host and --disable-tcg.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220310183011.110391-10-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
All tests in the file times out when running in an IBM POWER host and
--disable-tcg with an error like the following:
Command: ./qemu-system-ppc -display none -vga none (...)
-machine 40p (...)
Output: qemu-system-ppc: Register sync failed... If you're using
kvm-hv.ko, only "-cpu host" is possible
qemu-system-ppc: kvm_init_vcpu: kvm_arch_init_vcpu failed (0): Invalid argument
Since we don't have a way to detect whether the host is running kvm_hv
or kvm_pr, skip all tests if TCG is not available.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org>
Message-Id: <20220310183011.110391-9-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
This tests times out in an IBM POWER host when compiled with
--disable-tcg.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220310183011.110391-8-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
This tests times out in an IBM POWER host when compiled with
--disable-tcg.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220310183011.110391-7-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
All tests of this file, when running in an IBM POWER host and with
--disable-tcg, fail in a similar manner:
Command: ./qemu-system-ppc -display none -vga none (...)
-cpu 7400 (...)
Output: ioctl(KVM_CREATE_VM) failed: 22 Invalid argument
PPC KVM module is not loaded. Try modprobe kvm_pr.
qemu-system-ppc: failed to initialize kvm: Invalid argument
We don't have a way of telling which KVM module is loaded in a Power
host (kvm_hv or kvm_pr). For now let's make all the tests of this
file depend on TCG support.
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220310183011.110391-6-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
|
Running this test without TCG support in an IBM POWER server results
in the following error:
Command: ./qemu-system-ppc -display none -vga none (...)
-machine ref405ep (...)
Output: qemu-system-ppc: Register sync failed... If you're using
kvm-hv.ko, only "-cpu host" is possible
qemu-system-ppc: kvm_init_vcpu: kvm_arch_init_vcpu failed (0): Invalid argument
Although the host is running kvm_hv we don't have a way of differentiate
between kvm_hv and kvm_pr, meaning that this test would've failed in the
same way if kvm_pr was the KVM module loaded in the host.
Since we don't have a way of checking which KVM module is being loaded
when using avocado, make a TCG accel check in test_ppc_ref405ep().
Signed-off-by: Daniel Henrique Barboza <danielhb413@gmail.com>
Message-Id: <20220310183011.110391-5-danielhb413@gmail.com>
Signed-off-by: Cédric Le Goater <clg@kaod.org>
|
