Stefan Markovic [Fri, 12 Oct 2018 10:57:35 +0000 (12:57 +0200)]
linux-user: Add infrastructure for handling MIPS-specific prctl()
Add infrastructure for handling MIPS-specific prctl(). This is,
for now, just an empty placeholder. The real handling will be
implemented in subsequent patches.
Stefan Markovic [Fri, 12 Oct 2018 10:40:57 +0000 (12:40 +0200)]
linux-user: Add MIPS-specific prctl() options
Add MIPS-specific prctl() options TARGET_PR_SET_FP_MODE and
TARGET_PR_SET_FP_MODE. These values are essentially copied from
linux kernel header include/uapi/linux/prctl.h.
This is done in a way consistent with a similar case of
aarch64-specific prctl() options TARGET_PR_SVE_SET_VL and
TARGET_PR_SVE_GET_VL.
Fredrik Noring [Thu, 18 Oct 2018 16:08:46 +0000 (18:08 +0200)]
elf: Fix comments to EF_MIPS_MACH_xxx constants
Regarding R5900 CPU, some sources indicate that the Emotion Engine
ISA/ASE was designed by Toshiba and licensed to Sony. Others sources
claim it was a joint effort. It therefore makes sense to refer to
the CPU as "Toshiba/Sony R5900".
Also, remove and "'s" in the line for some other CPU, for the sake
of consistency.
Peter Maydell [Thu, 18 Oct 2018 12:40:19 +0000 (13:40 +0100)]
Merge remote-tracking branch 'remotes/huth-gitlab/tags/pull-request-2018-10-17' into staging
- Updates for qtest entries in test/Makefile.include
- Simple updates for some shell scripts
- Misc simple patches for files without regular subsystem pull requests
* remotes/huth-gitlab/tags/pull-request-2018-10-17:
configure: remove glib_subprocess check
hw/core/generic-loader: Compile only once, not for each target
cpu: Provide a proper prototype for target_words_bigendian() in a header
hw/core/generic-loader: Set a category for the generic-loader device
qemu/compiler: Wrap __attribute__((flatten)) in a macro
mailmap: Fix Reimar Döffinger name
show-fixed-bugs.sh: Modern shell scripting (use $() instead of ``)
git-submodule.sh: Modern shell scripting (use $() instead of ``)
archive-source.sh: Modern shell scripting (use $() instead of ``)
MAINTAINERS: update block/sheepdog maintainers
gdbstub: Remove unused include
tests: remove gcov-files- variables
tests: Prevent more accidental test disabling
target/cris/translate: Get rid of qemu_log_separate()
qemu-common.h: update copyright date to 2018
Thomas Huth [Fri, 5 Oct 2018 12:53:38 +0000 (14:53 +0200)]
hw/core/generic-loader: Compile only once, not for each target
The generic-loader is currently compiled target specific due to one
single "#ifdef TARGET_WORDS_BIGENDIAN" in the file. We have already a
function called target_words_bigendian() for this instead, so we can
put the generic-loader into common-obj to save some compilation time.
Thomas Huth [Fri, 5 Oct 2018 12:46:02 +0000 (14:46 +0200)]
cpu: Provide a proper prototype for target_words_bigendian() in a header
We've got three places already that provide a prototype for this
function in a .c file - that's ugly. Let's provide a proper prototype
in a header instead, with a proper description why this function should
not be used in most cases.
Thomas Huth [Fri, 5 Oct 2018 09:39:40 +0000 (11:39 +0200)]
hw/core/generic-loader: Set a category for the generic-loader device
Each device that is instantiatable by the users should be marked with
a category. Since the generic-loader does not fit anywhere else, put
it into the MISC category.
Thomas Huth [Wed, 26 Sep 2018 15:48:50 +0000 (17:48 +0200)]
qemu/compiler: Wrap __attribute__((flatten)) in a macro
Older versions of Clang (before 3.5) and GCC (before 4.1) do not
support the "__attribute__((flatten))" yet. We don't care about
such old versions of GCC anymore, but since Clang 3.4 is still
used in EPEL for RHEL7 / CentOS 7, we should not use this attribute
directly but with a wrapper macro instead.
Helge Deller [Sun, 7 Oct 2018 20:51:53 +0000 (22:51 +0200)]
target/hppa: Raise exception 26 on emulated hardware
On PCXS chips (PA7000, pa 1.1a), trap #18 is raised on memory faults,
while all later chips (>= PA7100) generate either trap #26, #27 or #28
(depending on the fault type).
Since the current qemu emulation emulates a B160L machine (with a
PA7300LC PCX-L2 chip, we should raise trap #26 (EXCP_DMAR) instead
of #18 (EXCP_DMP) on access faults by the Linux kernel to page zero.
With the patch we now get the correct output (I tested against real
hardware):
Kernel Fault: Code=26 (Data memory access rights trap)
instead of:
Kernel Fault: Code=18 (Data memory protection/unaligned access trap)
Peter Maydell [Tue, 16 Oct 2018 16:42:56 +0000 (17:42 +0100)]
Merge remote-tracking branch 'remotes/pmaydell/tags/pull-target-arm-20181016-1' into staging
target-arm queue:
* hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
* target/arm: Fix aarch64_sve_change_el wrt EL0
* target/arm: Define fields of ISAR registers
* target/arm: Align cortex-r5 id_isar0
* target/arm: Fix cortex-a7 id_isar0
* net/cadence_gem: Fix various bugs, add support for new
features that will be used by the Xilinx Versal board
* target-arm: powerctl: Enable HVC when starting CPUs to EL2
* target/arm: Add the Cortex-A72
* target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
* target/arm: Mask PMOVSR writes based on supported counters
* target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
* coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
* remotes/pmaydell/tags/pull-target-arm-20181016-1:
coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
target/arm: Mask PMOVSR writes based on supported counters
target/arm: Mark PMINTENCLR and PMINTENCLR_EL1 accesses as possibly doing IO
target/arm: Add the Cortex-A72
target-arm: powerctl: Enable HVC when starting CPUs to EL2
net: cadence_gem: Implement support for 64bit descriptor addresses
net: cadence_gem: Add support for selecting the DMA MemoryRegion
net: cadence_gem: Add support for extended descriptors
net: cadence_gem: Add macro with max number of descriptor words
net: cadence_gem: Use uint32_t for 32bit descriptor words
net: cadence_gem: Disable TSU feature bit
target/arm: Fix cortex-a7 id_isar0
target/arm: Align cortex-r5 id_isar0
target/arm: Define fields of ISAR registers
target/arm: Fix aarch64_sve_change_el wrt EL0
hw/arm/virt: add DT property /secure-chosen/stdout-path indicating secure UART
Peter Maydell [Tue, 9 Oct 2018 18:16:12 +0000 (19:16 +0100)]
coccinelle: new inplace-byteswaps.cocci to remove inplace-byteswapping calls
Add a new Coccinelle script which replaces uses of the inplace
byteswapping functions *_to_cpus() and cpu_to_*s() with their
not-in-place equivalents. This is useful for where the swapping
is done on members of a packed struct -- taking the address
of the member to pass it to an inplace function is undefined
behaviour in C.
Peter Maydell [Thu, 11 Oct 2018 17:20:57 +0000 (18:20 +0100)]
target/arm: Initialize ARMMMUFaultInfo in v7m_stack_read/write
The get_phys_addr() functions take a pointer to an ARMMMUFaultInfo
struct, which they fill in only if a fault occurs. This means that
the caller must always zero-initialize the struct before passing
it in. We forgot to do this in v7m_stack_read() and v7m_stack_write().
Correct the error.
net: cadence_gem: Add support for extended descriptors
Add support for extended descriptors with optional 64bit
addressing and timestamping. QEMU will not yet provide
timestamps (always leaving the valid timestamp bit as zero).
Paolo Bonzini [Fri, 5 Oct 2018 16:17:22 +0000 (18:17 +0200)]
tests: remove gcov-files- variables
Commit 31d2dda ("build-system: remove per-test GCOV reporting", 2018-06-20)
removed users of the variables, since those uses can be replaced by a simple
overall report produced by gcovr. However, the variables were never removed.
Do it now.
Eric Blake [Thu, 11 Oct 2018 14:47:51 +0000 (09:47 -0500)]
tests: Prevent more accidental test disabling
GNU make is perfectly happy to use 'check-FOO-y += bar' to
initialize check-FOO-y. (GNU Automake strictly insists that
you cannot use += until after an initial = per variable, but
thankfully we aren't using automake).
As we have had more than one instance where copy-and-paste of
'check-FOO-y = bar' from a first test under category FOO into
an additional test, which ends up disabling the first (see
commits 992159c7 and 4429532b), it's better to just always use
the form that survives copy-and-paste, even for categories that
don't currently add more than one test.
Thomas Huth [Tue, 9 Oct 2018 07:40:33 +0000 (09:40 +0200)]
target/cris/translate: Get rid of qemu_log_separate()
The gen_BUG() function calls already cpu_abort(), which prints the
information to stderr and the log already. So instead of additionally
printing the dc->pc via fprintf() and qemu_log here, too, we can
simply pass this information to cpu_abort() instead.
arm_el_is_aa64: Assertion `el >= 1 && el <= 3' failed.
The comment in arm_el_is_aa64 explains why asking about EL0 without
extra information is impossible. Add an extra argument to provide
it from the surrounding context.
Bindings for /secure-chosen and /secure-chosen/stdout-path have been
proposed 1.5 years ago [1] and implemented in OP-TEE at the same time [2].
They've now been officially agreed on, so we can implement them
in QEMU.
This patch creates the property when the machine is secure.
* remotes/awilliam/tags/vfio-updates-20181015.0:
vfio-pci: make vfio-pci device more QOM conventional
hw/arm/virt: Allow dynamic vfio-platform devices again
hw/arm/sysbus-fdt: Allow device matching with DT compatible value
vfio/platform: Make the vfio-platform device non-abstract
hw/vfio/display: add ramfb support
stubs: add ramfb
Eric Auger [Mon, 15 Oct 2018 16:52:09 +0000 (10:52 -0600)]
hw/arm/sysbus-fdt: Allow device matching with DT compatible value
Up to now we have relied on the device type to identify a device tree
node creation function. Since we would like the vfio-platform device to
be instantiable with different compatible strings we introduce the
capability to specialize the node creation depending on actual
compatible value.
NodeCreationPair is renamed into BindingEntry. The struct is enhanced
with compat and match_fn() fields. We introduce a new matching function
adapted to the vfio-platform generic device.
Soon, the AMD XGBE can be instantiated with either manner, i.e.:
Signed-off-by: Eric Auger <[email protected]>
[geert: Match using compatible values in sysfs instead of user-supplied
manufacturer/model options, reword] Signed-off-by: Geert Uytterhoeven <[email protected]> Reviewed-by: Eric Auger <[email protected]> Tested-by: Eric Auger <[email protected]> Signed-off-by: Alex Williamson <[email protected]>
Eric Auger [Mon, 15 Oct 2018 16:52:09 +0000 (10:52 -0600)]
vfio/platform: Make the vfio-platform device non-abstract
Up to now the vfio-platform device has been abstract and could not be
instantiated. The integration of a new vfio platform device required
creating a dummy derived device which only set the compatible string.
Following the few vfio-platform device integrations we have seen the
actual requested adaptation happens on device tree node creation
(sysbus-fdt).
Hence remove the abstract setting, and read the list of compatible
values from sysfs if not set by a derived device.
Update the amd-xgbe and calxeda-xgmac drivers to fill in the number of
compatible values, as there can now be more than one.
Note that sysbus-fdt does not support the instantiation of the
vfio-platform device yet.
Signed-off-by: Eric Auger <[email protected]>
[geert: Rebase, set user_creatable=true, use compatible values in sysfs
instead of user-supplied manufacturer/model options, reword] Signed-off-by: Geert Uytterhoeven <[email protected]> Reviewed-by: Eric Auger <[email protected]> Tested-by: Eric Auger <[email protected]> Signed-off-by: Alex Williamson <[email protected]>
Gerd Hoffmann [Mon, 15 Oct 2018 16:52:09 +0000 (10:52 -0600)]
hw/vfio/display: add ramfb support
So we have a boot display when using a vgpu as primary display.
ramfb depends on a fw_cfg file. fw_cfg files can not be added and
removed at runtime, therefore a ramfb-enabled vfio device can't be
hotplugged.
Add a nohotplug variant of the vfio-pci device (as child class). Add
the ramfb property to the nohotplug variant only. So to enable the vgpu
display with boot support use this:
* remotes/kraxel/tags/vga-20181015-pull-request:
Makefile: Install new vgabios binaries
hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file
i2c: switch ddc to use the new edid generator
qxl: check qxl_phys2virt return value
bochs-display: wire up edid support
display: add separate config option for bochs-display
edid: fix alignment issues
Thomas Huth [Fri, 12 Oct 2018 10:11:46 +0000 (12:11 +0200)]
hw/display/cirrus_vga: Move "isa-cirrus-vga" device into a separate file
In downstream distros like RHEL we'd like to disable some of the "legacy"
devices of QEMU. The ISA version of the Cirrus VGA device is one of these
legacy devices. So let's make the build process a little bit more flexible
here by putting the Cirrus ISA code into a separate file which is only
included if both, CONFIG_VGA_CIRRUS and CONFIG_VGA_ISA are set.
Note that this disables "isa-cirrus-vga" for the ppc-softmmu and the
alpha-softmmu target since CONFIG_VGA_ISA is not set there. But I think
this is OK since these targets are only interested in the PCI variant
anyway.
Gerd Hoffmann [Fri, 5 Oct 2018 16:01:46 +0000 (18:01 +0200)]
display: add separate config option for bochs-display
This allows modern architectures which don't care about vga
compatibility (risc-v for example) build bochs-display without
including all vga emulation too.
* remotes/kraxel/tags/ui-20181012-pull-request:
gtk: fix uninitialized variable
sdl2: Support all virtio-gpu formats
gtk: Don't vte_terminal_set_encoding() on new VTE versions
Max Reitz [Mon, 8 Oct 2018 18:50:13 +0000 (20:50 +0200)]
sdl2: Support all virtio-gpu formats
There are some 2D resource formats that can be used through virtio-gpu,
but which are not supported by SDL2 when used for a scanout; these are
all alpha-channel formats and also XBGR (RGBX in non-BE pixman).
Add these formats in the switch converting pixman to SDL format
constants so a guest cannot crash the VM by triggering the
g_assert_not_reached() with an unsupported format.
Kevin Wolf [Thu, 11 Oct 2018 15:30:39 +0000 (17:30 +0200)]
gtk: Don't vte_terminal_set_encoding() on new VTE versions
The function vte_terminal_set_encoding() is deprecated since VTE 0.54,
so stop calling it from that version on. This fixes a build error
because of our use of warning flags [-Werror=deprecated-declarations].
Peter Maydell [Fri, 12 Oct 2018 11:40:04 +0000 (12:40 +0100)]
Merge remote-tracking branch 'remotes/cohuck/tags/s390x-20181012' into staging
More s390x updates:
- introduce support for vfio-ap (s390 crypto devices), including a
Linux headers update to get the new interfaces
- the usual fixing + cleanup
* remotes/cohuck/tags/s390x-20181012:
hw/s390x: Include the tod-qemu also for builds with --disable-tcg
s390: doc: detailed specifications for AP virtualization
s390x/vfio: ap: Introduce VFIO AP device
s390x/ap: base Adjunct Processor (AP) object model
s390x/kvm: enable AP instruction interpretation for guest
s390x/cpumodel: Set up CPU model for AP device support
linux-headers: update
target/s390x/excp_helper: Remove DPRINTF() macro
Peter Maydell [Fri, 12 Oct 2018 10:00:07 +0000 (11:00 +0100)]
Merge remote-tracking branch 'remotes/dgilbert/tags/pull-migration-20181011a' into staging
Migration pull 2018-10-11
With one bonus HMP fix.
# gpg: Signature made Thu 11 Oct 2018 20:23:12 BST
# gpg: using RSA key 0516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <[email protected]>"
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert/tags/pull-migration-20181011a:
migration-test: Only generate a single target architecture
qmp, hmp: make subsystem/system-vendor identities optional
vhost-user: Don't ask for reply on postcopy mem table set
vhost-user: Fix userfaultfd leak
migration: Stop postcopy fault thread before notifying
tests/migration: Enable the migration test on s390x, too
tests: Add migration test for aarch64
Tony Krowiak [Wed, 10 Oct 2018 17:03:08 +0000 (13:03 -0400)]
s390: doc: detailed specifications for AP virtualization
This patch provides documentation describing the AP architecture and
design concepts behind the virtualization of AP devices. It also
includes an example of how to configure AP devices for exclusive
use of KVM guests.
There may be only one vfio-ap device configured for a guest.
The mediated matrix device is created by the VFIO AP device
driver by writing a UUID to a sysfs attribute file (see
docs/vfio-ap.txt). The mediated matrix device will be named
after the UUID. Symbolic links to the $uuid are created in
many places, so the path to the mediated matrix device $uuid
can be specified in any of the following ways:
When the vfio-ap device is realized, it acquires and opens the
VFIO iommu group to which the mediated matrix device is
bound. This causes a VFIO group notification event to be
signaled. The vfio_ap device driver's group notification
handler will get called at which time the device driver
will configure the the AP devices to which the guest will
be granted access.
Tony Krowiak [Wed, 10 Oct 2018 17:03:05 +0000 (13:03 -0400)]
s390x/kvm: enable AP instruction interpretation for guest
Let's use the KVM_SET_DEVICE_ATTR ioctl to enable hardware
interpretation of AP instructions executed on the guest.
If the S390_FEAT_AP feature is switched on for the guest,
AP instructions must be interpreted by default; otherwise,
they will be intercepted.
This attribute setting may be overridden by a device. For example,
a device may want to provide AP instructions to the guest (i.e.,
S390_FEAT_AP turned on), but it may want to emulate them. In this
case, the AP instructions executed on the guest must be
intercepted; so when the device is realized, it must disable
interpretation.
Tony Krowiak [Wed, 10 Oct 2018 17:03:04 +0000 (13:03 -0400)]
s390x/cpumodel: Set up CPU model for AP device support
A new CPU model feature and two new CPU model facilities are
introduced to support AP devices for a KVM guest.
CPU model features:
1. The S390_FEAT_AP CPU model feature indicates whether AP
instructions are available to the guest. This feature will
be enabled only if the AP instructions are available on the
linux host as determined by the availability of the
KVM_S390_VM_CRYPTO_ENABLE_APIE VM attribute which is exposed
by KVM only if the AP instructions are available on the
host.
This feature must be turned on from userspace to execute AP
instructions on the KVM guest. The QEMU command line to turn
this feature on looks something like this:
qemu-system-s390x ... -cpu xxx,ap=on ...
This feature will be supported for zEC12 and newer CPU models.
The feature will not be supported for older models because
there are few older systems on which to test and the older
crypto cards will be going out of service in the relatively
near future.
CPU model facilities:
1. The S390_FEAT_AP_QUERY_CONFIG_INFO feature indicates whether the
AP Query Configuration Information (QCI) facility is available
to the guest as determined by whether the facility is available
on the host. This feature will be exposed by KVM only if the
QCI facility is installed on the host.
2. The S390_FEAT_AP_FACILITY_TEST feature indicates whether the AP
Facility Test (APFT) facility is available to the guest as
determined by whether the facility is available on the host.
This feature will be exposed by KVM only if APFT is installed
on the host.
Thomas Huth [Fri, 5 Oct 2018 15:00:01 +0000 (17:00 +0200)]
target/s390x/excp_helper: Remove DPRINTF() macro
Debug macros that are disabled by default should be avoided (since the
code bit-rots quite easily). Thus turn these debug prints into proper
qemu_log_mask(CPU_LOG_xxx, ...) statements instead. The DPRINTF statements
in do_[ext|io|mchk]_interrupt can even be removed completely since we can
log the information in a central place, s390_cpu_do_interrupt, instead.
Paolo Bonzini [Tue, 14 Aug 2018 06:27:39 +0000 (08:27 +0200)]
nvme: correct locking around completion
nvme_poll_queues is already protected by q->lock, and
AIO callbacks are invoked outside the AioContext lock.
So remove the acquire/release pair in nvme_handle_event.
Juan Quintela [Thu, 13 Sep 2018 13:23:13 +0000 (15:23 +0200)]
migration-test: Only generate a single target architecture
Several changes:
- We only allow generate header "inside" the tree. Why? Because we
need to connit the result, so it makes no sense to generate them on
the build dir.
- We only generate a single target each time. Getting all the
cross-compilers correctly is an impossible task. So know you do:
make -C tests/migration $target (native)
make CROSS_PREFIX=foo- -C tests/migratiion $target (cross)
And you are done.
- If we are building out of tree, we have no data about if we are
cross-compile or whatever. So instead of guess what is happening,
just do what I pointed on previous point.
Denis V. Lunev [Tue, 2 Oct 2018 13:55:38 +0000 (16:55 +0300)]
qmp, hmp: make subsystem/system-vendor identities optional
According to PCI specification, subsystem id and subsystem vendor id
are present only in type 0 and type 2 headers (at different offsets),
but not in type 1 headers.
Thus we should make this data optional in struct PciDeviceId and skip
reporting them via HMP if the information is not available.
Additional (wrong information) about PCI bridges (Type1 devices) has been
added in 5383a705 and fortunately not released. This patch fixes that
problem. The problem was spotted by Markus.
Ilya Maximets [Tue, 2 Oct 2018 14:09:47 +0000 (17:09 +0300)]
vhost-user: Don't ask for reply on postcopy mem table set
According to documentation, NEED_REPLY_MASK should not be set
for VHOST_USER_SET_MEM_TABLE request in postcopy mode.
This restriction was mistakenly applied to 'reply_supported'
variable, which is local and used only for non-postcopy case.
Ilya Maximets [Mon, 8 Oct 2018 16:05:35 +0000 (19:05 +0300)]
migration: Stop postcopy fault thread before notifying
POSTCOPY_NOTIFY_INBOUND_END handlers will remove userfault fds
from the postcopy_remote_fds array which could be still in
use by the fault thread. Let's stop the thread before
notification to avoid possible accessing wrong memory.
Thomas Huth [Tue, 9 Oct 2018 09:51:17 +0000 (11:51 +0200)]
tests/migration: Enable the migration test on s390x, too
We can re-use the s390-ccw bios code to implement a small firmware
for a s390x guest which prints out the "A" and "B" characters and
modifies the memory, as required for the migration test.
Wei Huang [Thu, 4 Oct 2018 16:08:46 +0000 (12:08 -0400)]
tests: Add migration test for aarch64
This patch adds migration test support for aarch64. The test code, which
implements the same functionality as x86, is booted as a kernel in qemu.
Here are the design choices we make for aarch64:
* We choose this -kernel approach because aarch64 QEMU doesn't provide a
built-in fw like x86 does. So instead of relying on a boot loader, we
use -kernel approach for aarch64.
* The serial output is sent to PL011 directly.
* The physical memory base for mach-virt machine is 0x40000000. We change
the start_address and end_address for aarch64.
In addition to providing the binary, this patch also includes the source
code and the build script in tests/migration/aarch64. So users can change
the source and/or re-compile the binary as they wish.
Peter Maydell [Thu, 11 Oct 2018 09:43:37 +0000 (10:43 +0100)]
Merge remote-tracking branch 'remotes/armbru/tags/pull-misc-2018-10-10' into staging
Miscellaneous patches for 2018-10-10
# gpg: Signature made Wed 10 Oct 2018 07:03:10 BST
# gpg: using RSA key 3870B400EB918653
# gpg: Good signature from "Markus Armbruster <[email protected]>"
# gpg: aka "Markus Armbruster <[email protected]>"
# Primary key fingerprint: 354B C8B3 D7EB 2A6B 6867 4E5F 3870 B400 EB91 8653
* remotes/armbru/tags/pull-misc-2018-10-10:
ivshmem: Fix unplug of device "ivshmem-plain"
libqtest: Inline g_assert_no_errno()
tests: Restore check-qdict unit test
qapi/misc.json: Remove superfluous words in CpuModelExpansionType
tests/check-qjson: fix a leak
Commit 2aece63c8a "hostmem: detect host backend memory is being used
properly" fixed "ivshmem-plain" to reject memory backends that are
already in use, and to block their deletion while in use. Two bugs
escaped review:
* New ivshmem_plain_exit() fails to call ivshmem_exit(). This breaks
unplug. Reproducer: migration after unplug still fails with
"Migration is disabled when using feature 'peer mode' in device
'ivshmem'".
* It failed to update legacy "ivshmem". Harmless, because it creates
the memory backend itself, and nothing else should use it.
Fix by moving the two host_memory_backend_set_mapped() calls into
ivshmem_common_realize() and ivshmem_exit(), guarded by s->hostmem.
Spotted by ASAN:
=================================================================
==11893==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1120 byte(s) in 28 object(s) allocated from:
#0 0x7fd0515b0c48 in malloc (/lib64/libasan.so.5+0xeec48)
#1 0x7fd050ffa3c5 in g_malloc (/lib64/libglib-2.0.so.0+0x523c5)
#2 0x559e708b56a4 in qstring_from_str /home/elmarco/src/qq/qobject/qstring.c:66
#3 0x559e708b4fe0 in qstring_new /home/elmarco/src/qq/qobject/qstring.c:23
#4 0x559e708bda7d in parse_string /home/elmarco/src/qq/qobject/json-parser.c:143
#5 0x559e708c1009 in parse_literal /home/elmarco/src/qq/qobject/json-parser.c:484
#6 0x559e708c1627 in parse_value /home/elmarco/src/qq/qobject/json-parser.c:547
#7 0x559e708c1c67 in json_parser_parse /home/elmarco/src/qq/qobject/json-parser.c:573
#8 0x559e708bc0ff in json_message_process_token /home/elmarco/src/qq/qobject/json-streamer.c:92
#9 0x559e708d1655 in json_lexer_feed_char /home/elmarco/src/qq/qobject/json-lexer.c:292
#10 0x559e708d1fe1 in json_lexer_feed /home/elmarco/src/qq/qobject/json-lexer.c:339
#11 0x559e708bc856 in json_message_parser_feed /home/elmarco/src/qq/qobject/json-streamer.c:121
#12 0x559e708b8b4b in qobject_from_jsonv /home/elmarco/src/qq/qobject/qjson.c:69
#13 0x559e708b8d02 in qobject_from_json /home/elmarco/src/qq/qobject/qjson.c:83
#14 0x559e708a74ae in from_json_str /home/elmarco/src/qq/tests/check-qjson.c:30
#15 0x559e708a9f83 in utf8_string /home/elmarco/src/qq/tests/check-qjson.c:781
#16 0x7fd05101bc49 in test_case_run gtestutils.c:2255
#17 0x7fd05101bc49 in g_test_run_suite_internal gtestutils.c:2339
linux-user should always enable AFP, otherwise our emulated binary
might crash once it tries to make use of additional floating-point
registers or instructions.
Peter Maydell [Mon, 8 Oct 2018 13:55:05 +0000 (14:55 +0100)]
hw/display/bcm2835_fb: Silence Coverity warning about multiply overflow
Coverity complains (CID 1395628) that the multiply in the calculation
of the framebuffer base is performed as 32x32 but then used in a
context that takes a 64-bit hwaddr. This can't actually ever
overflow the 32-bit result, because of the constraints placed on
the s->config values in bcm2835_fb_validate_config(). But we
can placate Coverity anyway, by explicitly casting one of the
inputs to a hwaddr, so the whole expression is calculated with
64-bit arithmetic.
projects / qemu.git / log