Ilya Leoshkevich [Thu, 11 Aug 2022 09:55:31 +0000 (11:55 +0200)]
accel/tcg: Introduce is_same_page()
Introduce a function that checks whether a given address is on the same
page as where disassembly started. Having it improves readability of
the following patches.
Ilya Leoshkevich [Wed, 17 Aug 2022 15:05:03 +0000 (17:05 +0200)]
linux-user: Clear translations on mprotect()
Currently it's possible to execute pages that do not have PAGE_EXEC
if there is an existing translation block. Fix by invalidating TBs
that touch the affected pages.
linux-user/x86_64: Allocate vsyscall page as a commpage
We're about to start validating PAGE_EXEC, which means that we've
got to mark the vsyscall page executable. We had been special
casing this entirely within translate.
We're about to start validating PAGE_EXEC, which means that we've
got to mark page zero executable. We had been special casing this
entirely within translate.
We're about to start validating PAGE_EXEC, which means
that we've got to mark the commpage executable. We had
been placing the commpage outside of reserved_va, which
was incorrect and lead to an abort.
Stefan Hajnoczi [Mon, 5 Sep 2022 22:01:02 +0000 (18:01 -0400)]
Merge tag 'pull-or1k-20220904' of https://github.com/stffrdhrn/qemu into staging
OpenRISC updates for 7.2.0
Updates to add the OpenRISC virt plaform to QEMU. Highlights
include:
- New virt plaform with, virtio and pci bus support
- OpenRISC support for MTTCG
- Goldfish RTC device endianness is configurable now
# -----BEGIN PGP SIGNATURE-----
#
# iQIzBAABCAAdFiEE2cRzVK74bBA6Je/xw7McLV5mJ+QFAmMURl4ACgkQw7McLV5m
# J+TAVg/6A1HFazEBDzyVvg5BWfusvPMv1gWyAXQVbZDdoEVP5ilJq3Xz2vlOWu+Q
# 46WHAncQH8KGWlS7x4Qk9X1tOU+9LCTa0aBqa1ARAle/wGKJeQ2QkmQM7lnAAtFt
# ON9pDOrj85cNVp7ly/rZqmOkYorUtSblKllOigPaxZozfSA2FuoYwc7vLxy/ICk0
# 6RbRUKiIvqvNxhT0q13buIiqhtQAOLC2/Rrlp/CqUm+nrNlSVQIMC57ddNoopUFN
# I6jb5UxyHtQSlWX6zsLjvho9hlZCuA9IIG7B4qS4/kyC7XJGmOICb3A7QSmfaUxy
# HtEsaImjjhCUnJs8fhDHqyYnUu6JcXMRv61hIr7GNK/g3enpBzG1Otu5jsyHgzEX
# SaachdFUibLJSj/+K4YOaT9luAc0Yvx9vArnXD+2wGg3kHTSDUNv2nFdyLyn5PNM
# sZ9gx6gTEFI7iaeHEZM/doKdlHubddA/GH4DLy2fwZN7EyIsbll9TDJ8icqu1UBT
# KpQdN55VeVqdOEvKUSXxsAK8aRtTjlEErKinufz1yyrg5Lw9XgH1xtTft+rJyXPu
# Lw0hMHYqeaWhNUgnli/ByTY7yd+wC/ukNFQLUlMiDte337Lx9H//MOVvyl6Y5ARE
# jIWt1JlTyuhj+txJrGZMvBrc2ZQ6fF/4HXc/xyGK7eJnEWZIzkY=
# =BzgX
# -----END PGP SIGNATURE-----
# gpg: Signature made Sun 04 Sep 2022 02:31:58 EDT
# gpg: using RSA key D9C47354AEF86C103A25EFF1C3B31C2D5E6627E4
# gpg: Good signature from "Stafford Horne <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: D9C4 7354 AEF8 6C10 3A25 EFF1 C3B3 1C2D 5E66 27E4
* tag 'pull-or1k-20220904' of https://github.com/stffrdhrn/qemu:
docs/system: openrisc: Add OpenRISC documentation
hw/openrisc: virt: pass random seed to fdt
target/openrisc: Interrupt handling fixes
target/openrisc: Enable MTTCG
target/openrisc: Add interrupted CPU to log
hw/openrisc: Initialize timer time at startup
hw/openrisc: Add PCI bus support to virt
hw/openrisc: Add the OpenRISC virtual machine
goldfish_rtc: Add big-endian property
target/openrisc: Fix memory reading in debugger
hw/openrisc: Split re-usable boot time apis out to boot.c
If the FDT contains /chosen/rng-seed, then the Linux RNG will use it to
initialize early. Set this using the usual guest random number
generation function. This is confirmed to successfully initialize the
RNG on Linux 5.19-rc2.
Stafford Horne [Thu, 23 Jun 2022 20:44:56 +0000 (05:44 +0900)]
target/openrisc: Interrupt handling fixes
When running SMP systems we sometimes were seeing lockups where
IPI interrupts were being raised by never handled.
This looks to be caused by 2 issues in the openrisc interrupt handling
logic.
1. After clearing an interrupt the openrisc_cpu_set_irq handler will
always clear PICSR. This is not correct as masked interrupts
should still be visible in PICSR.
2. After setting PICMR (mask register) and exposed interrupts should
cause an interrupt to be raised. This was not being done so add it.
Stafford Horne [Tue, 14 Jun 2022 23:43:56 +0000 (08:43 +0900)]
target/openrisc: Enable MTTCG
This patch enables multithread TCG for OpenRISC. Since the or1k shared
syncrhonized timer can be updated from each vCPU via helpers we use a
mutex to synchronize updates.
Stafford Horne [Tue, 14 Jun 2022 23:40:16 +0000 (08:40 +0900)]
hw/openrisc: Initialize timer time at startup
The last_clk time was initialized at zero, this means when we calculate
the first delta we will calculate 0 vs current time which could cause
unnecessary hops.
This patch moves timer initialization to the cpu reset. There are two
resets registered here:
1. Per cpu timer mask (ttmr) reset.
2. Global cpu timer (last_clk and ttcr) reset, attached to the first
cpu only.
Stafford Horne [Sun, 12 Jun 2022 12:22:53 +0000 (21:22 +0900)]
hw/openrisc: Add PCI bus support to virt
This is mostly borrowed from xtensa and riscv as examples. The
create_pcie_irq_map swizzle function is almost and exact copy
but here we use a single cell interrupt, possibly we can make
this generic.
Stafford Horne [Fri, 20 May 2022 13:38:13 +0000 (22:38 +0900)]
hw/openrisc: Add the OpenRISC virtual machine
This patch adds the OpenRISC virtual machine 'virt' for OpenRISC. This
platform allows for a convenient CI platform for toolchain, software
ports and the OpenRISC linux kernel port.
Much of this has been sourced from the m68k and riscv virt platforms.
The platform provides:
- OpenRISC SMP with up to 4 cpus
- A virtio bus with up to 8 devices
- Standard ns16550a serial
- Goldfish RTC
- SiFive TEST device for poweroff and reboot
- Generated Device Tree to automatically configure the guest kernel
Stafford Horne [Sun, 12 Jun 2022 11:53:44 +0000 (20:53 +0900)]
goldfish_rtc: Add big-endian property
Add a new property "big-endian" to allow configuring the RTC as either
little or big endian, the default is little endian.
Currently overriding the default to big endian is only used by the m68k
virt platform. New platforms should prefer to use little endian and not
set this.
Stafford Horne [Sun, 12 Jun 2022 09:59:34 +0000 (18:59 +0900)]
target/openrisc: Fix memory reading in debugger
In commit f0655423ca ("target/openrisc: Reorg tlb lookup") data and
instruction TLB reads were combined. This, broke debugger reads where
we first tried to map using the data tlb then fall back to the
instruction tlb.
This patch replicates this logic by first requesting a PAGE_READ
protection mapping then falling back to PAGE_EXEC.
Stefan Hajnoczi [Fri, 2 Sep 2022 17:24:28 +0000 (13:24 -0400)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* SCSI fixes for Mac OS 9
* Fix CPU reset for x86/KVM nested virtualization state
* remove feature_not_found() from the configure script
* Meson cleanups from muon
* improved i386 TCG tests for BMI and SSE
* SSE bugfixes
* tag 'net-pull-request' of https://github.com/jasowang/qemu: (21 commits)
net: tulip: Restrict DMA engine to memories
net/colo.c: Fix the pointer issue reported by Coverity.
vdpa: Delete CVQ migration blocker
vdpa: Add virtio-net mac address via CVQ at start
vhost_net: add NetClientState->load() callback
vdpa: extract vhost_vdpa_net_cvq_add from vhost_vdpa_net_handle_ctrl_avail
vdpa: Move command buffers map to start of net device
vdpa: add net_vhost_vdpa_cvq_info NetClientInfo
vhost_net: Add NetClientInfo stop callback
vhost_net: Add NetClientInfo start callback
vhost: Do not depend on !NULL VirtQueueElement on vhost_svq_flush
vhost: Delete useless read memory barrier
vhost: use SVQ element ndescs instead of opaque data for desc validation
vhost: stop transfer elem ownership in vhost_handle_guest_kick
vdpa: Use ring hwaddr at vhost_vdpa_svq_unmap_ring
vhost: Always store new kick fd on vhost_svq_set_svq_kick_fd
vdpa: Make SVQ vring unmapping return void
vdpa: Remove SVQ vring from iova_tree at shutdown
util: accept iova_tree_remove_parameter by value
vdpa: do not save failed dma maps in SVQ iova tree
...
* tag 'char-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
audio: exit(1) if audio backend failed to be found or initialized
tests/unit: Update test-io-channel-socket.c for Windows
chardev/char-socket: Update AF_UNIX for Windows
util/qemu-sockets: Enable unix socket support on Windows
audio: exit(1) if audio backend failed to be found or initialized
If you specify a known backend but it isn't compiled in, or failed to
initialize, you get a simple warning and the "none" backend as a
fallback, and QEMU runs happily:
$ qemu-system-x86_64 -audiodev id=audio,driver=dsound
audio: Unknown audio driver `dsound'
audio: warning: Using timer based audio emulation
...
Instead, QEMU should fail to start:
$ qemu-system-x86_64 -audiodev id=audio,driver=dsound
audio: Unknown audio driver `dsound'
$
Bin Meng [Tue, 2 Aug 2022 07:52:00 +0000 (15:52 +0800)]
tests/unit: Update test-io-channel-socket.c for Windows
Change to dynamically include the test cases by checking AF_UNIX
availability using a new helper socket_check_afunix_support().
With such changes testing on a Windows host can be covered as well.
Bin Meng [Tue, 2 Aug 2022 07:51:58 +0000 (15:51 +0800)]
util/qemu-sockets: Enable unix socket support on Windows
Support for the unix socket has existed both in BSD and Linux for the
longest time, but not on Windows. Since Windows 10 build 17063 [1],
the native support for the unix socket has come to Windows. Starting
this build, two Win32 processes can use the AF_UNIX address family
over Winsock API to communicate with each other.
Zheyu Ma [Sun, 21 Aug 2022 12:43:43 +0000 (20:43 +0800)]
net: tulip: Restrict DMA engine to memories
The DMA engine is started by I/O access and then itself accesses the
I/O registers, triggering a reentrancy bug.
The following log can reveal it:
==5637==ERROR: AddressSanitizer: stack-overflow
#0 0x5595435f6078 in tulip_xmit_list_update qemu/hw/net/tulip.c:673
#1 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13
#2 0x559544637f86 in memory_region_write_accessor qemu/softmmu/memory.c:492:5
#3 0x5595446379fa in access_with_adjusted_size qemu/softmmu/memory.c:554:18
#4 0x5595446372fa in memory_region_dispatch_write qemu/softmmu/memory.c
#5 0x55954468b74c in flatview_write_continue qemu/softmmu/physmem.c:2825:23
#6 0x559544683662 in flatview_write qemu/softmmu/physmem.c:2867:12
#7 0x5595446833f3 in address_space_write qemu/softmmu/physmem.c:2963:18
#8 0x5595435fb082 in dma_memory_rw_relaxed qemu/include/sysemu/dma.h:87:12
#9 0x5595435fb082 in dma_memory_rw qemu/include/sysemu/dma.h:130:12
#10 0x5595435fb082 in dma_memory_write qemu/include/sysemu/dma.h:171:12
#11 0x5595435fb082 in stl_le_dma qemu/include/sysemu/dma.h:272:1
#12 0x5595435fb082 in stl_le_pci_dma qemu/include/hw/pci/pci.h:910:1
#13 0x5595435fb082 in tulip_desc_write qemu/hw/net/tulip.c:101:9
#14 0x5595435f7e3d in tulip_xmit_list_update qemu/hw/net/tulip.c:706:9
#15 0x5595435f204a in tulip_write qemu/hw/net/tulip.c:805:13
Fix this bug by restricting the DMA engine to memories regions.
Zhang Chen [Mon, 22 Aug 2022 08:14:36 +0000 (16:14 +0800)]
net/colo.c: Fix the pointer issue reported by Coverity.
When enabled the virtio-net-pci, guest network packet will
load the vnet_hdr. In COLO status, the primary VM's network
packet maybe redirect to another VM, it needs filter-redirect
enable the vnet_hdr flag at the same time, COLO-proxy will
correctly parse the original network packet. If have any
misconfiguration here, the vnet_hdr_len is wrong for parse
the packet, the data+offset will point to wrong place.
Eugenio Pérez [Tue, 23 Aug 2022 18:30:33 +0000 (20:30 +0200)]
vdpa: Move command buffers map to start of net device
As this series will reuse them to restore the device state at the end of
a migration (or a device start), let's allocate only once at the device
start so we don't duplicate their map and unmap.
Eugenio Pérez [Tue, 23 Aug 2022 18:30:32 +0000 (20:30 +0200)]
vdpa: add net_vhost_vdpa_cvq_info NetClientInfo
Next patches will add a new info callback to restore NIC status through
CVQ. Since only the CVQ vhost device is needed, create it with a new
NetClientInfo.
Eugenio Pérez [Tue, 23 Aug 2022 18:30:29 +0000 (20:30 +0200)]
vhost: Do not depend on !NULL VirtQueueElement on vhost_svq_flush
Since QEMU will be able to inject new elements on CVQ to restore the
state, we need not to depend on a VirtQueueElement to know if a new
element has been used by the device or not. Instead of check that, check
if there are new elements only using used idx on vhost_svq_flush.
Eugenio Pérez [Tue, 23 Aug 2022 18:30:27 +0000 (20:30 +0200)]
vhost: use SVQ element ndescs instead of opaque data for desc validation
Since we're going to allow SVQ to add elements without the guest's
knowledge and without its own VirtQueueElement, it's easier to check if
an element is a valid head checking a different thing than the
VirtQueueElement.
Eugenio Pérez [Tue, 23 Aug 2022 18:30:26 +0000 (20:30 +0200)]
vhost: stop transfer elem ownership in vhost_handle_guest_kick
It was easier to allow vhost_svq_add to handle the memory. Now that we
will allow qemu to add elements to a SVQ without the guest's knowledge,
it's better to handle it in the caller.
Eugenio Pérez [Tue, 23 Aug 2022 18:20:07 +0000 (20:20 +0200)]
vhost: Always store new kick fd on vhost_svq_set_svq_kick_fd
We can unbind twice a file descriptor if we call twice
vhost_svq_set_svq_kick_fd because of this. Since it comes from vhost and
not from SVQ, that file descriptor could be a different thing that
guest's vhost notifier.
Likewise, it can happens the same if a guest start and stop the device
multiple times.
Eugenio Pérez [Tue, 23 Aug 2022 18:20:06 +0000 (20:20 +0200)]
vdpa: Make SVQ vring unmapping return void
Nothing actually reads the return value, but an error in cleaning some
entries could cause device stop to abort, making a restart impossible.
Better ignore explicitely the return value.
Eugenio Pérez [Tue, 23 Aug 2022 18:20:04 +0000 (20:20 +0200)]
util: accept iova_tree_remove_parameter by value
It's convenient to call iova_tree_remove from a map returned from
iova_tree_find or iova_tree_find_iova. With the current code this is not
possible, since we will free it, and then we will try to search for it
again.
Fix it making accepting the map by value, forcing a copy of the
argument. Not applying a fixes tag, since there is no use like that at
the moment.
Eugenio Pérez [Tue, 23 Aug 2022 18:20:02 +0000 (20:20 +0200)]
vdpa: Skip the maps not in the iova tree
Next patch will skip the registering of dma maps that the vdpa device
rejects in the iova tree. We need to consider that here or we cause a
SIGSEGV accessing result.
* tag 'pull-avr-20220901' of https://gitlab.com/rth7680/qemu:
target/avr: Disable interrupts when env->skip set
target/avr: Only execute one interrupt at a time
target/avr: Call avr_cpu_do_interrupt directly
target/avr: Support probe argument to tlb_fill
Paul Brook [Sun, 24 Apr 2022 22:01:39 +0000 (23:01 +0100)]
target/i386: Destructive FP helpers for AVX
Perpare the horizontal atithmetic vector helpers for AVX
These currently use a dummy Reg typed variable to store the result then
assign the whole register. This will cause 128 bit operations to corrupt
the upper half of the register, so replace it with explicit temporaries
and element assignments.
Paul Brook [Thu, 25 Aug 2022 21:58:15 +0000 (23:58 +0200)]
target/i386: reimplement AVX comparison helpers
AVX includes an additional set of comparison predicates, some of which
our softfloat implementation does not expose as separate functions.
Rewrite the helpers in terms of floatN_compare for future extensibility.
Paul Brook [Sun, 24 Apr 2022 22:01:35 +0000 (23:01 +0100)]
target/i386: Destructive vector helpers for AVX
These helpers need to take special care to avoid overwriting source values
before the wole result has been calculated. Currently they use a dummy
Reg typed variable to store the result then assign the whole register.
This will cause 128 bit operations to corrupt the upper half of the register,
so replace it with explicit temporaries and element assignments.
Rewrite the "simple" vector integer helpers in preperation for AVX support.
While the current code is able to use the same prototype for unary
(a = F(b)) and binary (a = F(b, c)) operations, future changes will cause
them to diverge.
Paolo Bonzini [Fri, 26 Aug 2022 21:09:27 +0000 (23:09 +0200)]
target/i386: do not cast gen_helper_* function pointers
Use a union to store the various possible kinds of function pointers, and
access the correct one based on the flags.
SSEOpHelper_table6 and SSEOpHelper_table7 right now only have one case,
but this would change with AVX's 3- and 4-argument operations. Use
unions there too, to keep the code more similar for the three tables.
Paolo Bonzini [Fri, 26 Aug 2022 22:49:31 +0000 (00:49 +0200)]
target/i386: Add size suffix to vector FP helpers
For AVX we're going to need both 128 bit (xmm) and 256 bit (ymm) variants of
floating point helpers. Add the register type suffix to the existing
*PS and *PD helpers (SS and SD variants are only valid on 128 bit vectors)
Paolo Bonzini [Fri, 26 Aug 2022 22:13:40 +0000 (00:13 +0200)]
target/i386: check SSE table flags instead of hardcoding opcodes
Put more flags to work to avoid hardcoding lists of opcodes. The op7 case
for SSE_OPF_CMP is included for homogeneity and because AVX needs it, but
it is never used by SSE or MMX.
Paul Brook [Sun, 24 Apr 2022 22:01:27 +0000 (23:01 +0100)]
target/i386: Rework sse_op_table6/7
Add a flags field each row in sse_op_table6 and sse_op_table7.
Initially this is only used as a replacement for the magic SSE41_SPECIAL
pointer. The other flags are mostly relevant for the AVX implementation
but can be applied to SSE as well.
Paul Brook [Sun, 24 Apr 2022 22:01:26 +0000 (23:01 +0100)]
target/i386: Rework sse_op_table1
Add a flags field to each row in sse_op_table1.
Initially this is only used as a replacement for the magic
SSE_SPECIAL and SSE_DUMMY pointers, the other flags are mostly
relevant for the AVX implementation but can be applied to SSE as well.
Paul Brook [Sun, 24 Apr 2022 22:01:30 +0000 (23:01 +0100)]
target/i386: Add ZMM_OFFSET macro
Add a convenience macro to get the address of an xmm_regs element within
CPUX86State.
This was originally going to be the basis of an implementation that broke
operations into 128 bit chunks. I scrapped that idea, so this is now a purely
cosmetic change. But I think a worthwhile one - it reduces the number of
function calls that need to be split over multiple lines.
Paul Brook [Sun, 24 Apr 2022 22:02:03 +0000 (23:02 +0100)]
tests/tcg: i386: add SSE tests
Tests for correct operation of most x86-64 SSE instructions.
It should cover all combinations of overlapping register and memory
operands on a set of random-ish data.
Results are bit-identical to an Intel i5-8500, with the exception of
the RCPSS and RSQRT approximations where the real CPU gives less accurate
results (the Intel spec allows relative errors up to 1.5 * 2^-12)
Stefan Hajnoczi [Thu, 1 Sep 2022 17:53:20 +0000 (13:53 -0400)]
Merge tag 'pull-ppc-20220831' of https://gitlab.com/danielhb/qemu into staging
ppc patch queue for 2022-08-31:
In the first 7.2 queue we have changes in the powernv pnv-phb handling,
the start of the QOMification of the ppc405 model, the removal of the
taihu machine, a new SLOF image and others.
# -----BEGIN PGP SIGNATURE-----
#
# iHUEABYKAB0WIQQX6/+ZI9AYAK8oOBk82cqW3gMxZAUCYw/AFgAKCRA82cqW3gMx
# ZI6XAP0d8m6r1JqKXPSfCwVYy+AfrwY7oZWYbeTqdamK6xHcUQD+JyCcFcogY4Vz
# YwvHLd9W2cqvoWiZ4tmkK4Mb0Xt0Xg4=
# =0uL/
# -----END PGP SIGNATURE-----
# gpg: Signature made Wed 31 Aug 2022 16:09:58 EDT
# gpg: using EDDSA key 17EBFF9923D01800AF2838193CD9CA96DE033164
# gpg: Good signature from "Daniel Henrique Barboza <[email protected]>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 17EB FF99 23D0 1800 AF28 3819 3CD9 CA96 DE03 3164
* tag 'pull-ppc-20220831' of https://gitlab.com/danielhb/qemu: (60 commits)
ppc4xx: Fix code style problems reported by checkpatch
ppc/ppc4xx: Fix sdram trace events
hw/ppc/Kconfig: Move imply before select
hw/ppc/sam460ex: Remove PPC405 dependency from sam460ex
ppc405: Move machine specific code to ppc405_boards.c
ppc/ppc405: QOM'ify FPGA
ppc/ppc405: Use an explicit I2C object
hw/intc/ppc-uic: Convert ppc-uic to a PPC4xx DCR device
ppc/ppc405: Use an embedded PPCUIC model in SoC state
ppc4xx: Rename ppc405-ebc to ppc4xx-ebc
ppc4xx: Move EBC model to ppc4xx_devs.c
ppc4xx: Rename ppc405-plb to ppc4xx-plb
ppc4xx: Move PLB model to ppc4xx_devs.c
ppc/ppc405: QOM'ify MAL
ppc/ppc405: QOM'ify PLB
ppc/ppc405: QOM'ify POB
ppc/ppc405: QOM'ify OPBA
ppc/ppc405: QOM'ify EBC
ppc/ppc405: QOM'ify DMA
ppc/ppc405: QOM'ify GPIO
...
Paolo Bonzini [Thu, 25 Aug 2022 16:47:50 +0000 (18:47 +0200)]
target/i386: DPPS rounding fix
The DPPS (Dot Product) instruction is defined to first sum pairs of
intermediate results, then sum those values to get the final result.
i.e. (A+B)+(C+D)
We incrementally sum the results, i.e. ((A+B)+C)+D, which can result
in incorrect rouding.
For consistency, also change the variable names to the ones used
in the Intel SDM and implement DPPD following the manual.
Paolo Bonzini [Fri, 26 Aug 2022 11:00:00 +0000 (13:00 +0200)]
KVM: dirty ring: add missing memory barrier
The KVM_DIRTY_GFN_F_DIRTY flag ensures that the entry is valid. If
the read of the fields are not ordered after the read of the flag,
QEMU might see stale values.
Anton Kochkov [Wed, 17 Aug 2022 14:37:23 +0000 (14:37 +0000)]
meson: be strict for boolean options
While Meson buildsystem accepts the 'false' as a value
for boolean options, it's not covered by the specification
and in general invalid. Some alternative Meson implementations,
like Muon, do not accept 'false' or 'true' as a valid value
for the boolean options.
Paolo Bonzini [Fri, 19 Aug 2022 16:40:46 +0000 (18:40 +0200)]
configure: improve error for ucontext coroutine backend
Instead of using feature_not_found(), which is not a good match because
there is no "remedy" to fix the lack of makecontext(), just print a
custom error.
This happens to remove the last use of feature_not_found(), so remove
the definition and the documentation.
Vitaly Kuznetsov [Thu, 18 Aug 2022 15:01:13 +0000 (17:01 +0200)]
i386: do kvm_put_msr_feature_control() first thing when vCPU is reset
kvm_put_sregs2() fails to reset 'locked' CR4/CR0 bits upon vCPU reset when
it is in VMX root operation. Do kvm_put_msr_feature_control() before
kvm_put_sregs2() to (possibly) kick vCPU out of VMX root operation. It also
seems logical to do kvm_put_msr_feature_control() before
kvm_put_nested_state() and not after it, especially when 'real' nested
state is set.
Vitaly Kuznetsov [Thu, 18 Aug 2022 15:01:12 +0000 (17:01 +0200)]
i386: reset KVM nested state upon CPU reset
Make sure env->nested_state is cleaned up when a vCPU is reset, it may
be stale after an incoming migration, kvm_arch_put_registers() may
end up failing or putting vCPU in a weird state.
John Millikin [Wed, 17 Aug 2022 05:35:00 +0000 (14:35 +0900)]
scsi: Reject commands if the CDB length exceeds buf_len
In scsi_req_parse_cdb(), if the CDB length implied by the command type
exceeds the initialized portion of the command buffer, reject the request.
Rejected requests are recorded by the `scsi_req_parse_bad` trace event.
On example of a bug detected by this check is SunOS's use of interleaved
DMA and non-DMA commands. This guest behavior currently causes QEMU to
parse uninitialized memory as a SCSI command, with unpredictable
outcomes.
With the new check in place:
* QEMU consistently creates a trace event and rejects the request.
* SunOS retries the request(s) and is able to successfully boot from
disk.
John Millikin [Wed, 17 Aug 2022 05:34:58 +0000 (14:34 +0900)]
scsi: Add buf_len parameter to scsi_req_new()
When a SCSI command is received from the guest, the CDB length implied
by the first byte might exceed the number of bytes the guest sent. In
this case scsi_req_new() will read uninitialized data, causing
unpredictable behavior.
Adds the buf_len parameter to scsi_req_new() and plumbs it through the
call stack.
Signed-off-by: John Millikin <[email protected]>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1127
Message-Id: <20220817053458[email protected]>
[Fill in correct length for adapters other than ESP. - Paolo] Signed-off-by: Paolo Bonzini <[email protected]>
John Millikin [Wed, 17 Aug 2022 05:38:47 +0000 (14:38 +0900)]
esp: Handle CMD_BUSRESET by resetting the SCSI bus
Per investigation on the linked ticket, SunOS issues a SCSI bus reset
to the ESP as part of its boot sequence. If this ESP command doesn't
cause devices to assert sense flag UNIT ATTENTION, SunOS will consider
the CD-ROM device to be non-compliant with Common Command Set (CCS).
In this condition, the SunOS installer's early userspace doesn't set
the installation source location to sr0 and the miniroot copy fails.
Stefan Hajnoczi [Wed, 31 Aug 2022 22:18:59 +0000 (18:18 -0400)]
Merge tag 'testing-pull-request-2022-08-30' of https://gitlab.com/thuth/qemu into staging
* First batch of patches to get qtests adapted for Windows
* Two preparation patches for the upcoming removal of the slirp submodule
* Some other small test fixes (typos, etc.)
* tag 'testing-pull-request-2022-08-30' of https://gitlab.com/thuth/qemu: (23 commits)
tests/avocado/migration: Get find_free_port() from the ports
tests/qtest/ac97-test: Correct reference to driver
gitlab-ci: Only use one process in Windows jobs for compilation
docs/devel/testing: fix minor typo
tests/avocado: Fix trivial typo
tests/avocado: Do not run tests that require libslirp if it is not available
tests/vm: Add libslirp to the VM tests
tests/qtest: prom-env-test: Use double quotes to pass the prom-env option
tests/qtest: npcm7xx_emc-test: Skip running test_{tx, rx} on win32
tests/qtest: machine-none-test: Use double quotes to pass the cpu option
tests/qtest: device-plug-test: Reverse the usage of double/single quotes
tests/qtest: libqos: Rename malloc.h to libqos-malloc.h
tests/qtest: libqos: Drop inclusion of <sys/wait.h>
tests/qtest: migration-test: Skip running test_migrate_fd_proto on win32
tests/qtest: i440fx-test: Skip running request_{bios, pflash} for win32
tests/qtest: Build cases that use memory-backend-file for posix only
tests/qtest: Build e1000e-test for posix only
tests/qtest: Adapt {m48t59,rtc}-test cases for win32
backends/tpm: Exclude headers and macros that don't exist on win32
tests/qtest: migration-test: Handle link() for win32
...
Stefan Hajnoczi [Wed, 31 Aug 2022 20:50:43 +0000 (16:50 -0400)]
Merge tag 's390x-pull-request-2022-08-30' of https://gitlab.com/thuth/qemu into staging
* Compat machine types for QEMU 7.2
* Add feature bit for the "processor-activity-instrumentation extension"
* Fix emulation of CLFIT and CLGIT instructions
* Fix hugepages support on s390x with the memfd memory-backend
* tag 's390x-pull-request-2022-08-30' of https://gitlab.com/thuth/qemu:
util/mmap-alloc: Remove qemu_mempath_getpagesize()
softmmu/physmem: Remove the ifdef __linux__ around the pagesize functions
backends/hostmem: Fix support of memory-backend-memfd in qemu_maxrampagesize()
target/s390x: Fix CLFIT and CLGIT immediate size
s390x/cpumodel: add stfl197 processor-activity-instrumentation extension 1
hw: Add compat machines for 7.2
projects / qemu.git / log