Peter Maydell [Thu, 18 Mar 2021 17:11:17 +0000 (17:11 +0000)]
Merge remote-tracking branch 'remotes/rth-gitlab/tags/pull-tcg-20210317' into staging
TCI argument extraction helpers and disassembler
TCG build fix for gcc 11
# gpg: Signature made Wed 17 Mar 2021 15:29:47 GMT
# gpg: using RSA key 7A481E78868B4DB6A85A05C064DF38E8AF7E215F
# gpg: issuer "richard.henderson@linaro.org"
# gpg: Good signature from "Richard Henderson <richard.henderson@linaro.org>" [full]
# Primary key fingerprint: 7A48 1E78 868B 4DB6 A85A 05C0 64DF 38E8 AF7E 215F
* remotes/rth-gitlab/tags/pull-tcg-20210317: (38 commits)
tcg: Fix prototypes for tcg_out_vec_op and tcg_out_op
tcg/tci: Split out tcg_out_op_r[iI]
tcg/tci: Split out tcg_out_op_v
tcg/tci: Split out tcg_out_op_{rrm,rrrm,rrrrm}
tcg/tci: Split out tcg_out_op_rrrrcl
tcg/tci: Split out tcg_out_op_rrrr
tcg/tci: Split out tcg_out_op_rrrrrr
tcg/tci: Split out tcg_out_op_rrcl
tcg/tci: Split out tcg_out_op_rrrbb
tcg/tci: Split out tcg_out_op_rrrrrc
tcg/tci: Split out tcg_out_op_rrrc
tcg/tci: Split out tcg_out_op_rrr
tcg/tci: Split out tcg_out_op_rr
tcg/tci: Split out tcg_out_op_p
tcg/tci: Split out tcg_out_op_l
tcg/tci: Split out tcg_out_op_rrs
tcg/tci: Push opcode emit into each case
tcg/tci: Implement the disassembler properly
tcg/tci: Remove tci_disas
tcg/tci: Hoist op_size checking into tci_args_*
...
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
# gpg: Signature made Wed 17 Mar 2021 07:19:23 GMT
# gpg: using RSA key 6685AE99E75167BCAFC8DF35FBD0DB095A9E2A44
# gpg: Good signature from "Alex Bennée (Master Work Key) <alex.bennee@linaro.org>" [full]
# Primary key fingerprint: 6685 AE99 E751 67BC AFC8 DF35 FBD0 DB09 5A9E 2A44
* remotes/stsquad/tags/pull-misc-6.0-updates-170321-2:
hw/core: Only build guest-loader if libfdt is available
plugins: Fixes typo in qemu-plugin.h
plugins: getting qemu_plugin_get_hwaddr only expose one function prototype
plugins: expand kernel-doc for memory query and instrumentation
plugins: expand kernel-doc for instruction query and instrumentation
plugins: expand inline exec kernel-doc documentation.
plugins: add qemu_plugin_id_t to kernel-doc
plugins: add qemu_plugin_cb_flags to kernel-doc
plugins: expand the typedef kernel-docs for translation
plugins: expand the callback typedef kernel-docs
plugins: cleanup kernel-doc for qemu_plugin_install
plugins: expand kernel-doc for qemu_info_t
plugins: Expose physical addresses instead of device offsets
plugins: new syscalls plugin
utils: Use fixed-point arithmetic in qemu_strtosz
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Thu, 18 Mar 2021 14:07:31 +0000 (14:07 +0000)]
Merge remote-tracking branch 'remotes/cleber-gitlab/tags/python-next-pull-request' into staging
Acceptance and Python Test Improvements
Small collection of Acceptance and Python tests/improvements.
# gpg: Signature made Wed 17 Mar 2021 03:22:47 GMT
# gpg: using RSA key 7ABB96EB8B46B94D5E0FE9BB657E8D33A5F209F3
# gpg: Good signature from "Cleber Rosa <crosa@redhat.com>" [marginal]
# gpg: WARNING: This key is not certified with sufficiently trusted signatures!
# gpg: It is not certain that the signature belongs to the owner.
# Primary key fingerprint: 7ABB 96EB 8B46 B94D 5E0F E9BB 657E 8D33 A5F2 09F3
* remotes/cleber-gitlab/tags/python-next-pull-request:
tests/acceptance: linux-related tests fix
tests: Add functional test for out-of-process device emulation
avocado_qemu: add exec_command function
tests/migration: fix unix socket batch migration
tests/acceptance: Print expected message on wait_for_console_pattern
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/mdroth/tags/qga-pull-2021-03-16-tag:
qga: return a more explicit error on why a command is disabled
qga: Switch and case should be at the same indent
qga: Open brace '{' following struct go on the same
qga: Delete redundant spaces
qga: Add spaces around operator
qga: Correct loop count in qmp_guest_get_vcpus()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/vivier/tags/q800-for-6.0-pull-request:
mac_via: remove VIA1 timer optimisations
mac_via: fix 60Hz VIA1 timer interval
mac_via: rename VBL timer to 60Hz timer
mac_via: don't re-inject ADB response when switching to IDLE state
mac_via: allow long accesses to VIA registers
mac_via: fix up adb_via_receive() trace events
mac_via: switch rtc pram trace-events to use hex rather than decimal for addresses
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/bonzini-gitlab/tags/for-upstream:
qemu-timer: allow freeing a NULL timer
hw/i8254: fix vmstate load
scsi: fix sense code for EREMOTEIO
Revert "accel: kvm: Add aligment assert for kvm_log_clear_one_slot"
configure: add option to explicitly enable/disable libgio
fuzz: move some DMA hooks
fuzz: configure a sparse-mem device, by default
memory: add a sparse memory device for fuzzing
fuzz: add a am53c974 generic-fuzzer config
fuzz: add instructions for building reproducers
fuzz: add a script to build reproducers
fuzz: don't leave orphan llvm-symbolizers around
fuzz: fix the pro100 generic-fuzzer config
MAINTAINERS: Cover fuzzer reproducer tests within 'Device Fuzzing'
tests/qtest: Only run fuzz-virtio-scsi when virtio-scsi is available
tests/qtest: Only run fuzz-megasas-test if megasas device is available
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/awilliam/tags/vfio-update-20210316.0:
vfio/migrate: Move switch of dirty tracking into vfio_memory_listener
vfio: Support host translation granule size
vfio: Avoid disabling and enabling vectors repeatedly in VFIO migration
vfio: Set the priority of the VFIO VM state change handler explicitly
vfio: Move the saving of the config space to the right place in VFIO migration
spapr_iommu: Fix vhost integration regression
vfio: Do not register any IOMMU_NOTIFIER_DEVIOTLB_UNMAP notifier
MAINTAINERS: Cover docs/igd-assign.txt in VFIO section
hw/vfio/pci-quirks: Replace the word 'blacklist'
vfio: Fix vfio_listener_log_sync function name typo
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 18:28:03 +0000 (18:28 +0000)]
Merge remote-tracking branch 'remotes/cschoenebeck/tags/pull-9p-20210316' into staging
9pfs: code cleanup
* Use lock-guard design pattern instead of manual lock/unlock.
# gpg: Signature made Tue 16 Mar 2021 10:49:09 GMT
# gpg: using RSA key 96D8D110CF7AF8084F88590134C2B58765A47395
# gpg: issuer "qemu_oss@crudebyte.com"
# gpg: Good signature from "Christian Schoenebeck <qemu_oss@crudebyte.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: ECAB 1A45 4014 1413 BA38 4926 30DB 47C3 A012 D5F4
# Subkey fingerprint: 96D8 D110 CF7A F808 4F88 5901 34C2 B587 65A4 7395
* remotes/cschoenebeck/tags/pull-9p-20210316:
hw/9pfs/9p-synth: Replaced qemu_mutex_lock with QEMU_LOCK_GUARD
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kraxel/tags/audio-20210316-pull-request:
coreaudio: Handle output device change
coreaudio: Extract device operations
coreaudio: Drop support for macOS older than 10.6
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
tcg: Fix prototypes for tcg_out_vec_op and tcg_out_op
There are two different versions of prototype for tcg_out_op and
tcg_out_vec_op functions:
1) using const TCGArg *args and const int *const_args arguments
2) using const TCGArg args[TCG_MAX_OP_ARGS] and const int
const_args[TCG_MAX_OP_ARGS] aguments.
This duality causes warnings on GCC 11 and prevents build using
--enable-werror. As second version provides more information,
unify functions prototypes to this variant.
Signed-off-by: Miroslav Rezanina <mrezanin@redhat.com>
Message-Id: <20210312121418.139093-1-mrezanin@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 15:01:09 +0000 (15:01 +0000)]
Merge remote-tracking branch 'remotes/cohuck-gitlab/tags/s390x-20210316' into staging
s390x updates:
- get rid of legacy_s390_alloc() and phys_mem_set_alloc()
- tcg: implement the MVPG condition-code-option bit
- fix g_autofree variable handing in the pci vfio code
- use official z15 names in the cpu model definitions
* remotes/cohuck-gitlab/tags/s390x-20210316:
s390x/pci: Add missing initialization for g_autofree variables
target/s390x: Store r1/r2 for page-translation exceptions during MVPG
target/s390x: Implement the MVPG condition-code-option bit
s390x/cpu_model: use official name for 8562
exec: Get rid of phys_mem_set_alloc()
s390x/kvm: Get rid of legacy_s390_alloc()
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
* remotes/kraxel/tags/ui-20210316-pull-request:
ui/cocoa: Comment about modifier key input quirks
ui: fold qemu_alloc_display in only caller
ui: honour the actual guest display dimensions without rounding
ui: use client width/height in WMVi message
ui: avoid sending framebuffer updates outside client desktop bounds
ui: add more trace points for VNC client/server messages
ui/cocoa: Do not exit immediately after shutdown
opengl: Do not convert format with glTexImage2D on OpenGL ES
ui: deprecate "password" option for SPICE server
ui: introduce "password-secret" option for SPICE server
ui: introduce "password-secret" option for VNC servers
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Actually print arguments as opposed to simply the opcodes
and, uselessly, the argument counts. Reuse all of the helpers
developed as part of the interpreter.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
This performs the size check while reading the arguments,
which means that we don't have to arrange for it to be
done after the operation. Which tidies all of the branches.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
tcg/tci: Reduce qemu_ld/st TCGMemOpIdx operand to 32-bits
We are currently using the "natural" size routine, which
uses 64-bits on a 64-bit host. The TCGMemOpIdx operand
has 11 bits, so we can safely reduce to 32-bits.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Use the correct set of asserts during code generation.
We do not require the first input to overlap the output;
the existing interpreter already supported that.
Split out tci_args_rrrbb in the translator.
Use the deposit32/64 functions rather than inline expansion.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Do not emit a uint64_t, but a tcg_target_ulong, aka uintptr_t.
This reduces the size of the constant on 32-bit hosts.
The assert for label != NULL has to be removed because that
is a valid value for exit_tb.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Begin splitting out functions that do pure argument decode,
without actually loading values from the register set.
This means that decoding need not concern itself between
input and output registers. We can assert that the register
number is in range during decode, so that it is safe to
simply dereference from regs[] later.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
In the next patches, we want to use tci_read_r to return
the raw register number. So rename the existing function,
which returns the register value, to tci_read_rval.
Reviewed-by: Philippe Mathieu-Daudé <f4bug@amsat.org> Signed-off-by: Richard Henderson <richard.henderson@linaro.org>
Peter Maydell [Wed, 17 Mar 2021 09:07:28 +0000 (09:07 +0000)]
Merge remote-tracking branch 'remotes/dgilbert-gitlab/tags/pull-virtiofs-20210315' into staging
virtiofs and migration pull 2021-03-15
Signed-off-by: Dr. David Alan Gilbert <dgilbert@redhat.com>
# gpg: Signature made Mon 15 Mar 2021 20:03:03 GMT
# gpg: using RSA key 45F5C71B4A0CB7FB977A9FA90516331EBC5BFDE7
# gpg: Good signature from "Dr. David Alan Gilbert (RH2) <dgilbert@redhat.com>" [full]
# Primary key fingerprint: 45F5 C71B 4A0C B7FB 977A 9FA9 0516 331E BC5B FDE7
* remotes/dgilbert-gitlab/tags/pull-virtiofs-20210315:
migration: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
monitor: Replaced qemu_mutex_lock calls with QEMU_LOCK_GUARD
migration/tls: add error handling in multifd_tls_handshake_thread
migration/tls: fix inverted semantics in multifd_channel_connect
virtiofsd: Convert some functions to return bool
virtiofsd: Don't allow empty paths in lookup_name()
virtiofsd: Don't allow empty filenames
virtiofsd: Add qemu version and copyright info
virtiofsd: Release vu_dispatch_lock when stopping queue
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
hw/core: Only build guest-loader if libfdt is available
Add a Kconfig entry for guest-loader so we can optionally deselect
it (default is built in), and add a Meson dependency on libfdt.
This fixes when building with --disable-fdt:
/usr/bin/ld: libcommon.fa.p/hw_core_guest-loader.c.o: in function `loader_insert_platform_data':
hw/core/guest-loader.c:56: undefined reference to `qemu_fdt_add_subnode'
/usr/bin/ld: hw/core/guest-loader.c:57: undefined reference to `qemu_fdt_setprop'
/usr/bin/ld: hw/core/guest-loader.c:61: undefined reference to `qemu_fdt_setprop_string_array'
/usr/bin/ld: hw/core/guest-loader.c:68: undefined reference to `qemu_fdt_setprop_string'
/usr/bin/ld: hw/core/guest-loader.c:74: undefined reference to `qemu_fdt_setprop_string_array'
collect2: error: ld returned 1 exit status
Fixes: a33ff6d2c6b ("hw/core: implement a guest-loader to support static hypervisor guests") Reported-by: Christian Borntraeger <borntraeger@de.ibm.com> Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com> Tested-by: Christian Borntraeger <borntraeger@de.ibm.com> Reviewed-by: Alistair Francis <alistair.francis@wdc.com>
Message-Id: <20210315170439.2868903-1-philmd@redhat.com> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Aaron Lindsay [Fri, 12 Mar 2021 17:28:09 +0000 (17:28 +0000)]
plugins: Expose physical addresses instead of device offsets
This allows plugins to query for full virtual-to-physical address
translation for a given `qemu_plugin_hwaddr` and stops exposing the
offset within the device itself. As this change breaks the API,
QEMU_PLUGIN_VERSION is incremented.
This commit adds a new syscalls plugin that displays the syscalls
as they are executed and returned. This plugin outputs the number
of the syscall as well as the syscall return value.
Once we've parsed the fractional value, extract it into an integral
64-bit fraction. Perform the scaling with integer arithmetic, and
simplify the overflow detection.
Reviewed-by: Eric Blake <eblake@redhat.com> Signed-off-by: Richard Henderson <richard.henderson@linaro.org> Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20210315185117.1986240-2-richard.henderson@linaro.org>
Sometimes a test needs to send a command to a console without waiting
for a pattern as a result, or the command issued do not produce any kind
of output, like, for example, a `mount` command.
This introduces the `exec_command` function to the avocado_qemu,
allowing the test to send a command to the console without the need to
match a pattern produced as a result.
Signed-off-by: Willian Rampazzo <willianr@redhat.com> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Reviewed-by: Wainer dos Santos Moschetta <wainersm@redhat.com> Reviewed-by: Cleber Rosa <crosa@redhat.com> Tested-by: Cleber Rosa <crosa@redhat.com>
Message-Id: <20210303205320.146047-2-willianr@redhat.com> Signed-off-by: Cleber Rosa <crosa@redhat.com>
qga: return a more explicit error on why a command is disabled
qmp_disable_command() now takes an optional error string to return a
more explicit error message.
Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1928806 Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
*fix up 80+ char line Signed-off-by: Michael Roth <michael.roth@amd.com>
AlexChen [Mon, 26 Oct 2020 09:05:38 +0000 (17:05 +0800)]
qga: Add spaces around operator
Reported-by: Euler Robot <euler.robot@huawei.com> Signed-off-by: AlexChen <alex.chen@huawei.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
*fix 80+ char violation while we're here
*fix w32 build breakage from changing INVALID_SET_FILE_POINTER
definition from a cast to a subtraction Signed-off-by: Michael Roth <michael.roth@amd.com>
Hyman [Wed, 10 Mar 2021 17:29:55 +0000 (01:29 +0800)]
tests/migration: fix unix socket batch migration
when execute the following test command:
"guestperf-batch.py --dst-host localhost --transport unix ..."
test aborts and error message as the following be throwed:
"launching VM Failed: [Errno 98] Address already in use".
The reason is that batch script use the same monitor socket
in all test cases and do not remove the socket file. The second
migration test will launch vm use the same socket file as
the first, so we get the error message. To fix it, just remove
the socket file each time we have done the migration test.
Signed-off-by: Hyman <huangy81@chinatelecom.cn>
Message-Id: <c3fc438993b87a6ab0bea3d07f6ca0260d29936e.1615397103.git.huangy81@chinatelecom.cn> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Cleber Rosa <crosa@redhat.com>
tests/acceptance: Print expected message on wait_for_console_pattern
For the sake of improve debuggability of tests which use the
wait_for_console_pattern(), this changed the _console_interaction() so that
the expected message is printed if the test fail.
Signed-off-by: Wainer dos Santos Moschetta <wainersm@redhat.com>
Message-Id: <20210309153507.1905682-1-wainersm@redhat.com> Reviewed-by: Joel Stanley <joel@jms.id.au> Reviewed-by: Willian Rampazzo <willianr@redhat.com> Reviewed-by: Cleber Rosa <crosa@redhat.com> Tested-by: Cleber Rosa <crosa@redhat.com> Signed-off-by: Cleber Rosa <crosa@redhat.com>
Lin Ma [Wed, 24 Feb 2021 05:14:28 +0000 (13:14 +0800)]
qga: Correct loop count in qmp_guest_get_vcpus()
The guest-get-vcpus returns incorrect vcpu info in case we hotunplug vcpus(not
the last one).
e.g.:
A VM has 4 VCPUs: cpu0 + 3 hotunpluggable online vcpus(cpu1, cpu2 and cpu3).
Hotunplug cpu2, Now only cpu0, cpu1 and cpu3 are present & online.
Signed-off-by: Lin Ma <lma@suse.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
*fix build breakage by using PRId64 for sscanf Signed-off-by: Michael Roth <michael.roth@amd.com>
Mark Cave-Ayland [Thu, 11 Mar 2021 10:05:05 +0000 (10:05 +0000)]
mac_via: remove VIA1 timer optimisations
The original implementation of the Macintosh VIA devices in commit 6dca62a000
"hw/m68k: add VIA support" used timer optimisations to reduce high CPU usage on
the host when booting Linux. These optimisations worked by waiting until VIA1
port B was accessed before re-arming the timers.
The MacOS toolbox ROM constantly writes to VIA1 port B which calls
via1_one_second_update() and via1_sixty_hz_update() to calculate the new expiry
time, causing the timers to constantly reset and never fire. The effect of this
is that the Ticks (0x16a) global variable holding the number of 60Hz timer ticks
since reset is never incremented by the interrupt causing time to stand still.
Whilst the code was introduced as a performance optimisation, it is likely that
the high CPU usage was actually caused by the incorrect 60Hz timer interval
fixed in the previous patch. Remove the optimisation to keep everything simple
and enable the MacOS toolbox ROM to start keeping time.
Mark Cave-Ayland [Thu, 11 Mar 2021 10:05:04 +0000 (10:05 +0000)]
mac_via: fix 60Hz VIA1 timer interval
The 60Hz timer is initialised using timer_new_ns() meaning that the timer
interval should be measured in ns, and therefore its period is a thousand
times too short.
Use a define for the 60Hz timer period taking the more precise value as
documented in the Guide To The Macintosh Family Hardware.
Mark Cave-Ayland [Thu, 11 Mar 2021 10:05:03 +0000 (10:05 +0000)]
mac_via: rename VBL timer to 60Hz timer
According to the "Guide To The Macintosh Family Hardware", the 60Hz VIA1 timer
on newer Macs such as the Quadra only exists for compatibility with old software
and is no longer synced to the VBL interval.
Rename the VBL timer to 60Hz timer to emphasise this and to prevent confusion
when the real VBL interrupt (now handled as a NuBus slot interrupt) is added in
future.
Mark Cave-Ayland [Thu, 11 Mar 2021 10:05:02 +0000 (10:05 +0000)]
mac_via: don't re-inject ADB response when switching to IDLE state
The current workaround for the Linux ADB state machine in kernels < 5.6 switching
the VIA back to IDLE state between send and receive modes is to re-inject the
first byte of the response in the IDLE state, and then force the state machine
into generating an autopoll reply.
In fact what is happening is much simpler: analysis of traces from a real Quadra
suggest that the existing data is returned as the first autopoll response rather
than generating an immediate response starting whilst still in IDLE state.
Update the ADB receive code to work in the same way, which allows the re-injection
code to be completely removed from adb_via_receive() and for adb_via_poll() to
be simplified accordingly.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Message-Id: <20210311100505.22596-5-mark.cave-ayland@ilande.co.uk> Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Mark Cave-Ayland [Thu, 11 Mar 2021 10:05:00 +0000 (10:05 +0000)]
mac_via: fix up adb_via_receive() trace events
The use of the post-increment operator on adb_data_in_index meant that the
trace-event was accidentally displaying the next byte in the incoming ADB
data buffer rather than the current byte.
Paolo Bonzini [Wed, 10 Mar 2021 15:38:48 +0000 (10:38 -0500)]
qemu-timer: allow freeing a NULL timer
Since 5f8e93c3e2 ("util/qemu-timer: Make timer_free() imply timer_del()", 2021-01-08)
it is not possible anymore to pass a NULL pointer to timer_free(). Previously
it would do nothing as it would simply pass NULL down to g_free().
Rectify this, which also fixes "-chardev braille" when there is no device.
Reported-by: Markus Armbruster <armbru@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Pavel Dovgalyuk [Wed, 10 Mar 2021 10:21:40 +0000 (13:21 +0300)]
hw/i8254: fix vmstate load
QEMU timer of channel 0 in i8254 is used to raise irq
at the specified moment of time. This irq can be disabled
with irq_disabled flag. But when vmstate of the pit is
loaded, timer may be rearmed despite the disabled interrupts.
This patch adds irq_disabled flag check to fix that.
Signed-off-by: Pavel Dovgalyuk <Pavel.Dovgalyuk@ispras.ru>
Message-Id: <161537170060.6654.9430112746749476215.stgit@pasha-ThinkPad-X280> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 9 Mar 2021 13:56:42 +0000 (14:56 +0100)]
scsi: fix sense code for EREMOTEIO
SENSE_CODE(LUN_COMM_FAILURE) has an ABORTED COMMAND sense key,
so it results in a retry in Linux. To ensure that EREMOTEIO
is forwarded to the guest, use a HARDWARE ERROR sense key
instead. Note that the code before commit d7a84021d was incorrect
because it used HARDWARE_ERROR as a SCSI status, not as a sense
key.
Reported-by: Marc-André Lureau <marcandre.lureau@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Denis Plotnikov [Fri, 12 Mar 2021 15:14:40 +0000 (18:14 +0300)]
configure: add option to explicitly enable/disable libgio
Now, compilation of util/dbus is implicit and depends
on libgio presence on the building host.
The patch adds options to manage libgio dependencies explicitly.
Signed-off-by: Denis Plotnikov <den-plotnikov@yandex-team.ru>
Message-Id: <20210312151440.405776-1-den-plotnikov@yandex-team.ru> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
For the sparse-mem device, we want the fuzzer to populate entire DMA
reads from sparse-mem, rather than hooking into the individual MMIO
memory_region_dispatch_read operations. Otherwise, the fuzzer will treat
each sequential read separately (and populate it with a separate
pattern). Work around this by rearranging some DMA hooks. Since the
fuzzer has it's own logic to skip accidentally writing to MMIO regions,
we can call the DMA cb, outside the flatview_translate loop.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The generic-fuzzer often provides randomized DMA addresses to
virtual-devices. For a 64-bit address-space, the chance of these
randomized addresses coinciding with RAM regions, is fairly small. Even
though the fuzzer's instrumentation eventually finds valid addresses,
this can take some-time, and slows-down fuzzing progress (especially,
when multiple DMA buffers are involved). To work around this, create
"fake" sparse-memory that spans all of the 64-bit address-space. Adjust
the DMA call-back to populate this sparse memory, correspondingly
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
For testing, it can be useful to simulate an enormous amount of memory
(e.g. 2^64 RAM). This adds an MMIO device that acts as sparse memory.
When something writes a nonzero value to a sparse-mem address, we
allocate a block of memory. For now, since the only user of this device
is the fuzzer, we do not track and free zeroed blocks. The device has a
very low priority (so it can be mapped beneath actual RAM, and virtual
device MMIO regions).
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
We have several scripts that help build reproducers, but no
documentation for how they should be used. Add some documentation
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Currently, bash and C crash reproducers are be built manually. This is a
problem, as we want to integrate reproducers into the tree, for
regression testing. This patch adds a script that converts a sequence of
QTest commands into a pasteable Bash reproducer, or a libqtest-based C
program. This will try to wrap pasteable reproducers to 72 chars, but
the generated C code will not have nice formatting. Therefore, the C
output of this script should be piped through an auto-formatter, such as
clang-format
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
I noticed that with a sufficiently small timeout, the fuzzer fork-server
sometimes locks up. On closer inspection, the issue appeared to be
caused by entering our SIGALRM handler, while libfuzzer is in it's crash
handlers. Because libfuzzer relies on pipe communication with an
external child process to print out stack-traces, we shouldn't exit
early, and leave an orphan child. Check for children in the SIGALRM
handler to avoid this issue.
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Acked-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Darren Kenny <darren.kenny@oracle.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
The device-type names for the pro100 network cards, are i8255.. We were
matching "eepro", which catches the PCI PIO/MMIO regions for those
devices, however misses the actual PCI device, which we use to map the
BARs, before fuzzing. Fix that
Signed-off-by: Alexander Bulekov <alxndr@bu.edu> Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
projects / thirdparty / qemu.git / log
