* make sure migration-tests get 0's (daniil)
Notice that this creates a checkpatch negative, everything on that
file is volatile, no need to add a comment.
* RDMA fix from li
* MAINTAINERS
Get peter and fabiano to become co-maintainers of migration
Get Entry fro migration-rdma for Li Zhijian
* Create field_exists() (peterx)
* Improve error messages (Tejus)
* tag 'migration-20231004-pull-request' of https://gitlab.com/juan.quintela/qemu:
migration: Unify and trace vmstate field_exists() checks
migration: file URI offset
migration: file URI
s390x/a-b-bios: zero the first byte of each page on start
i386/a-b-bootblock: zero the first byte of each page on start
i386/a-b-bootblock: factor test memory addresses out into constants
migration/rdma: zore out head.repeat to make the error more clear
migration: Add co-maintainers for migration
MAINTAINERS: Add entry for rdma migration
migration: Update error description outside migration.c
migration/vmstate: Introduce vmstate_save_state_with_err
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Wed, 4 Oct 2023 16:51:48 +0000 (12:51 -0400)]
Merge tag 'bsd-user-mmap-pull-request' of https://gitlab.com/bsdimp/qemu into staging
bsd-user mmap and exec branches from gsoc
This pull request represents the mmap and exec changes from Karim Taha
for his GSoC project.
They represent all the mmap and exec related system calls and get bsd-user to
the point that a dynamic hello-world works (at least for armv7).
There are a couple of patch check errors, but they are the lessor evil: I made
purposely bad style choices to ensure all the commits compiled (and i undid the
style choices in subsequent commits).
I pushed an earlier version to gitlab, and all but the riscv64 pipelines were
green. Since bsd-user doesn't change anything related to ricsv64 (there's no
support in qemu-project repo, though we do have it in the bsd-user fork: coming
soon).
I think this is good to go.
https://gitlab.com/bsdimp/qemu.git
Warner
# -----BEGIN PGP SIGNATURE-----
# Comment: GPGTools - https://gpgtools.org
#
# iQIzBAABCgAdFiEEIDX4lLAKo898zeG3bBzRKH2wEQAFAmUcpC4ACgkQbBzRKH2w
# EQDD9xAA3Rg0AnfnFrd+AoWRb/1/gOuO0v+dEGXj50qnGY8OmHeYtg3XecYPArBq
# EicZzL/OG7UZKMl5OfrmGP9tbr32yfeRUTe3AGGHfmnSb11q0yeSaEFZI7felLHj
# 9nlq4H/2EDRrY+7EnG1TWqtnuqDJAJf/7M0giiVxIk77XGX+USUNPOSG4NP/yc8E
# D5p2GN23pUsvnI0jBZkyP3gyeXVNCNG5+KobwqJM3r6OjEiTRmLEVBw98YzG12bh
# OY9ekMtVUKHi4Cvsf+2TtkDGRya0wX4uqm4UB1TtV1VUDoCWhYgEKBHp3ozCoVjB
# J+ygbx7/jNfY53cpgEpKUBFH7rnOq1yQQ+ad5Ap5hbp4j6WSvPwdp1N3RCnkZzd/
# L50VIaySd+P6enAgPO5Mbt3kMMVd/eDGhQDWdzNToIjyhXBb5hUNfumg9AgdEwTh
# rW/kKT39YLYWLO123hIJCy2CKU9nvoea9588ExkKb22v0ltrtDcAlWfCbZvZYxNN
# wRzh+MFBt7Cd/bqk7HaJ0J/YyPToqImoUjNuBnBSDPqZQP2H4U8v/FoICQ0mm5kR
# jZCmGLMEP1PiDlusjUjaW0iamHvXiSP8KEzaAbIxx5UUiTWTTkQm4CKY/xPxC9VQ
# 0ygJqJVrKHlNrAY9u6ggJAXtorVwmC55z4ZqIVQH6cbzUYFMuJU=
# =WpL4
# -----END PGP SIGNATURE-----
# gpg: Signature made Tue 03 Oct 2023 19:30:54 EDT
# gpg: using RSA key 2035F894B00AA3CF7CCDE1B76C1CD1287DB01100
# gpg: Good signature from "Warner Losh <wlosh@netflix.com>" [unknown]
# gpg: aka "Warner Losh <imp@bsdimp.com>" [unknown]
# gpg: aka "Warner Losh <imp@freebsd.org>" [unknown]
# gpg: aka "Warner Losh <imp@village.org>" [unknown]
# gpg: aka "Warner Losh <wlosh@bsdimp.com>" [unknown]
# gpg: WARNING: This key is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 2035 F894 B00A A3CF 7CCD E1B7 6C1C D128 7DB0 1100
* tag 'bsd-user-mmap-pull-request' of https://gitlab.com/bsdimp/qemu: (51 commits)
bsd-user: Add stubs for vadvise(), sbrk() and sstk()
bsd-user: Implement shmat(2) and shmdt(2)
bsd-user: Implement shmctl(2)
bsd-user: Implement shm_unlink(2) and shmget(2)
bsd-user: Implement shm_open(2)
bsd-user: Implement do_obreak function
bsd-user: Implement mincore(2)
bsd-user: Implment madvise(2) to match the linux-user implementation.
bsd-user: Implement mlock(2), munlock(2), mlockall(2), munlockall(2), minherit(2)
bsd-user: Implement msync(2)
bsd-user: Implement mprotect(2)
bsd-user: Implement mmap(2) and munmap(2)
bsd-user: Introduce bsd-mem.h to the source tree
bsd-user: Implement shmid_ds conversion between host and target.
bsd-user: Implement ipc_perm conversion between host and target.
bsd-user: Implement target_set_brk function in bsd-mem.c instead of os-syscall.c
bsd-user: Add bsd-mem.c to meson.build
bsd-user: Implement shm_rename(2) system call
bsd-user: Implement shm_open2(2) system call
bsd-user: Introduce freebsd/os-misc.h to the source tree
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'misc-pull-request' of https://gitlab.com/marcandre.lureau/qemu:
chardev/char-pty: Avoid losing bytes when the other side just (re-)connected
hw/display/ramfb: plug slight guest-triggerable leak on mode setting
hw/pc: remove needless includes
hw/core: remove needless includes
analyze-migration: ignore RAM_SAVE_FLAG_MULTIFD_FLUSH
ui/gtk: fix UI info precondition
win32: avoid discarding the exception handler
ui: add XBGR8888 and ABGR8888 in drm_format_pixman_map
ui/console: sanitize search in qemu_graphic_console_is_multihead()
ui/console: eliminate QOM properties from qemu_console_is_multihead()
ui/console: only walk QemuGraphicConsoles in qemu_console_is_multihead()
ui/console: make qemu_console_is_multihead() static
input: Allow to choose console with qemu_input_is_absolute
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Peter Xu [Wed, 6 Sep 2023 20:47:22 +0000 (16:47 -0400)]
migration: Unify and trace vmstate field_exists() checks
For both save/load we actually share the logic on deciding whether a field
should exist. Merge the checks into a helper and use it for both save and
load. When doing so, add documentations and reformat the code to make it
much easier to read.
The real benefit here (besides code cleanups) is we add a trace-point for
this; this is a known spot where we can easily break migration
compatibilities between binaries, and this trace point will be critical for
us to identify such issues.
For example, this will be handy when debugging things like:
https://gitlab.com/qemu-project/qemu/-/issues/932
Reviewed-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20230906204722.514474-1-peterx@redhat.com>
Steve Sistare [Fri, 8 Sep 2023 14:22:11 +0000 (07:22 -0700)]
migration: file URI offset
Allow an offset option to be specified as part of the file URI, in
the form "file:filename,offset=offset", where offset accepts the common
size suffixes, or the 0x prefix, but not both. Migration data is written
to and read from the file starting at offset. If unspecified, it defaults
to 0.
This is needed by libvirt to store its own data at the head of the file.
Suggested-by: Daniel P. Berrange <berrange@redhat.com> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <1694182931-61390-3-git-send-email-steven.sistare@oracle.com>
Steve Sistare [Fri, 8 Sep 2023 14:22:10 +0000 (07:22 -0700)]
migration: file URI
Extend the migration URI to support file:<filename>. This can be used for
any migration scenario that does not require a reverse path. It can be
used as an alternative to 'exec:cat > file' in minimized containers that
do not contain /bin/sh, and it is easier to use than the fd:<fdname> URI.
It can be used in HMP commands, and as a qemu command-line parameter.
For best performance, guest ram should be shared and x-ignore-shared
should be true, so guest pages are not written to the file, in which case
the guest may remain running. If ram is not so configured, then the user
is advised to stop the guest first. Otherwise, a busy guest may re-dirty
the same page, causing it to be appended to the file multiple times,
and the file may grow unboundedly. That issue is being addressed in the
"fixed-ram" patch series.
Signed-off-by: Steve Sistare <steven.sistare@oracle.com> Tested-by: Michael Galaxy <mgalaxy@akamai.com> Reviewed-by: Michael Galaxy <mgalaxy@akamai.com> Reviewed-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <1694182931-61390-2-git-send-email-steven.sistare@oracle.com>
s390x/a-b-bios: zero the first byte of each page on start
Same as with the x86 verison of this test, we relied on the contents of
all pages in RAM to be the same across the entire test range, which is
very fragile. Zero the first byte of each page before running the
increment loop to fix this.
Fixes: 5571dc824b ("tests/migration: Enable the migration test on s390x, too") Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20230919102346.2117963-4-d-tatianin@yandex-team.ru>
i386/a-b-bootblock: zero the first byte of each page on start
The migration qtest all the way up to this point used to work by sheer
luck relying on the contents of all pages from 1MiB to 100MiB to contain
the same one value in the first byte initially.
This easily breaks if we reduce the amount of RAM for the test instances
from 150MiB to e.g 110MiB since that makes SeaBIOS dirty some of the
pages starting at about 0x5dd2000 (~93 MiB) as it reuses those for the
HighMemory allocator since commit dc88f9b72df ("malloc: use large
ZoneHigh when there is enough memory").
This would result in the following errors:
12/60 qemu:qtest+qtest-x86_64 / qtest-x86_64/migration-test ERROR 2.74s killed by signal 6 SIGABRT
stderr:
Memory content inconsistency at 5dd2000 first_byte = cc last_byte = cb current = 9e hit_edge = 1
Memory content inconsistency at 5dd3000 first_byte = cc last_byte = cb current = 89 hit_edge = 1
Memory content inconsistency at 5dd4000 first_byte = cc last_byte = cb current = 23 hit_edge = 1
Memory content inconsistency at 5dd5000 first_byte = cc last_byte = cb current = 31 hit_edge = 1
Memory content inconsistency at 5dd6000 first_byte = cc last_byte = cb current = 70 hit_edge = 1
Memory content inconsistency at 5dd7000 first_byte = cc last_byte = cb current = ff hit_edge = 1
Memory content inconsistency at 5dd8000 first_byte = cc last_byte = cb current = 54 hit_edge = 1
Memory content inconsistency at 5dd9000 first_byte = cc last_byte = cb current = 64 hit_edge = 1
Memory content inconsistency at 5dda000 first_byte = cc last_byte = cb current = 1d hit_edge = 1
Memory content inconsistency at 5ddb000 first_byte = cc last_byte = cb current = 1a hit_edge = 1
and in another 26 pages**
ERROR:../tests/qtest/migration-test.c:300:check_guests_ram: assertion failed: (bad == 0)
Fix this by always zeroing the first byte of each page in the range so
that we get consistent results no matter the initial contents.
Fixes: ea0c6d62391 ("test: Postcopy") Signed-off-by: Daniil Tatianin <d-tatianin@yandex-team.ru> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Vladimir Sementsov-Ogievskiy <vsementsov@yandex-team.ru> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20230919102346.2117963-3-d-tatianin@yandex-team.ru>
Li Zhijian [Tue, 26 Sep 2023 10:01:03 +0000 (18:01 +0800)]
migration/rdma: zore out head.repeat to make the error more clear
Previously, we got a confusion error that complains
the RDMAControlHeader.repeat:
qemu-system-x86_64: rdma: Too many requests in this message (3638950032).Bailing.
Actually, it's caused by an unexpected RDMAControlHeader.type.
After this patch, error will become:
qemu-system-x86_64: Unknown control message QEMU FILE
Reviewed-by: Fabiano Rosas <farosas@suse.de> Reviewed-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Li Zhijian <lizhijian@fujitsu.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20230926100103.201564-2-lizhijian@fujitsu.com>
Peter Xu [Mon, 25 Sep 2023 13:34:41 +0000 (09:34 -0400)]
MAINTAINERS: Add entry for rdma migration
It's not obvious to many that RDMA migration is in Odd Fixes stage for a
long time. Add an explicit sub entry for it (besides migration, which
already covers the rdma files) to be clear on that, meanwhile add Zhijian
as Reviewer, so Zhijian can see the patches and review when he still has
the bandwidth.
Cc: Daniel P. Berrangé <berrange@redhat.com> Cc: Juan Quintela <quintela@redhat.com> Cc: Markus Armbruster <armbru@redhat.com> Cc: Zhijian Li (Fujitsu) <lizhijian@fujitsu.com> Cc: Fabiano Rosas <farosas@suse.de> Acked-by: Li Zhijian <lizhijian@fujitsu.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Peter Xu <peterx@redhat.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20230925133441.265455-1-peterx@redhat.com>
A few code paths exist in the source code,where a migration is
marked as failed via MIGRATION_STATUS_FAILED, but the failure happens
outside of migration.c
In such cases, an error_report() call is made, however the current
MigrationState is never updated with the error description, and hence
clients like libvirt never know the actual reason for the failure.
This patch covers such cases outside of migration.c and updates the
error description at the appropriate places.
Acked-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Tejus GK <tejus.gk@nutanix.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20231003065538.244752-3-tejus.gk@nutanix.com>
Currently, a few code paths exist in the function vmstate_save_state_v,
which ultimately leads to a migration failure. However, an update in the
current MigrationState for the error description is never done.
vmstate.c somehow doesn't seem to allow the use of migrate_set_error due
to some dependencies for unit tests. Hence, this patch introduces a new
function vmstate_save_state_with_err, which will eventually propagate
the error message to savevm.c where a migrate_set_error call can be
eventually done.
Acked-by: Peter Xu <peterx@redhat.com> Reviewed-by: Juan Quintela <quintela@redhat.com> Signed-off-by: Tejus GK <tejus.gk@nutanix.com> Signed-off-by: Juan Quintela <quintela@redhat.com>
Message-ID: <20231003065538.244752-2-tejus.gk@nutanix.com>
Warner Losh [Mon, 25 Sep 2023 18:27:09 +0000 (21:27 +0300)]
bsd-user: Add stubs for vadvise(), sbrk() and sstk()
The above system calls are not supported by qemu.
Signed-off-by: Warner Losh <imp@bsdimp.com> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-24-kariem.taha2.7@gmail.com>
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com>
Message-Id: <20230925182709.4834-23-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:27:07 +0000 (21:27 +0300)]
bsd-user: Implement shmctl(2)
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-22-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:27:06 +0000 (21:27 +0300)]
bsd-user: Implement shm_unlink(2) and shmget(2)
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-21-kariem.taha2.7@gmail.com>
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-19-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:27:03 +0000 (21:27 +0300)]
bsd-user: Implement mincore(2)
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-18-kariem.taha2.7@gmail.com>
Karim Taha [Mon, 25 Sep 2023 18:27:02 +0000 (21:27 +0300)]
bsd-user: Implment madvise(2) to match the linux-user implementation.
Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-17-kariem.taha2.7@gmail.com>
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-16-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:59 +0000 (21:26 +0300)]
bsd-user: Implement mprotect(2)
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182709.4834-14-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:58 +0000 (21:26 +0300)]
bsd-user: Implement mmap(2) and munmap(2)
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-13-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:57 +0000 (21:26 +0300)]
bsd-user: Introduce bsd-mem.h to the source tree
Preserve the copyright notice and help with the 'Author' info for
subsequent changes to the file.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-12-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:56 +0000 (21:26 +0300)]
bsd-user: Implement shmid_ds conversion between host and target.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-11-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:55 +0000 (21:26 +0300)]
bsd-user: Implement ipc_perm conversion between host and target.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org>
Message-Id: <20230925182709.4834-10-kariem.taha2.7@gmail.com>
Karim Taha [Mon, 25 Sep 2023 18:26:53 +0000 (21:26 +0300)]
bsd-user: Add bsd-mem.c to meson.build
Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182709.4834-8-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:50 +0000 (21:26 +0300)]
bsd-user: Introduce freebsd/os-misc.h to the source tree
To preserve the copyright notice and help with the 'Author' info for
subsequent changes to the file.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182709.4834-5-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:49 +0000 (21:26 +0300)]
bsd-user: Declarations for ipc_perm and shmid_ds conversion functions
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182709.4834-4-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:48 +0000 (21:26 +0300)]
bsd-user: Implement struct target_shmid_ds
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182709.4834-3-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:26:47 +0000 (21:26 +0300)]
bsd-user: Implement struct target_ipc_perm
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182709.4834-2-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:25 +0000 (21:24 +0300)]
bsd-user: Implement pdfork(2) system call.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Acked-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-29-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:24 +0000 (21:24 +0300)]
bsd-user: Implement rfork(2) system call.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-28-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:23 +0000 (21:24 +0300)]
bsd-user: Implement fork(2) and vfork(2) system calls.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-27-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:22 +0000 (21:24 +0300)]
bsd-user: Implement pdgetpid(2) and the undocumented setugid.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-26-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:21 +0000 (21:24 +0300)]
bsd-user: Implement setloginclass(2) and getloginclass(2) system calls.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-25-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:20 +0000 (21:24 +0300)]
bsd-user: Implement wait4(2) and wait6(2) system calls.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-24-kariem.taha2.7@gmail.com>
Karim Taha [Mon, 25 Sep 2023 18:24:19 +0000 (21:24 +0300)]
bsd-user: Implement execve(2) and fexecve(2) system calls.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-23-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:18 +0000 (21:24 +0300)]
bsd-user: Implement procctl(2) along with necessary conversion functions.
Implement t2h_procctl_cmd, h2t_reaper_status, h2t_reaper_pidinfo and h2t/t2h reaper_kill conversion functions.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-22-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:17 +0000 (21:24 +0300)]
bsd-user: Implement freebsd_exec_common, used in implementing execve/fexecve.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-21-kariem.taha2.7@gmail.com>
Karim Taha [Mon, 25 Sep 2023 18:24:16 +0000 (21:24 +0300)]
bsd-user: Implement get_filename_from_fd.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-20-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:15 +0000 (21:24 +0300)]
bsd-user: Implement getpriority(2) and setpriority(2).
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-19-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:14 +0000 (21:24 +0300)]
bsd-user: Add stubs for profil(2), ktrace(2), utrace(2) and ptrace(2).
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-18-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:13 +0000 (21:24 +0300)]
bsd-user: Implement get/set[resuid/resgid/sid] and issetugid.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-17-kariem.taha2.7@gmail.com>
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-16-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:11 +0000 (21:24 +0300)]
bsd-user: Implement getrlimit(2) and setrlimit(2)
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-15-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:10 +0000 (21:24 +0300)]
bsd-user: Implement getrusage(2).
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-14-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:09 +0000 (21:24 +0300)]
bsd-user: Implement umask(2), setlogin(2) and getlogin(2)
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-13-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:08 +0000 (21:24 +0300)]
bsd-user: Implement getgroups(2) and setgroups(2) system calls.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-12-kariem.taha2.7@gmail.com>
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-10-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:05 +0000 (21:24 +0300)]
bsd-user: Implement host_to_target_rusage and host_to_target_wrusage.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-9-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:04 +0000 (21:24 +0300)]
bsd-user: Implement target_to_host_rlim and host_to_target_rlim conversion.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-8-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:03 +0000 (21:24 +0300)]
bsd-user: Implement target_to_host_resource conversion function
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-7-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:02 +0000 (21:24 +0300)]
bsd-user: add extern declarations for bsd-proc.c conversion functions
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-6-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:01 +0000 (21:24 +0300)]
bsd-user: Add freebsd_exec_common and do_freebsd_procctl to qemu.h.
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-5-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:24:00 +0000 (21:24 +0300)]
bsd-user: Implement host_to_target_siginfo.
Used in wait6 system call
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-4-kariem.taha2.7@gmail.com>
Stacey Son [Mon, 25 Sep 2023 18:23:59 +0000 (21:23 +0300)]
bsd-user: Define procctl(2) related structs
Implement procctl flags and related structs:
struct target_procctl_reaper_status
struct target_procctl_reaper_pidinfo
struct target_procctl_reaper_pids
struct target_procctl_reaper_kill
Signed-off-by: Stacey Son <sson@FreeBSD.org> Signed-off-by: Karim Taha <kariem.taha2.7@gmail.com> Reviewed-by: Richard Henderson <richard.henderson@linaro.org> Reviewed-by: Warner Losh <imp@bsdimp.com>
Message-Id: <20230925182425.3163-3-kariem.taha2.7@gmail.com>
Stefan Hajnoczi [Tue, 3 Oct 2023 11:43:43 +0000 (07:43 -0400)]
Merge tag 'for-upstream' of https://gitlab.com/bonzini/qemu into staging
* fix from optionrom build
* fix for KVM on Apple M2
* introduce machine property "audiodev"
* ui/vnc: Require audiodev= to enable audio
* audio: remove QEMU_AUDIO_* and -audio-help support
* audio: forbid using default audiodev backend with -audiodev and -nodefaults
* remove compatibility code for old machine types
* make-release: do not ship dtc sources
* build system cleanups
* tag 'for-upstream' of https://gitlab.com/bonzini/qemu: (24 commits)
audio: forbid default audiodev backend with -nodefaults
audio: propagate Error * out of audio_init
vt82c686 machines: Support machine-default audiodev with fallback
hw/ppc: Support machine-default audiodev with fallback
hw/arm: Support machine-default audiodev with fallback
Introduce machine property "audiodev"
audio: remove QEMU_AUDIO_* and -audio-help support
audio: simplify flow in audio_init
audio: commonize voice initialization
audio: return Error ** from audio_state_by_name
audio: allow returning an error from the driver init
audio: Require AudioState in AUD_add_capture
ui/vnc: Require audiodev= to enable audio
crypto: only include tls-cipher-suites in emulators
scsi-disk: ensure that FORMAT UNIT commands are terminated
esp: restrict non-DMA transfer length to that of available data
esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux()
Makefile: build plugins before running TCG tests
meson: clean up static_library keyword arguments
make-release: do not ship dtc sources
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Thomas Huth [Wed, 16 Aug 2023 21:07:43 +0000 (23:07 +0200)]
chardev/char-pty: Avoid losing bytes when the other side just (re-)connected
When starting a guest via libvirt with "virsh start --console ...",
the first second of the console output is missing. This is especially
annoying on s390x that only has a text console by default and no graphical
output - if the bios fails to boot here, the information about what went
wrong is completely lost.
One part of the problem (there is also some things to be done on the
libvirt side) is that QEMU only checks with a 1 second timer whether
the other side of the pty is already connected, so the first second of
the console output is always lost.
This likely used to work better in the past, since the code once checked
for a re-connection during write, but this has been removed in commit f8278c7d74 ("char-pty: remove the check for connection on write") to avoid
some locking.
To ease the situation here at least a little bit, let's check with g_poll()
whether we could send out the data anyway, even if the connection has not
been marked as "connected" yet. The file descriptor is marked as non-blocking
anyway since commit fac6688a18 ("Do not hang on full PTY"), so this should
not cause any trouble if the other side is not ready for receiving yet.
With this patch applied, I can now successfully see the bios output of
a s390x guest when running it with "virsh start --console" (with a patched
version of virsh that fixes the remaining issues there, too).
Reported-by: Marc Hartmayer <mhartmay@linux.ibm.com> Signed-off-by: Thomas Huth <thuth@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
Message-Id: <20230816210743.1319018-1-thuth@redhat.com>
hw/display/ramfb: plug slight guest-triggerable leak on mode setting
The fw_cfg DMA write callback in ramfb prepares a new display surface in
QEMU; this new surface is put to use ("swapped in") upon the next display
update. At that time, the old surface (if any) is released.
If the guest triggers the fw_cfg DMA write callback at least twice between
two adjacent display updates, then the second callback (and further such
callbacks) will leak the previously prepared (but not yet swapped in)
display surface.
The issue can be shown by:
(1) starting QEMU with "-trace displaysurface_free", and
(2) running the following program in the guest UEFI shell:
We figured this wasn't a CVE-worthy problem, as only small amounts of
memory were leaked (the framebuffer itself is mapped from guest RAM, QEMU
only allocates administrative structures), plus libvirt restricts QEMU
memory footprint anyway, thus the guest can only DoS itself.
Plug the leak, by releasing the last prepared (not yet swapped in) display
surface, if any, in the fw_cfg DMA write callback.
Regarding the "reproducer", with the fix in place, the log is flooded with
trace messages (one per fw_cfg write), *and* the trace message alternates
between just two "surface" pointer values (i.e., nothing is leaked, the
allocator flip-flops between two objects in effect).
This issue appears to date back to the introducion of ramfb (995b30179bdc,
"hw/display: add ramfb, a simple boot framebuffer living in guest ram",
2018-06-18).
dpy_get_ui_info() shouldn't be called if the underlying GPU doesn't
support it.
Before the assert() was added and the regression introduced, GTK code
used to get "zero" UI info, for ex with a simple VGA device. The assert
was added to prevent from calling when there are no console too. The
other display backend that calls dpy_get_ui_info() correctly checks that
pre-condition.
Calling dpy_set_ui_info() is "safe" in this case, it will simply return
an error that can be generally ignored.
In all likelihood, the compiler with lto doesn't see the function being
used, from assembly macro __try1. Help it by marking the function has
being used.
Ken Xue [Thu, 14 Sep 2023 01:31:51 +0000 (09:31 +0800)]
ui: add XBGR8888 and ABGR8888 in drm_format_pixman_map
Android uses XBGR8888 and ABGR8888 as default scanout buffer, But qemu
does not support them for qemu_pixman_to_drm_format conversion within
virtio_gpu_create_dmabuf for virtio gpu.
so, add those 2 formats into drm_format_pixman_map.
Signed-off-by: Ken Xue <Ken.Xue@amd.com> Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Message-ID: <20230914013151.805363-1-Ken.Xue@amd.com>
ui/console: sanitize search in qemu_graphic_console_is_multihead()
qemu_graphic_console_is_multihead() declares the graphical console "c" a
"multihead" console if there are two different graphical consoles in the
system that (a) both reference "c->device", and (b) have different
"c->head" numbers. In effect, if at least two graphical consoles exist
that are different heads of the same device that underlies "c". In fact,
"c" may be one of these two graphical consoles, or "c" may differ from
both of those consoles (in case "c->device" has at least three heads).
The loop currently uses this awkward "two different consoles" approach
because the function used not to have access to "c", only to "c->device",
which didn't allow for fetching (and comparing) "c->head". But, we've
changed that in the last patch; we now pass all of "c" to
qemu_graphic_console_is_multihead().
Thus, look for the *first* (and possibly *only*) graphical console, if
any, that refers to the same "device" as "c", but by a different "head"
number.
ui/console: eliminate QOM properties from qemu_console_is_multihead()
According to Marc-André's and Gerd's descriptions, the "device" and
"head" members of QemuGraphicConsole are exposed as QOM properties for two
purposes:
(2) A VNC server can display a specific device + head. This lets us run a
multihead configuration by using multiple VNC servers (one for each
head).
Further, we can link input devices to device + head, so input events
are routed to different devices dependent on where they are coming
from. Which is most useful for tablet devices in a VNC multihead
setup, each head has its own tablet device then. This does requires
manual guest-side configuration, for establishing the same tablet <->
head relationship.
However, neither goal seems to justify the complicated QOM property lookup
that's internal to qemu_console_is_multihead().
Rework qemu_console_is_multihead() with plain old C language field
accesses.
ui/console: only walk QemuGraphicConsoles in qemu_console_is_multihead()
qemu_console_is_multihead() declares the console "c" a "multihead" console
if there are two different consoles in the system that (a) both reference
"c->device", and (b) have different "c->head" numbers. In effect, if at
least two consoles exist that are different heads of the same device that
underlies "c".
Commit 58d5870845c6 ("ui/console: move graphic fields to
QemuGraphicConsole", 2023-09-04) pushed the "device" and "head" members
from the QemuConsole base class down to the QemuGraphicConsole subclass,
adjusting the referring QOM properties accordingly as well. As a result,
the "device" property lookup in qemu_console_is_multihead() now crashes,
in case the candidate console being investigated for criterion (a) is not
a QemuGraphicConsole instance:
> Unexpected error in object_property_find_err() at qom/object.c:1314:
> qemu: Property 'qemu-fixed-text-console.device' not found
> Aborted (core dumped)
This is effectively an unchecked downcast. Make it checked: only consider
such console candidates that are themselves QemuGraphicConsole instances.
Starting from audio_driver_init, propagate errors via Error ** so that
audio_init_audiodevs can simply pass &error_fatal, and AUD_register_card
can signal faiure.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
[Reworked the audio/audio.c parts, while keeping Martin's hw/ changes. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Many machine types have default audio devices with no way to set the underlying
audiodev. Instead of adding an option for each and every one of them, this new
property can be used as a default during machine initialisation when creating
such devices.
Signed-off-by: Martin Kletzander <mkletzan@redhat.com>
[Make the property optional, instead of including it in all machines. - Paolo] Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Tue, 5 Sep 2023 09:41:05 +0000 (11:41 +0200)]
audio: remove QEMU_AUDIO_* and -audio-help support
These have been deprecated for a long time, and the introduction of
-audio in 7.1.0 has cemented the new way of specifying an audio backend's
parameters. However, there is still a need for simple configuration
of the audio backend in the desktop case; therefore, if no audiodev is
passed to audio_init(), go through a bunch of simple Audiodev* structures
and pick the first that can be initialized successfully.
The only QEMU_AUDIO_* option that is left in, waiting for a better idea,
is QEMU_AUDIO_DRV=none which is used by qtest.
Remove all the parsing code, including the concept of "can_be_default"
audio drivers: now that audio_prio_list[] is only used in a single place,
wav can be excluded directly in that function.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Mon, 25 Sep 2023 11:08:27 +0000 (13:08 +0200)]
ui/vnc: Require audiodev= to enable audio
If there is no audiodev do not send the audio ack in response to
VNC_ENCODING_AUDIO, so that clients aren't told audio exists, and
immediately drop the client if they try to send any audio control messages
when audio is not advertised.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Paolo Bonzini [Thu, 28 Sep 2023 07:49:15 +0000 (09:49 +0200)]
crypto: only include tls-cipher-suites in emulators
tls-cipher-suites is an object that is used to inject TLS configuration
into the guest (via fw_cfg). It is never used for host-side TLS
operation, and therefore it need not be available in the tools.
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Mark Cave-Ayland [Wed, 13 Sep 2023 20:44:10 +0000 (21:44 +0100)]
scsi-disk: ensure that FORMAT UNIT commands are terminated
Otherwise when a FORMAT UNIT command is issued, the SCSI layer can become
confused because it can find itself in the situation where it thinks there
is still data to be transferred which can cause the next emulated SCSI
command to fail.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Fixes: 6ab71761 ("scsi-disk: add FORMAT UNIT command") Tested-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230913204410.65650-4-mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Mark Cave-Ayland [Wed, 13 Sep 2023 20:44:09 +0000 (21:44 +0100)]
esp: restrict non-DMA transfer length to that of available data
In the case where a SCSI layer transfer is incorrectly terminated, it is
possible for a TI command to cause a SCSI buffer overflow due to the
expected transfer data length being less than the available data in the
FIFO. When this occurs the unsigned async_len variable underflows and
becomes a large offset which writes past the end of the allocated SCSI
buffer.
Restrict the non-DMA transfer length to be the smallest of the expected
transfer length and the available FIFO data to ensure that it is no longer
possible for the SCSI buffer overflow to occur.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk>
Resolves: https://gitlab.com/qemu-project/qemu/-/issues/1810 Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230913204410.65650-3-mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Mark Cave-Ayland [Wed, 13 Sep 2023 20:44:08 +0000 (21:44 +0100)]
esp: use correct type for esp_dma_enable() in sysbus_esp_gpio_demux()
The call to esp_dma_enable() was being made with the SYSBUS_ESP type instead of
the ESP type. This meant that when GPIO 1 was being used to trigger a DMA
request from an external DMA controller, the setting of ESPState's dma_enabled
field would clobber unknown memory whilst the dma_cb callback pointer would
typically return NULL so the DMA request would never start.
Signed-off-by: Mark Cave-Ayland <mark.cave-ayland@ilande.co.uk> Reviewed-by: Philippe Mathieu-Daudé <philmd@linaro.org> Reviewed-by: Thomas Huth <thuth@redhat.com>
Message-ID: <20230913204410.65650-2-mark.cave-ayland@ilande.co.uk> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
* tag 'migration-20231002-pull-request' of https://gitlab.com/juan.quintela/qemu:
migration/rdma: Simplify the function that saves a page
migration: Remove unused qemu_file_credit_transfer()
migration/rdma: Don't use imaginary transfers
migration/rdma: Remove QEMUFile parameter when not used
migration/RDMA: It is accounting for zero/normal pages in two places
migration: Don't abuse qemu_file transferred for RDMA
migration: Use qemu_file_transferred_noflush() for block migration.
migration: Refactor repeated call of yank_unregister_instance
migration-test: simplify shmem_opts handling
migration-test: dirtylimit checks for x86_64 arch before
migration-test: Add bootfile_create/delete() functions
migration-test: bootpath is the same for all tests and for all archs
migration-test: Create kvm_opts
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-shadow-2023-09-29' of https://repo.or.cz/qemu/armbru: (56 commits)
disas/m68k: clean up local variable shadowing
hw/nvme: Clean up local variable shadowing in nvme_ns_init()
softmmu/device_tree: Fixup local variables shadowing
target/riscv: vector_helper: Fixup local variables shadowing
target/riscv: cpu: Fixup local variables shadowing
hw/riscv: opentitan: Fixup local variables shadowing
qemu-nbd: changes towards enabling -Wshadow=local
seccomp: avoid shadowing of 'action' variable
crypto: remove shadowed 'ret' variable
intel_iommu: Fix shadow local variables on "size"
aspeed/timer: Clean up local variable shadowing
aspeed/i3c: Rename variable shadowing a local
aspeed: Clean up local variable shadowing
aspeed/i2c: Clean up local variable shadowing
hw/arm/smmuv3-internal.h: Don't use locals in statement macros
hw/arm/smmuv3.c: Avoid shadowing variable
hw/misc/arm_sysctl.c: Avoid shadowing local variable
hw/intc/arm_gicv3_its: Avoid shadowing variable in do_process_its_cmd()
hw/acpi: changes towards enabling -Wshadow=local
test-throttle: don't shadow 'index' variable in do_test_accounting()
...
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
Stefan Hajnoczi [Mon, 2 Oct 2023 18:42:17 +0000 (14:42 -0400)]
Merge tag 'pull-tricore-20230929' of https://github.com/bkoppelmann/qemu into staging
- Add FTOU, CRCN, FTOHP, and HPTOF insns
# -----BEGIN PGP SIGNATURE-----
#
# iQJTBAABCgA9FiEEbmNqfoPy3Qz6bm43CtLGOWtpyhQFAmUWb2sfHGtiYXN0aWFu
# QG1haWwudW5pLXBhZGVyYm9ybi5kZQAKCRAK0sY5a2nKFPn0D/0S+Zth2okyfe6H
# YdoFB49PWlcafIvZHr1TDswp3LvSDnrjHLJfEW1Gx3mtDkw+/7uid0eMTQ8sDlxJ
# t7spJdZDZ5dkm+9K5MzGkW0zo0jDY6kbS1A3HJRPcpJJJk4zBBL1K4KC1FBUD6IK
# 7n41f5vExgWhIhOgZmT9WTMbBfh73/+Cu8h6M9RAI1VI0O6N5jOETpKTBFsPOx+A
# Kd429cB1c9QeAj0iEXdMn2/Xg2cAII86jrOcYkLYltxir/r6Cia9hfp/F6OXpcZI
# QqKzn11djvbCCL7m9OXhuI3ZP+TIcX7QOabSstfghHlNG1qs/RkXwIRqKHsfRXNG
# nywBTjwIDSiZ4cbZVJ6OjXxbU9OBRkmDgh+SYEVMlFi4E+t3WeTMC8gxUsjfITpK
# JXFoduN2P0yKRjkWQ2OSQ7xX4StFPikXBH1eC8RNnW4IY00wMiJ0tM/0+j+qJLLM
# Ft/bceIZhnGs+axN0jF1EtR03uLZ0kmy3YqsH/KnBnufrag3ytpC/kAtl9Scd6m+
# N4pAT9cfgxqXv/yXAKGupoNPwPGvvSKV6XQTJt2Hn7PBadHWlvlBkgYqGIejpHDM
# x9EghA8o4q5rTu9zTqBv36bOHJEDbJhmq5dYqJTS/q1ORjnWQQsLxv+6XGN3wrbb
# OuexPdD8fH3mWrjeJJ3KDKojOYyGyg==
# =gUyL
# -----END PGP SIGNATURE-----
# gpg: Signature made Fri 29 Sep 2023 02:32:11 EDT
# gpg: using RSA key 6E636A7E83F2DD0CFA6E6E370AD2C6396B69CA14
# gpg: issuer "kbastian@mail.uni-paderborn.de"
# gpg: Good signature from "Bastian Koppelmann <kbastian@mail.uni-paderborn.de>" [unknown]
# gpg: WARNING: The key's User ID is not certified with a trusted signature!
# gpg: There is no indication that the signature belongs to the owner.
# Primary key fingerprint: 6E63 6A7E 83F2 DD0C FA6E 6E37 0AD2 C639 6B69 CA14
* tag 'pull-tricore-20230929' of https://github.com/bkoppelmann/qemu:
target/tricore: Change effective address (ea) to target_ulong
target/tricore: Remove CSFRs from cpu.h
tests/tcg: Reset result register after each test
hw/tricore: Log failing test in testdevice
tests/tcg/tricore: Extended and non-extened regs now match
target/tricore: Fix FTOUZ being ISA v1.3.1 up
target/tricore: Replace cpu_*_code with translator_*
target/tricore: Swap src and dst reg for RCRR_INSERT
target/tricore: Fix RCPW/RRPW_INSERT insns for width = 0
target/tricore: Implement hptof insn
target/tricore: Implement ftohp insn
target/tricore: Clarify special case for FTOUZ insn
target/tricore: Implement FTOU insn
target/tricore: Correctly handle FPU RM from PSW
target/tricore: Implement CRCN insn
tests/tcg/tricore: Bump cpu to tc37x
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
* tag 'pull-tcg-20230928' of https://gitlab.com/rth7680/qemu:
accel/tcg: Always require can_do_io
accel/tcg: Always set CF_LAST_IO with CF_NOIRQ
accel/tcg: Improve setting of can_do_io at start of TB
accel/tcg: Track current value of can_do_io in the TB
accel/tcg: Hoist CF_MEMI_ONLY check outside translation loop
accel/tcg: Avoid load of icount_decr if unused
Signed-off-by: Stefan Hajnoczi <stefanha@redhat.com>
projects / thirdparty / qemu.git / log
